Malware Analysis Report

2025-06-16 04:51

Sample ID 240204-g4e6ysbch9
Target 8e53f2489c9adbaa02db230f8395a0aa
SHA256 72ec93703d4e440114d578adf39f55d4f8933e76e62684e30923bfd93c1dd6cd
Tags
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

72ec93703d4e440114d578adf39f55d4f8933e76e62684e30923bfd93c1dd6cd

Threat Level: Likely benign

The file 8e53f2489c9adbaa02db230f8395a0aa was found to be: Likely benign.

Malicious Activity Summary


Drops file in Windows directory

Unsigned PE

Program crash

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Checks processor information in registry

Modifies registry class

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-04 06:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-04 06:21

Reported

2024-02-04 06:25

Platform

win10-20231215-en

Max time kernel

210s

Max time network

219s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8e53f2489c9adbaa02db230f8395a0aa.dll

Signatures

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\INF\netsstpa.PNF \??\c:\windows\system32\svchost.exe N/A
File created C:\Windows\INF\netrasa.PNF \??\c:\windows\system32\svchost.exe N/A

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\regsvr32.exe

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeCreatePagefilePrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A \??\c:\windows\system32\svchost.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 32 wrote to memory of 192 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 32 wrote to memory of 192 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 32 wrote to memory of 192 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1492 wrote to memory of 2700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1492 wrote to memory of 2700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1492 wrote to memory of 2700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1492 wrote to memory of 2700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1492 wrote to memory of 2700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1492 wrote to memory of 2700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1492 wrote to memory of 2700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1492 wrote to memory of 2700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1492 wrote to memory of 2700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1492 wrote to memory of 2700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1492 wrote to memory of 2700 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 2436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 2436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2700 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8e53f2489c9adbaa02db230f8395a0aa.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\8e53f2489c9adbaa02db230f8395a0aa.dll

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 192 -s 608

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\System32\SystemSettingsBroker.exe

C:\Windows\System32\SystemSettingsBroker.exe -Embedding

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localservice -s SstpSvc

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s RasMan

C:\Windows\System32\SystemSettingsBroker.exe

C:\Windows\System32\SystemSettingsBroker.exe -Embedding

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s RasMan

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2700.0.246661409\56843162" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1640 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4e3540d-f972-4dd1-892a-3cfc2f61c1bf} 2700 "\\.\pipe\gecko-crash-server-pipe.2700" 1764 1a8178d7558 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2700.1.78151064\961654116" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8e88d8c-c848-4d48-ad3e-bbe4fd0a5343} 2700 "\\.\pipe\gecko-crash-server-pipe.2700" 2120 1a817440358 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2700.2.1561002824\10378658" -childID 1 -isForBrowser -prefsHandle 2672 -prefMapHandle 2904 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c3b3c3d-e234-4e6a-b93e-67ae6b88fa4e} 2700 "\\.\pipe\gecko-crash-server-pipe.2700" 2928 1a81b9d6d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2700.3.381399486\82801388" -childID 2 -isForBrowser -prefsHandle 3296 -prefMapHandle 3260 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a46a65db-8c26-4d71-94f5-e4a3fe3afc5d} 2700 "\\.\pipe\gecko-crash-server-pipe.2700" 3488 1a81c721158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2700.4.1040933000\343032618" -childID 3 -isForBrowser -prefsHandle 3876 -prefMapHandle 3872 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2e91f22-b2e2-425c-ab9e-0d35fd72b6ca} 2700 "\\.\pipe\gecko-crash-server-pipe.2700" 3880 1a81cdc6458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2700.5.1986158966\899107581" -childID 4 -isForBrowser -prefsHandle 4688 -prefMapHandle 4656 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {10651896-ce8f-4703-b17f-b3580d735828} 2700 "\\.\pipe\gecko-crash-server-pipe.2700" 4696 1a81da7bc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2700.7.1270709548\225150846" -childID 6 -isForBrowser -prefsHandle 5028 -prefMapHandle 5032 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc3ed2b3-19ad-4dd8-b252-984d753813cd} 2700 "\\.\pipe\gecko-crash-server-pipe.2700" 5024 1a81da7a758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2700.6.1434563910\90117689" -childID 5 -isForBrowser -prefsHandle 4836 -prefMapHandle 4840 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a317f50-49a2-45db-8cf9-4ddf5110bd46} 2700 "\\.\pipe\gecko-crash-server-pipe.2700" 4828 1a81da79e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2700.8.1531283957\467618536" -childID 7 -isForBrowser -prefsHandle 2932 -prefMapHandle 2620 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a70cdcce-e7fd-4477-a7d8-05c5fe0001ad} 2700 "\\.\pipe\gecko-crash-server-pipe.2700" 3476 1a81cdc5858 tab

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

Network

Country Destination Domain Proto
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 127.0.0.1:49786 tcp
N/A 127.0.0.1:49792 tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 push.services.mozilla.com udp

Files

memory/192-0-0x0000000004610000-0x000000000486D000-memory.dmp

memory/192-1-0x0000000000A50000-0x0000000000A90000-memory.dmp

memory/192-2-0x0000000000A50000-0x0000000000A90000-memory.dmp

C:\Windows\INF\netrasa.PNF

MD5 80648b43d233468718d717d10187b68d
SHA1 a1736e8f0e408ce705722ce097d1adb24ebffc45
SHA256 8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380
SHA512 eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\datareporting\glean\db\data.safe.bin

MD5 9433e12c65ed76357477c109b930650e
SHA1 42bc57e227c2a3ad64c4549a36c16d9702505590
SHA256 c587945e9105e19e49f3574cf24144dc1272726a99cc7437a91eaa4d3499bf6c
SHA512 73211839a1726a1a57802613181c87113cefe766e3a537fbe1dd64ca2163f8a466706797ee4c63a737b96685d937626acf217ba977869a027c5d8f248cee8cba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\datareporting\glean\pending_pings\de87133a-900f-4f06-a3c8-09cb7a140801

MD5 0b10c36144343d077b43e2736625d496
SHA1 30ebd761a889e8c5e3591f63e775863d28b60227
SHA256 9d62b2ab6385456248e539432dd5aa749cd0c29a694a2e4f5118eef30599bd29
SHA512 b2148e1fcbe9fb8fdb3917943a6deed1444baf4111e14d0d80fc0c78ab5b98b7ccf6f430c76c901fb503b63574002f1f14c9e037364301b1a540a1cccb7a518a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\datareporting\glean\pending_pings\172bab67-f742-4187-af3b-1c4ef7db2acf

MD5 9e01d65c536fbc9a8730acad0341f59b
SHA1 1bd3235e67a6f83ad01004ef4e530d33d6c283b9
SHA256 8c5a289a199c7a10e22d61e7de228e3f4735458eb4e52b4244910b0ae01f2fe8
SHA512 7859715cc39881409869c4577b7de828714edafd32a3b101292c604f46765a9da34ab6a4167b0cf6b5c6fe3e5f7bfaa8f3a98d1b3418cd2adea3bf87e40000b7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d3e61b677da5dc7d565167a919b3bfea
SHA1 956bb2f67a073d2b6227f965ca6bbd92cd487a70
SHA256 2ee903a791b144b30a082d5e72e25db013d62c801f86dd3b3c444db8ca8ceee5
SHA512 eac2cf91c935d15453dd2bcf23e9cf9ec61ae3ba67e2819946b7953cad2637367f6775902b829b3e185c1ee4ca7137347a2c69294319073f322b8298abae555c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\prefs-1.js

MD5 bf74602c983eae79b976d7ccd24a1d21
SHA1 c771fc453da224e005a462da873a4928b7b1b0e0
SHA256 d0a851857d66bc8fb1e86d8dd9c1588356d1964850b3f7263d3281628436b05a
SHA512 c5088a5e063844d56e49b7befc01793644042f89bf1697a7f4fb889152ade07b44ee1a33db68cf5573aecacae24eb0e0684a0b145ef3c4ed5bb0341e781149b6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\prefs-1.js

MD5 86bbf5d50025a86db862e7e78fab5d26
SHA1 4e84c8465ddbca501e8f1013607d96f9750e000e
SHA256 641e1635b37937da9ea327ffc1562498cafcf491dc82341a06c432363c709a50
SHA512 689b4dff8e2ccc2ecb1e0bf6ecbfc6fee39b194651dbe522f33d9c0bef46673b991570173c53d17078a71533edcfb8351e3d687a20df4a4854b3d8b62257f274

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\sessionstore-backups\recovery.jsonlz4

MD5 499309aca9bd353f29a19fedfc1baafb
SHA1 e859214c5bd9fc035de95ccf4da8fc8d25fe911a
SHA256 f4e9127140f2a3651182d714bd31c5b7a523e3a8ba48b80181c945860956a3f2
SHA512 6a68b28357cb5ab5cfb17f4623f64e6b4bd3c5e38f8fa1f54bf8ded271cbd77c778f48b6695001681d7ef81141e3a57d8e4cf5a94046b800daaf7a107725ab58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\sessionstore-backups\recovery.jsonlz4

MD5 42f1f416b7ca604b4ed9e3ed7faed4a6
SHA1 93f35948ac86f7bec113566afc42ffae2101eda3
SHA256 93778633de12b83a91fe3833e0c392c2c67a7dcf9584981e48f6422fd51630dc
SHA512 41fcc469377a8949b475d237b77fb708d09a627240c15e306b6910d0c2292606fe88f482e7fe6ff802ef0b497ba6e2538e032c61113ec9527d248a2a1968e1eb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7sk8fjhx.default-release\prefs-1.js

MD5 070d8b1bd46b6fd7baf4ed95f92683a9
SHA1 1772a3eccfcac98d37af76f439e140974a6e45df
SHA256 41371f674a3892662dec1a536fa0ef4476707cb4ce9c9790662613297584ec0f
SHA512 c0390fdb2cd1182d4b91298adfb8a077b4bca9966254a7fc2ec60b19f56764ab5f6b68064590f62d9ca216521e3f9c88fb4ab83282f302b23f5918f5d24feef6