Malware Analysis Report

2025-08-10 12:05

Sample ID 240222-y1q8gsef7t
Target Setup_v_43.4.exe
SHA256 0c8392319b75bf41bc36b0b64476a6dcef65b3449fa93de6708d835fc680303f
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

0c8392319b75bf41bc36b0b64476a6dcef65b3449fa93de6708d835fc680303f

Threat Level: Shows suspicious behavior

The file Setup_v_43.4.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Modifies file permissions

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Checks processor information in registry

Modifies registry class

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 20:15

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 20:15

Reported

2024-02-22 20:19

Platform

win11-20240221-en

Max time kernel

210s

Max time network

215s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Setup_v_43.4.exe"

Signatures

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3852399462-405385529-394778097-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3852399462-405385529-394778097-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\Seturp v_43.4D.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2980 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\Setup_v_43.4.exe C:\Program Files\Java\jre-1.8\bin\javaw.exe
PID 2980 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\Setup_v_43.4.exe C:\Program Files\Java\jre-1.8\bin\javaw.exe
PID 1576 wrote to memory of 2712 N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe C:\Windows\system32\icacls.exe
PID 1576 wrote to memory of 2712 N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe C:\Windows\system32\icacls.exe
PID 3704 wrote to memory of 3136 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3704 wrote to memory of 3136 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3704 wrote to memory of 3136 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3704 wrote to memory of 3136 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3704 wrote to memory of 3136 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3704 wrote to memory of 3136 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3704 wrote to memory of 3136 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3704 wrote to memory of 3136 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3704 wrote to memory of 3136 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3704 wrote to memory of 3136 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3704 wrote to memory of 3136 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 4900 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 4900 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3136 wrote to memory of 3624 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Setup_v_43.4.exe

"C:\Users\Admin\AppData\Local\Temp\Setup_v_43.4.exe"

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath " org.develnext.jphp.ext.javafx.FXLauncher

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.0.1024630985\259016921" -parentBuildID 20221007134813 -prefsHandle 1772 -prefMapHandle 1764 -prefsLen 20669 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {866bb1c4-b1a6-400a-bd22-b924c836a181} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 1860 2bad71db558 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.1.884855627\1487608827" -parentBuildID 20221007134813 -prefsHandle 2228 -prefMapHandle 2224 -prefsLen 20705 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c994109-221a-4fe2-aae7-1cd44ee7a8f0} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 2240 2bacb1de558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.2.1672492034\1408007052" -childID 1 -isForBrowser -prefsHandle 3380 -prefMapHandle 3376 -prefsLen 20743 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f3361b3-0023-4d0e-a7fe-d0601a8baf99} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 3392 2badc4f0558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.3.513326558\1449131796" -childID 2 -isForBrowser -prefsHandle 2856 -prefMapHandle 3204 -prefsLen 25986 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c06ae17-416c-40a2-9e80-23fab90d1f81} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 2880 2bad99e8f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.4.311119841\576483307" -childID 3 -isForBrowser -prefsHandle 4468 -prefMapHandle 4464 -prefsLen 26045 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4086c129-90df-494b-87ea-4d81c8674ebc} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 4480 2bade04e058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.5.1263092324\1356630580" -childID 4 -isForBrowser -prefsHandle 1724 -prefMapHandle 4824 -prefsLen 26124 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f385d3e0-2a46-41e0-9d10-ed0bc9fb5290} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 5048 2bade9b5258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.6.790164960\778684073" -childID 5 -isForBrowser -prefsHandle 5192 -prefMapHandle 5196 -prefsLen 26124 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a222a81-04db-473a-99c4-60fdbe0c110a} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 5184 2bade9b7958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.7.1095651779\184764242" -childID 6 -isForBrowser -prefsHandle 5384 -prefMapHandle 5388 -prefsLen 26124 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d6da050-d8d3-454f-bf68-80c74ea920a7} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 5376 2badecc3558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.8.1789857464\655195532" -childID 7 -isForBrowser -prefsHandle 5832 -prefMapHandle 5828 -prefsLen 26283 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8a52d0f-a465-4d2b-801f-d7b3e01e83e3} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 5824 2bacb12e758 tab

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.9.204682791\1346133680" -childID 8 -isForBrowser -prefsHandle 5204 -prefMapHandle 5036 -prefsLen 26819 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4972c6e5-43ba-43b9-8e0d-69057093a3f4} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 5068 2bade036558 tab

Network

Country Destination Domain Proto
N/A 127.0.0.1:49758 tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 44.237.149.213:443 shavar.services.mozilla.com tcp
N/A 127.0.0.1:49765 tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 82.167.227.44.in-addr.arpa udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 172.67.139.105:80 goo.su tcp
US 172.67.139.105:80 goo.su tcp
US 172.67.139.105:443 goo.su tcp
US 172.67.139.105:443 goo.su udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 st.top100.ru udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
RU 81.19.89.18:443 kraken.rambler.ru tcp
RU 88.212.202.52:443 counter.yadro.ru tcp
RU 93.158.134.119:443 mc.yandex.com tcp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 81.19.89.17:443 kraken.rambler.ru tcp
RU 77.88.21.119:443 mc.yandex.com tcp
RU 81.19.89.17:443 kraken.rambler.ru tcp
US 74.112.186.144:443 app.box.com tcp
US 74.112.186.144:443 app.box.com udp
US 74.112.186.128:443 public.boxcloud.com tcp
US 74.112.186.128:443 public.boxcloud.com udp
US 74.112.186.128:80 public.boxcloud.com tcp
US 74.112.186.128:80 public.boxcloud.com tcp
US 74.112.186.128:443 public.boxcloud.com tcp
US 74.112.186.128:443 public.boxcloud.com udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 mc.yandex.ru udp

Files

memory/2980-0-0x0000000000400000-0x0000000000425000-memory.dmp

memory/1576-5-0x0000019A02440000-0x0000019A03440000-memory.dmp

memory/1576-13-0x0000019A02420000-0x0000019A02421000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 377979818dc73d23981de3925f0ae85d
SHA1 b2ae4257db80de164a0462a31f82a907be1b28a4
SHA256 7aa673f2a207f170be1ce65c2b3cb5b6603e07ce353e9c705592138f5ff0ac35
SHA512 b4dbb991541bed28c5b5d40be93d0340bedfd9cfcdc65a0d6832bd528039ab4364b62a55f9b8c3b648f1d398b6b806a9c30b896e4f329b72d98bb2552fb00345

memory/1576-15-0x0000019A02440000-0x0000019A03440000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6vr1qaxh.default-release\datareporting\glean\db\data.safe.bin

MD5 899a4d8e087c8c6d822b96d3aed2531b
SHA1 d852441a136a159fdde6ce3a4fbaaef62bd86456
SHA256 d83dfbe6d4710cbb34866646d2315d747f48c1c45491fc2179cafdb0300d6b9d
SHA512 bb7e5f368ab1c4872b48564b28dcfd17d22e2e8d8d9cd8a92f5563f0d1b9f4032225bcd2ea992ef389d72041232bb9042f9099eb033f64889a14c0bc6b747bc2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6vr1qaxh.default-release\datareporting\glean\pending_pings\d636f567-3cd7-4851-aa91-94f628b4674d

MD5 f30cdb8a326063d4b9e1ff8a05f09d4a
SHA1 b9a1d7043a236f11ef42fe79e400ec8f294603dd
SHA256 2b2816bdf90fbd41bfaec925507b828f99ff8ba145cc10b4c6415473744062c8
SHA512 1e0c3a9f7e69e1645eae47c1b256d03e376f33347b00e4f8912a8a359076c476730928bfd865f99b08100fc54b17533a9f08b0561ac05e8c0488b8e114bac9ec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6vr1qaxh.default-release\datareporting\glean\pending_pings\8e85a79c-3f95-4185-84ac-19fe65dbe570

MD5 1483e9d1bbe1f3e95323fe3ec6abf81e
SHA1 7e4353694a28e94d39a99d68ab3e80ee645b40c4
SHA256 95c3f0fd7af0cef8512af435e093db497b7bb24cfdc9f540d7a5111f55efcef5
SHA512 97c837a88a05364e67f17b95aa38ed705e064e13657bfe1b1cf54e04ffd9e80bb2bd71fa3d98e4bc07237cd6af238bb1e6856cee051406108da9fd34aac3a9e4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6vr1qaxh.default-release\prefs-1.js

MD5 0026f04806b5b82c3cf8b2f4dc6c40cf
SHA1 4ca2e8d948246deda3259f4b967db81f0707b579
SHA256 7551480609cb1edf3a8780af851a014c693561d549769ebc30977c91a38b00ba
SHA512 170506f4c09268c38fb17b6c5771c3d8975c141760e61e9348e082915a15dc0c3337975c10dc20b9cf5ec73ba8fc7c4b87dfe3bb2ec5ed37a712be1cf9fa12d0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6vr1qaxh.default-release\sessionstore-backups\recovery.jsonlz4

MD5 cae9a1669f473c09b83459e8276b8d92
SHA1 052144a3acb5b2a26899873d96d7316d12014a55
SHA256 0e50f57f9f44597eda016aff8d805dd02cd8aa6cc77c4991e8aa19f12b10257b
SHA512 750108d4f4f2005663a9c2c1c2e5f2d51c98ba79d7a30a551a1d2b806a06e1a115236a43dc802725daad3b67d6312a5a3a9486909a7f9e177cb70cc8a78ffa59

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6vr1qaxh.default-release\prefs-1.js

MD5 f8090e33624edd1cc6e84649f067fcb7
SHA1 8ca4f7c9946ced67eff18136a319e1aa60b709aa
SHA256 f36325cc8d16503ef19ac6325af2c1f4273c0d0610f67be8ed42b5bcc7a76901
SHA512 f6311061e62ecd4393e3f4458a5c64dc3f5ae6d4831d6428a4c0f9aa4d7d31bfd3a3d5e085a6cb7206ffb51a56379e374c5737df3334bcd4087a6f2deea126dd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6vr1qaxh.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e02512bbd41d8cc5a7647d89ace5c154
SHA1 83eee1543eb39088443874fba49ffb6435d66854
SHA256 4f3d9ee2cd173b04714660377dd32eb70c5f2197938c9923a3da3f8d1b6f7a5c
SHA512 69c7387efda1303d81c88b99a7dbbc27203d4671bb733b9983795e2fb46f3f3c81f1a10fbd754c49ace707b322429a287af1235ee26b7cab29f32dbdc6990a6a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6vr1qaxh.default-release\prefs-1.js

MD5 03439b58270f35cbc865d1dd34b7645a
SHA1 d3eaf10a05822e5ad7c3c59b1f27a72c6b6be2e7
SHA256 bcd380bcd3bb7ce024d8948b2b6eedf11f78cf7a8a6b941246886538e68b3591
SHA512 78e34c7f7fb98c1c0dec90ab15583cfb50ff829ee3ef6495ace3a8a9e80149c651351df5435e34e688d6d9d7837dd9ee2cdd6d38ee719e5ba56a20f2a2d06163

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6vr1qaxh.default-release\cache2\entries\AE92BDA175417F9C0FABF3F0E3394C826723AC5D

MD5 7d6948912b4e7632d8a72ad2d304e913
SHA1 e5ee7cdb289aaeced3da158ec2aaf2f129a6f257
SHA256 81c10731958c057b7af65529acf34d1ca44d4093abdbac415acae4d69287b2f2
SHA512 0a2b480c268df23991c218e8857067e91575dad08aed792b8fe6922183912035189ab50f0a0133c05bcfa8e4599850f7aeafa2cc22363bc369167b10a461f429

C:\Users\Admin\Downloads\Seturp v_43.HLkI-s2D.4D.zip.part

MD5 5a7ac28c8df452254d058cc1ef77671a
SHA1 63c534913347ece74348ecc174f8dd1d761e2dc5
SHA256 cbff66ae1ff672c8d5f1ec362020d679d679c91ca2b6af6ad30c6b29194af8d9
SHA512 0f4ce808181f57c6ea86e0b50b3980324a032b43edbfedb8a7fac1b6f6be941156173c767f773ec92d3ccd2d00a60f25e4ed9543f2b87f89b6ef880d5d11d689

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6vr1qaxh.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bf19401fc46eb10d7f2df3f3243b9df3
SHA1 5b223fdcce262256663483256d021a06bcbbeb88
SHA256 c4aa4885f5670058bd7e3b85a7b78b083672b7a6101662e6ea69fe180e4e80fe
SHA512 c2fad6a75df405a58ad4e8e02ce130e51acfd92a735f59b2cd1ec61fcba17d55a9297e6caabbec38465e541002b9cd9e82a6c7cfa6aab4243774fcf6e170dd42

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6vr1qaxh.default-release\sessionstore-backups\recovery.jsonlz4

MD5 16c04b62752a167fd95fb6765aebb49f
SHA1 9c13f64e322e32715777322618e59b29bba189b3
SHA256 f9b76d8ca0bedfa93a90b8c50a2aaf749e30caa2fe13a8e5ea7f65f76de38107
SHA512 546c2eb1bcc02e21eed72b07a638da66d0e88b6f2a2287a0409aaef6bd1762fa7280ba7e2528f482de1ceee0f22a39f567c0991d760a287eaf6fa2b4491e9526

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 d787e644a5c87ff0d529178be370af85
SHA1 1cc3e85b27bb7a602becada3674e2ca3f06cd674
SHA256 609b79e146732b2231318bde6338788a61124f8d22841566ed27d563200bbb32
SHA512 9386d7ef12d90ef90816a80b4c5f6f6f6a840a0745d81aa8bb4e8ec773ca852107d4ff3ae81e4165d2e6695813121aff836404e0c2d29ea44f063a6cd55a02d0

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 5dd2e58c8cfaff1881ff7bc283ef1ddd
SHA1 0ae988c23106f1983d82c01cf135803a647a1697
SHA256 81aacd0916b4d7a8543a99621a36843406e301567f9248877efb1e804fe5ef71
SHA512 d509064e13ffcf45d2833a801195292a2ef0e0fa2f7065459023e8c778e30f1daa64382b9aef9eed5c2de3f0a229924b20d1b6246135c089e257d91bf714852f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6vr1qaxh.default-release\sessionstore-backups\recovery.jsonlz4

MD5 42c678b89cdec5846f6cf1d80a30f83d
SHA1 2d139b77bb7df4ef5e136b3ebe472121911d20c0
SHA256 6891676d84d54e073e934ee5df4c60fac5d112ad5590db832625cdc510764f8b
SHA512 9346b581d20a58ab86c22a2a339c698b2d98207c2d57176de5d3518fabb99f18e2ae6a99ce20098c361745a3597daace299468b74ceb9bdc973f5bf008fcfefd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6vr1qaxh.default-release\sessionstore-backups\recovery.jsonlz4

MD5 84435221d4ba625f19af21bf87498e8f
SHA1 d63fbd9615cc9aea3773e144035575d15f1a5da8
SHA256 e257dd5a070f74c7a5d5fa88c7d0734ce3e87d350450523631fd02b695e447b2
SHA512 adb8d387a048e8b9a4e8f77faaa3dfe87cca1ce144d979ac7cb60ba1b7a157908f83b9ba56e91a523c257d6bf50b79e3c1bf1f658924b26c67c7e9d4bdfba839