Analysis Overview
SHA256
3759744039346620e9613f40f90e8f318e5f54ad49c070e2bd23b667f7e65bf6
Threat Level: Shows suspicious behavior
The file Mercurial.Grabber.v1.03 (2).rar was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obfuscated with Agile.Net obfuscator
Program crash
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-04-13 18:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-04-13 18:42
Reported
2023-04-13 18:45
Platform
win7-20230220-en
Max time kernel
130s
Max time network
33s
Command Line
Signatures
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Mercurial.exe
"C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"
Network
Files
memory/1976-54-0x0000000000E60000-0x000000000119A000-memory.dmp
memory/1976-55-0x0000000000270000-0x00000000002B0000-memory.dmp
memory/1976-56-0x0000000000920000-0x000000000093C000-memory.dmp
memory/1976-57-0x0000000000990000-0x00000000009B0000-memory.dmp
memory/1976-58-0x00000000009C0000-0x00000000009E0000-memory.dmp
memory/1976-59-0x00000000009E0000-0x00000000009F0000-memory.dmp
memory/1976-60-0x0000000000A00000-0x0000000000A14000-memory.dmp
memory/1976-61-0x0000000000BD0000-0x0000000000C3E000-memory.dmp
memory/1976-62-0x0000000000AF0000-0x0000000000B0E000-memory.dmp
memory/1976-63-0x0000000000C40000-0x0000000000C76000-memory.dmp
memory/1976-64-0x0000000000B80000-0x0000000000B8E000-memory.dmp
memory/1976-65-0x0000000000C80000-0x0000000000C8E000-memory.dmp
memory/1976-66-0x0000000005110000-0x000000000525A000-memory.dmp
memory/1976-67-0x0000000005310000-0x0000000005426000-memory.dmp
memory/1976-68-0x0000000000DF0000-0x0000000000E20000-memory.dmp
memory/1976-69-0x0000000005640000-0x0000000005648000-memory.dmp
memory/1976-70-0x0000000000270000-0x00000000002B0000-memory.dmp
memory/1976-71-0x0000000000270000-0x00000000002B0000-memory.dmp
memory/1976-72-0x0000000000270000-0x00000000002B0000-memory.dmp
memory/1976-73-0x0000000000270000-0x00000000002B0000-memory.dmp
memory/1976-74-0x0000000000270000-0x00000000002B0000-memory.dmp
memory/1976-75-0x0000000000270000-0x00000000002B0000-memory.dmp
memory/1976-76-0x0000000000270000-0x00000000002B0000-memory.dmp
memory/1976-77-0x0000000000270000-0x00000000002B0000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-04-13 18:42
Reported
2023-04-13 18:45
Platform
win10v2004-20230220-en
Max time kernel
88s
Max time network
150s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WerFault.exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\TypedURLs | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Mercurial.exe
"C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.0.672882942\549766923" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d16e945a-1dac-431b-a0d4-d8321b30bac8} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 1900 25864fa7058 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.1.225527899\72324864" -parentBuildID 20221007134813 -prefsHandle 2288 -prefMapHandle 2284 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1620bc35-4580-4b0a-b8c5-5a6bc002e588} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 2300 25857072258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.2.188915880\1025932773" -childID 1 -isForBrowser -prefsHandle 3212 -prefMapHandle 3164 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f48a8b8-433b-4d31-a473-32ae6e3e08d2} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 3204 25867c2bb58 tab
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 444 -p 2684 -ip 2684
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.3.1365648903\1385011691" -childID 2 -isForBrowser -prefsHandle 2444 -prefMapHandle 1460 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {847808b5-ba70-453b-95a7-285f41a8d22c} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 1180 25857070158 tab
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2684 -s 784
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.4.175774374\1900555895" -childID 3 -isForBrowser -prefsHandle 4028 -prefMapHandle 4024 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86b996f5-4d16-45bc-96b3-dffce7e6534f} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 4040 25857062b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.6.2070782623\245701822" -childID 5 -isForBrowser -prefsHandle 4844 -prefMapHandle 4840 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c15fc72-0799-4b91-a7a9-625c6533e45c} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 4168 25869fa0d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.5.512329155\2122806798" -childID 4 -isForBrowser -prefsHandle 4720 -prefMapHandle 4676 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74e8aa09-028a-42f3-95b8-dee1eb893388} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 4732 25869efa658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.7.1900214323\745376227" -childID 6 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e90e9a27-4095-4814-a906-cb8b418aaf8a} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 5084 2586a523158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.8.752808240\1228733604" -childID 7 -isForBrowser -prefsHandle 3556 -prefMapHandle 1500 -prefsLen 26913 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91a9ba67-d9b3-468c-b127-6a3599d4a3dd} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 3652 2585705be58 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.38.195.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.17.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 52.152.108.96:443 | tcp | |
| N/A | 127.0.0.1:49761 | tcp | |
| N/A | 127.0.0.1:49768 | tcp | |
| US | 8.8.8.8:53 | 140.145.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 35.241.9.150:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 35.160.145.179:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.117.65.55:443 | autopush.prod.mozaws.net | tcp |
| US | 35.241.9.150:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | 239.237.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.9.241.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.65.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.145.160.35.in-addr.arpa | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 191.144.160.34.in-addr.arpa | udp |
| US | 20.42.65.90:443 | tcp | |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| DE | 172.217.23.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| DE | 172.217.23.206:443 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.39.110:443 | encrypted-tbn2.gstatic.com | tcp |
| NL | 142.251.39.110:443 | encrypted-tbn2.gstatic.com | tcp |
| NL | 142.251.39.110:443 | encrypted-tbn2.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | 110.39.251.142.in-addr.arpa | udp |
| NL | 142.251.39.110:443 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | 151.122.125.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| NL | 142.250.179.206:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| NL | 142.250.179.206:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| DE | 172.217.23.195:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| DE | 172.217.23.195:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.108.222.173.in-addr.arpa | udp |
Files
memory/3212-133-0x00000000002E0000-0x000000000061A000-memory.dmp
memory/3212-134-0x0000000005580000-0x0000000005B24000-memory.dmp
memory/3212-135-0x0000000005070000-0x0000000005102000-memory.dmp
memory/3212-136-0x0000000004FF0000-0x0000000004FFA000-memory.dmp
memory/3212-137-0x0000000004F60000-0x0000000004F70000-memory.dmp
memory/3212-139-0x0000000004F60000-0x0000000004F70000-memory.dmp
memory/3212-138-0x0000000004F60000-0x0000000004F70000-memory.dmp
memory/3212-140-0x0000000004F60000-0x0000000004F70000-memory.dmp
memory/3212-141-0x0000000004F60000-0x0000000004F70000-memory.dmp
memory/3212-142-0x0000000004F60000-0x0000000004F70000-memory.dmp
memory/3212-143-0x0000000004F60000-0x0000000004F70000-memory.dmp
memory/3212-144-0x0000000004F60000-0x0000000004F70000-memory.dmp
memory/3212-145-0x0000000004F60000-0x0000000004F70000-memory.dmp
memory/3212-146-0x0000000004F60000-0x0000000004F70000-memory.dmp
memory/3212-147-0x0000000004F60000-0x0000000004F70000-memory.dmp
memory/3212-148-0x0000000004F60000-0x0000000004F70000-memory.dmp
memory/3212-149-0x0000000004F60000-0x0000000004F70000-memory.dmp
memory/3212-150-0x000000000C400000-0x000000000C500000-memory.dmp
memory/3212-151-0x0000000004F60000-0x0000000004F70000-memory.dmp
memory/3212-152-0x000000000C400000-0x000000000C500000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js
| MD5 | feb8a52858c8167a58f36caa1b37f116 |
| SHA1 | 7ae7f9d2721ae3c579f9e18e4fea679e8c848158 |
| SHA256 | adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a |
| SHA512 | 109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | c81d0a2c74f7cf6ee945409dd3ad16e5 |
| SHA1 | 8a7120d1faa01e0f18906b7d5f7ff086d9e63ecc |
| SHA256 | 7934304d5c03459d396435b161b51c0288d686bdd07cdaf7f0c7b6b42e5b2b1c |
| SHA512 | 73f5d9690d1444c2f8653feac154827a0eed21c25f0ed3ccc2a4a86c799cec9a1b9abbd24e9bc39d01046ea679a9862448755fa36fda44cfce9e23db49c5c8c0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
| MD5 | 4fb78ef0d0e2ee5355392c36cf074920 |
| SHA1 | a96815a8dafa6b09734a00269df38c5584d2d379 |
| SHA256 | c7416541c41e6c55b79b6152ff6e12547285a6d679423dfd22d24d24ae3fdcd9 |
| SHA512 | aea4c78075d147f1cf58922fd5f1ce3970f972b5510efc2107caf1f6545cd7cb82bc647af164c1864e5c35e421f7599328763c49380e8c6734b33f11bedbf4e9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ee6a2c16a74e56daddfbb62f314be27f |
| SHA1 | 07f37b0f235f8a4093da10242fd0601c6460de84 |
| SHA256 | 4404547ba021cf53c0ca85a4f68d7a4673e8be00c776088a85ac7b9d1b448a6a |
| SHA512 | 97ab12f3d29289ccefe1b2f135fa5e2c5fd332ceb7b4fbb64e9f70b27b2e444ca3ff6215d65cac6083b02f701c6e76d92b1df3cd97c03105cb9e8cb24e700d03 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
| MD5 | c54a3bb7033c44827afff74f5e9eb8c2 |
| SHA1 | 19b878c0b7b72505fe0fa414162be62d913b953e |
| SHA256 | 08ab8a5155d5c160b2b736224538f9c4325ef8f14a2ea792b88c794026532d0b |
| SHA512 | a00e95ecfdbd6f5286d50f7bbf93faa366dd9acf68fc8fab4966f126c073307d582bf9c6828955b940be060d7bc9588dd4d82cd24571312fd6b2164ce7848ce6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5238fba809b8f6d80837a944a050c4ba |
| SHA1 | 5a533e13751944511b0221b8cc8730c445a05164 |
| SHA256 | b71095865964de3cb132871bd03121fbf6a1d59a5d7fc9e8b4cc504facb087b0 |
| SHA512 | 2eac80b815fbe2c0a1fcabee98bbab201255958bbc77bfae99854d033bd1e1a59fdc7de68b62495388a515895d2f8c9622a902631d42f9977641a30d536a1f56 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
| MD5 | 9c99f34cd0346da44d80c3a32eb023f8 |
| SHA1 | b3562e3db876a4a9a1bc5bff0b6daa65c97938a0 |
| SHA256 | 577622b0819cf7935a3c4ced5f1612f5ef79e9b668b91b266f3a962102b7a335 |
| SHA512 | f5230225f328be9dfd8c3142ebbad489e8ba3b8fd21042fe19b2610727a95db307d89ee8db7aad2214de0800fedc689839ce44d72949046d735ffd9d66b9528e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore.jsonlz4
| MD5 | 3c7f7da096dc93ecf8346004fac93296 |
| SHA1 | 5fa046fe3cebf1b6feb7c733520dd73204eaa691 |
| SHA256 | 2023f199ddd82129c372025ba57def058005386cdbe7905db2a45bd3fafcaa08 |
| SHA512 | db7388c3320253b8da2faf7e05ca7b90b37c346ee61fdbe40652158b7078d0465aadfc1a0019904c7c6ee1ff10ecd7f27a56fda5d3cc3102d2d33a5821ddc820 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionCheckpoints.json.tmp
| MD5 | e6c20f53d6714067f2b49d0e9ba8030e |
| SHA1 | f516dc1084cdd8302b3e7f7167b905e603b6f04f |
| SHA256 | 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092 |
| SHA512 | 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf |