Malware Analysis Report

2025-06-15 21:44

Sample ID 230413-xcjytsdd78
Target Mercurial.Grabber.v1.03 (2).rar
SHA256 3759744039346620e9613f40f90e8f318e5f54ad49c070e2bd23b667f7e65bf6
Tags
agilenet
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

3759744039346620e9613f40f90e8f318e5f54ad49c070e2bd23b667f7e65bf6

Threat Level: Shows suspicious behavior

The file Mercurial.Grabber.v1.03 (2).rar was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet

Obfuscated with Agile.Net obfuscator

Program crash

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-13 18:42

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-13 18:42

Reported

2023-04-13 18:45

Platform

win7-20230220-en

Max time kernel

130s

Max time network

33s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"

Signatures

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Mercurial.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Mercurial.exe

"C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"

Network

N/A

Files

memory/1976-54-0x0000000000E60000-0x000000000119A000-memory.dmp

memory/1976-55-0x0000000000270000-0x00000000002B0000-memory.dmp

memory/1976-56-0x0000000000920000-0x000000000093C000-memory.dmp

memory/1976-57-0x0000000000990000-0x00000000009B0000-memory.dmp

memory/1976-58-0x00000000009C0000-0x00000000009E0000-memory.dmp

memory/1976-59-0x00000000009E0000-0x00000000009F0000-memory.dmp

memory/1976-60-0x0000000000A00000-0x0000000000A14000-memory.dmp

memory/1976-61-0x0000000000BD0000-0x0000000000C3E000-memory.dmp

memory/1976-62-0x0000000000AF0000-0x0000000000B0E000-memory.dmp

memory/1976-63-0x0000000000C40000-0x0000000000C76000-memory.dmp

memory/1976-64-0x0000000000B80000-0x0000000000B8E000-memory.dmp

memory/1976-65-0x0000000000C80000-0x0000000000C8E000-memory.dmp

memory/1976-66-0x0000000005110000-0x000000000525A000-memory.dmp

memory/1976-67-0x0000000005310000-0x0000000005426000-memory.dmp

memory/1976-68-0x0000000000DF0000-0x0000000000E20000-memory.dmp

memory/1976-69-0x0000000005640000-0x0000000005648000-memory.dmp

memory/1976-70-0x0000000000270000-0x00000000002B0000-memory.dmp

memory/1976-71-0x0000000000270000-0x00000000002B0000-memory.dmp

memory/1976-72-0x0000000000270000-0x00000000002B0000-memory.dmp

memory/1976-73-0x0000000000270000-0x00000000002B0000-memory.dmp

memory/1976-74-0x0000000000270000-0x00000000002B0000-memory.dmp

memory/1976-75-0x0000000000270000-0x00000000002B0000-memory.dmp

memory/1976-76-0x0000000000270000-0x00000000002B0000-memory.dmp

memory/1976-77-0x0000000000270000-0x00000000002B0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-13 18:42

Reported

2023-04-13 18:45

Platform

win10v2004-20230220-en

Max time kernel

88s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\system32\WerFault.exe

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\TypedURLs C:\Users\Admin\AppData\Local\Temp\Mercurial.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Mercurial.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4136 wrote to memory of 5028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4136 wrote to memory of 5028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4136 wrote to memory of 5028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4136 wrote to memory of 5028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4136 wrote to memory of 5028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4136 wrote to memory of 5028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4136 wrote to memory of 5028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4136 wrote to memory of 5028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4136 wrote to memory of 5028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4136 wrote to memory of 5028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4136 wrote to memory of 5028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 2988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 2988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 4868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 1868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 1868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5028 wrote to memory of 1868 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Mercurial.exe

"C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.0.672882942\549766923" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d16e945a-1dac-431b-a0d4-d8321b30bac8} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 1900 25864fa7058 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.1.225527899\72324864" -parentBuildID 20221007134813 -prefsHandle 2288 -prefMapHandle 2284 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1620bc35-4580-4b0a-b8c5-5a6bc002e588} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 2300 25857072258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.2.188915880\1025932773" -childID 1 -isForBrowser -prefsHandle 3212 -prefMapHandle 3164 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f48a8b8-433b-4d31-a473-32ae6e3e08d2} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 3204 25867c2bb58 tab

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 444 -p 2684 -ip 2684

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.3.1365648903\1385011691" -childID 2 -isForBrowser -prefsHandle 2444 -prefMapHandle 1460 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {847808b5-ba70-453b-95a7-285f41a8d22c} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 1180 25857070158 tab

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2684 -s 784

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.4.175774374\1900555895" -childID 3 -isForBrowser -prefsHandle 4028 -prefMapHandle 4024 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86b996f5-4d16-45bc-96b3-dffce7e6534f} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 4040 25857062b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.6.2070782623\245701822" -childID 5 -isForBrowser -prefsHandle 4844 -prefMapHandle 4840 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c15fc72-0799-4b91-a7a9-625c6533e45c} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 4168 25869fa0d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.5.512329155\2122806798" -childID 4 -isForBrowser -prefsHandle 4720 -prefMapHandle 4676 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74e8aa09-028a-42f3-95b8-dee1eb893388} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 4732 25869efa658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.7.1900214323\745376227" -childID 6 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e90e9a27-4095-4814-a906-cb8b418aaf8a} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 5084 2586a523158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5028.8.752808240\1228733604" -childID 7 -isForBrowser -prefsHandle 3556 -prefMapHandle 1500 -prefsLen 26913 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91a9ba67-d9b3-468c-b127-6a3599d4a3dd} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" 3652 2585705be58 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 76.38.195.152.in-addr.arpa udp
US 8.8.8.8:53 133.17.126.40.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 52.152.108.96:443 tcp
N/A 127.0.0.1:49761 tcp
N/A 127.0.0.1:49768 tcp
US 8.8.8.8:53 140.145.190.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 35.160.145.179:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.117.65.55:443 autopush.prod.mozaws.net tcp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 239.237.117.34.in-addr.arpa udp
US 8.8.8.8:53 221.5.120.34.in-addr.arpa udp
US 8.8.8.8:53 150.9.241.35.in-addr.arpa udp
US 8.8.8.8:53 55.65.117.34.in-addr.arpa udp
US 8.8.8.8:53 179.145.160.35.in-addr.arpa udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 191.144.160.34.in-addr.arpa udp
US 20.42.65.90:443 tcp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
DE 172.217.23.206:443 plus.l.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.14:443 play.google.com udp
NL 142.250.179.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
NL 142.250.179.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.39.110:443 encrypted-tbn2.gstatic.com tcp
NL 142.251.39.110:443 encrypted-tbn2.gstatic.com tcp
NL 142.251.39.110:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
NL 142.251.39.110:443 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 151.122.125.40.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 ogs.google.com udp
NL 142.250.179.206:443 ogs.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
NL 142.250.179.206:443 www3.l.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
DE 172.217.23.195:443 ssl.gstatic.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
DE 172.217.23.195:443 ssl.gstatic.com udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 195.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 226.108.222.173.in-addr.arpa udp

Files

memory/3212-133-0x00000000002E0000-0x000000000061A000-memory.dmp

memory/3212-134-0x0000000005580000-0x0000000005B24000-memory.dmp

memory/3212-135-0x0000000005070000-0x0000000005102000-memory.dmp

memory/3212-136-0x0000000004FF0000-0x0000000004FFA000-memory.dmp

memory/3212-137-0x0000000004F60000-0x0000000004F70000-memory.dmp

memory/3212-139-0x0000000004F60000-0x0000000004F70000-memory.dmp

memory/3212-138-0x0000000004F60000-0x0000000004F70000-memory.dmp

memory/3212-140-0x0000000004F60000-0x0000000004F70000-memory.dmp

memory/3212-141-0x0000000004F60000-0x0000000004F70000-memory.dmp

memory/3212-142-0x0000000004F60000-0x0000000004F70000-memory.dmp

memory/3212-143-0x0000000004F60000-0x0000000004F70000-memory.dmp

memory/3212-144-0x0000000004F60000-0x0000000004F70000-memory.dmp

memory/3212-145-0x0000000004F60000-0x0000000004F70000-memory.dmp

memory/3212-146-0x0000000004F60000-0x0000000004F70000-memory.dmp

memory/3212-147-0x0000000004F60000-0x0000000004F70000-memory.dmp

memory/3212-148-0x0000000004F60000-0x0000000004F70000-memory.dmp

memory/3212-149-0x0000000004F60000-0x0000000004F70000-memory.dmp

memory/3212-150-0x000000000C400000-0x000000000C500000-memory.dmp

memory/3212-151-0x0000000004F60000-0x0000000004F70000-memory.dmp

memory/3212-152-0x000000000C400000-0x000000000C500000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js

MD5 feb8a52858c8167a58f36caa1b37f116
SHA1 7ae7f9d2721ae3c579f9e18e4fea679e8c848158
SHA256 adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a
SHA512 109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp

MD5 c81d0a2c74f7cf6ee945409dd3ad16e5
SHA1 8a7120d1faa01e0f18906b7d5f7ff086d9e63ecc
SHA256 7934304d5c03459d396435b161b51c0288d686bdd07cdaf7f0c7b6b42e5b2b1c
SHA512 73f5d9690d1444c2f8653feac154827a0eed21c25f0ed3ccc2a4a86c799cec9a1b9abbd24e9bc39d01046ea679a9862448755fa36fda44cfce9e23db49c5c8c0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

MD5 4fb78ef0d0e2ee5355392c36cf074920
SHA1 a96815a8dafa6b09734a00269df38c5584d2d379
SHA256 c7416541c41e6c55b79b6152ff6e12547285a6d679423dfd22d24d24ae3fdcd9
SHA512 aea4c78075d147f1cf58922fd5f1ce3970f972b5510efc2107caf1f6545cd7cb82bc647af164c1864e5c35e421f7599328763c49380e8c6734b33f11bedbf4e9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ee6a2c16a74e56daddfbb62f314be27f
SHA1 07f37b0f235f8a4093da10242fd0601c6460de84
SHA256 4404547ba021cf53c0ca85a4f68d7a4673e8be00c776088a85ac7b9d1b448a6a
SHA512 97ab12f3d29289ccefe1b2f135fa5e2c5fd332ceb7b4fbb64e9f70b27b2e444ca3ff6215d65cac6083b02f701c6e76d92b1df3cd97c03105cb9e8cb24e700d03

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

MD5 c54a3bb7033c44827afff74f5e9eb8c2
SHA1 19b878c0b7b72505fe0fa414162be62d913b953e
SHA256 08ab8a5155d5c160b2b736224538f9c4325ef8f14a2ea792b88c794026532d0b
SHA512 a00e95ecfdbd6f5286d50f7bbf93faa366dd9acf68fc8fab4966f126c073307d582bf9c6828955b940be060d7bc9588dd4d82cd24571312fd6b2164ce7848ce6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5238fba809b8f6d80837a944a050c4ba
SHA1 5a533e13751944511b0221b8cc8730c445a05164
SHA256 b71095865964de3cb132871bd03121fbf6a1d59a5d7fc9e8b4cc504facb087b0
SHA512 2eac80b815fbe2c0a1fcabee98bbab201255958bbc77bfae99854d033bd1e1a59fdc7de68b62495388a515895d2f8c9622a902631d42f9977641a30d536a1f56

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

MD5 9c99f34cd0346da44d80c3a32eb023f8
SHA1 b3562e3db876a4a9a1bc5bff0b6daa65c97938a0
SHA256 577622b0819cf7935a3c4ced5f1612f5ef79e9b668b91b266f3a962102b7a335
SHA512 f5230225f328be9dfd8c3142ebbad489e8ba3b8fd21042fe19b2610727a95db307d89ee8db7aad2214de0800fedc689839ce44d72949046d735ffd9d66b9528e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore.jsonlz4

MD5 3c7f7da096dc93ecf8346004fac93296
SHA1 5fa046fe3cebf1b6feb7c733520dd73204eaa691
SHA256 2023f199ddd82129c372025ba57def058005386cdbe7905db2a45bd3fafcaa08
SHA512 db7388c3320253b8da2faf7e05ca7b90b37c346ee61fdbe40652158b7078d0465aadfc1a0019904c7c6ee1ff10ecd7f27a56fda5d3cc3102d2d33a5821ddc820

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionCheckpoints.json.tmp

MD5 e6c20f53d6714067f2b49d0e9ba8030e
SHA1 f516dc1084cdd8302b3e7f7167b905e603b6f04f
SHA256 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092
SHA512 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf