quasar | hxxps://github[.]com/quasar/Quasar/releases/tag/v1[.]4[.]1

Analysis

max time kernel
1798s
max time network
1800s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-11-2024 14:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/quasar/Quasar/releases/tag/v1.4.1

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

127.0.0.1:4782

Mutex

f13b4b61-ee9a-4324-aaa6-b2cda2ebc0d4

Attributes

encryption_key
34C77F56C844F60EFCA646B4DEE463035B43EEC4
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
RtkAudUService64.exe
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3620-545-0x000001C846D70000-0x000001C846EA8000-memory.dmp	family_quasar
behavioral1/memory/3620-546-0x000001C8472B0000-0x000001C8472C6000-memory.dmp	family_quasar
C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe	family_quasar
behavioral1/memory/3836-663-0x0000000000170000-0x0000000000494000-memory.dmp	family_quasar

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Client-built.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	Client-built.exe

Executes dropped EXE 1 IoCs

Processes:

Client-built.exe

pid process

3836 Client-built.exe

pid	process
3836	Client-built.exe

Looks up external IP address via web service 7 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow	ioc
398	whatismyipaddress.com
774	whatismyipaddress.com
775	whatismyipaddress.com
777	whatismyipaddress.com
395	whatismyipaddress.com
396	whatismyipaddress.com
397	whatismyipaddress.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs
Adversaries may check for Internet connectivity on compromised systems.
discovery

Internet Connection Discovery
T1016.001

Processes:

PING.EXE

pid process

5712 PING.EXE

pid	process
5712	PING.EXE

Checks processor information in registry 2 TTPs 34 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies registry class 64 IoCs

Processes:

explorer.exefirefox.exeQuasar.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 = 7e003100000000006b59f67611004465736b746f7000680009000400efbe475917496b59f6762e00000068e101000000010000000000000000003e00000000002b9c38004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).bottom = "676"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 19002f433a5c000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0 = 66003100000000006b59077710005155415341527e312e3100004c0009000400efbe6b59f6766b5908772e000000593b020000000f000000000000000000000000000000a83625005100750061007300610072002000760031002e0034002e00310000001a000000	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\NodeSlot = "4"	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MinPos1280x720x96(1).y = "4294967295"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).left = "276"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Quasar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0	Quasar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\Quasar.v1.4.1.zip:Zone.Identifier firefox.exe
Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

5712 PING.EXE
Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence execution

Scheduled Task
T1053.005

Processes:

schtasks.exe

pid process

4352 schtasks.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

explorer.exe

pid process

1960 explorer.exe
Suspicious behavior: GetForegroundWindowSpam 4 IoCs

Processes:

Quasar.exeClient-built.exefirefox.exeexplorer.exe

pid process

3620 Quasar.exe
3836 Client-built.exe
2400 firefox.exe
1960 explorer.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\Quasar.v1.4.1.zip:Zone.Identifier	firefox.exe

pid	process
5712	PING.EXE

pid	process
4352	schtasks.exe

pid	process
1960	explorer.exe

pid	process
3620	Quasar.exe
3836	Client-built.exe
2400	firefox.exe
1960	explorer.exe

Suspicious use of AdjustPrivilegeToken 47 IoCs

Processes:

firefox.exeQuasar.exeClient-built.exefirefox.exefirefox.exe7zG.exe7zG.exe

description	pid	process
Token: SeDebugPrivilege	1932	firefox.exe
Token: SeDebugPrivilege	1932	firefox.exe
Token: SeDebugPrivilege	1932	firefox.exe
Token: SeDebugPrivilege	3620	Quasar.exe
Token: SeDebugPrivilege	3836	Client-built.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	632	firefox.exe
Token: SeDebugPrivilege	632	firefox.exe
Token: SeDebugPrivilege	632	firefox.exe
Token: SeDebugPrivilege	632	firefox.exe
Token: SeDebugPrivilege	632	firefox.exe
Token: SeDebugPrivilege	632	firefox.exe
Token: SeDebugPrivilege	632	firefox.exe
Token: SeRestorePrivilege	1988	7zG.exe
Token: 35	1988	7zG.exe
Token: SeSecurityPrivilege	1988	7zG.exe
Token: SeSecurityPrivilege	1988	7zG.exe
Token: SeRestorePrivilege	984	7zG.exe
Token: 35	984	7zG.exe
Token: SeDebugPrivilege	632	firefox.exe
Token: SeSecurityPrivilege	984	7zG.exe
Token: SeSecurityPrivilege	984	7zG.exe
Token: SeDebugPrivilege	632	firefox.exe
Token: SeDebugPrivilege	632	firefox.exe
Token: SeDebugPrivilege	632	firefox.exe
Token: SeDebugPrivilege	632	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

firefox.exeQuasar.exeexplorer.exefirefox.exefirefox.exe

pid	process
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
3620	Quasar.exe
1960	explorer.exe
3620	Quasar.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
1960	explorer.exe
1960	explorer.exe
1960	explorer.exe
1960	explorer.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exeQuasar.exefirefox.exefirefox.exeexplorer.exe

pid	process
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
3620	Quasar.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
632	firefox.exe
1960	explorer.exe
1960	explorer.exe
1960	explorer.exe
1960	explorer.exe
1960	explorer.exe
1960	explorer.exe
632	firefox.exe
632	firefox.exe
1960	explorer.exe

Suspicious use of SetWindowsHookEx 23 IoCs

Processes:

firefox.exeexplorer.exeQuasar.exeClient-built.exefirefox.exefirefox.exe

pid	process
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1932	firefox.exe
1960	explorer.exe
1960	explorer.exe
3620	Quasar.exe
3836	Client-built.exe
2400	firefox.exe
2400	firefox.exe
632	firefox.exe
3620	Quasar.exe
3620	Quasar.exe
1960	explorer.exe
1960	explorer.exe
1960	explorer.exe
1960	explorer.exe
1960	explorer.exe
1960	explorer.exe
1960	explorer.exe
1960	explorer.exe
3620	Quasar.exe
3620	Quasar.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 800 wrote to memory of 1932	800	firefox.exe	firefox.exe
PID 800 wrote to memory of 1932	800	firefox.exe	firefox.exe
PID 800 wrote to memory of 1932	800	firefox.exe	firefox.exe
PID 800 wrote to memory of 1932	800	firefox.exe	firefox.exe
PID 800 wrote to memory of 1932	800	firefox.exe	firefox.exe
PID 800 wrote to memory of 1932	800	firefox.exe	firefox.exe
PID 800 wrote to memory of 1932	800	firefox.exe	firefox.exe
PID 800 wrote to memory of 1932	800	firefox.exe	firefox.exe
PID 800 wrote to memory of 1932	800	firefox.exe	firefox.exe
PID 800 wrote to memory of 1932	800	firefox.exe	firefox.exe
PID 800 wrote to memory of 1932	800	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 1868	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 3352	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 3352	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 3352	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 3352	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 3352	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 3352	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 3352	1932	firefox.exe	firefox.exe
PID 1932 wrote to memory of 3352	1932	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/quasar/Quasar/releases/tag/v1.4.1"
1⤵
- Suspicious use of WriteProcessMemory
PID:800
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/quasar/Quasar/releases/tag/v1.4.1
  2⤵
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1888 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d9390c8-feb3-4839-9ca5-7e1cfe83087b} 1932 "\\.\pipe\gecko-crash-server-pipe.1932" gpu
    3⤵
    PID:1868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb101573-74b5-4507-9b72-5087917d9742} 1932 "\\.\pipe\gecko-crash-server-pipe.1932" socket
    3⤵
    - Checks processor information in registry
    PID:3352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3204 -childID 1 -isForBrowser -prefsHandle 3212 -prefMapHandle 3208 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aea41712-8b00-4bb7-93bf-555ffff9a711} 1932 "\\.\pipe\gecko-crash-server-pipe.1932" tab
    3⤵
    PID:2120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3660 -childID 2 -isForBrowser -prefsHandle 3664 -prefMapHandle 3676 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21d02887-3619-415a-aba8-99152687ab28} 1932 "\\.\pipe\gecko-crash-server-pipe.1932" tab
    3⤵
    PID:1968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4864 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4856 -prefMapHandle 4852 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33a28f58-1d45-4a2d-9819-9884c6a3d09e} 1932 "\\.\pipe\gecko-crash-server-pipe.1932" utility
    3⤵
    - Checks processor information in registry
    PID:1008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5472 -childID 3 -isForBrowser -prefsHandle 5464 -prefMapHandle 5468 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbcc2a0e-5a1a-4893-883a-65546d27ffb4} 1932 "\\.\pipe\gecko-crash-server-pipe.1932" tab
    3⤵
    PID:2044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5464 -childID 4 -isForBrowser -prefsHandle 5688 -prefMapHandle 5692 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec6cec1d-93b3-47cd-9e05-dc4ac05d7721} 1932 "\\.\pipe\gecko-crash-server-pipe.1932" tab
    3⤵
    PID:4880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5832 -childID 5 -isForBrowser -prefsHandle 5652 -prefMapHandle 5824 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e909cf47-969b-47fd-9d9a-fae84a95c62a} 1932 "\\.\pipe\gecko-crash-server-pipe.1932" tab
    3⤵
    PID:1320

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1576

C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3620
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" /select, "C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12"
  2⤵
  PID:2120

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1960
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" a -i#7zMap3362:116:7zEvent3883 -tzip -sae -- "C:\Users\Admin\Desktop\Quasar v1.4.1\clinbuildhosted.zip"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1988

C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe
"C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3836
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "RtkAudUService64.exe" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:4352
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /delete /tn "RtkAudUService64.exe" /f
  2⤵
  PID:5544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\n4sSaWQR5Y0S.bat" "
  2⤵
  PID:5648
- - C:\Windows\system32\chcp.com
    chcp 65001
    3⤵
    PID:5696
- - C:\Windows\system32\PING.EXE
    ping -n 10 localhost
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:5712

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3292
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 23680 -prefMapSize 244694 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6acca540-2651-4db2-a32f-da44406ec3b1} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" gpu
    3⤵
    PID:4836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2332 -parentBuildID 20240401114208 -prefsHandle 2316 -prefMapHandle 2312 -prefsLen 23680 -prefMapSize 244694 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {041da354-b1d1-4df1-8385-480efbe05069} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" socket
    3⤵
    - Checks processor information in registry
    PID:1616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3068 -childID 1 -isForBrowser -prefsHandle 3064 -prefMapHandle 3060 -prefsLen 24179 -prefMapSize 244694 -jsInitHandle 1392 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c57c931f-76ac-4da8-a450-ba4f2bb39247} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" tab
    3⤵
    PID:1388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4012 -childID 2 -isForBrowser -prefsHandle 3988 -prefMapHandle 3984 -prefsLen 29491 -prefMapSize 244694 -jsInitHandle 1392 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65a6aef2-80f8-4ced-93a6-78a889725304} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" tab
    3⤵
    PID:4100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4812 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3004 -prefMapHandle 4780 -prefsLen 29598 -prefMapSize 244694 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea7bee69-c799-4386-9e0e-1c54c4390853} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" utility
    3⤵
    - Checks processor information in registry
    PID:4684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -childID 3 -isForBrowser -prefsHandle 5312 -prefMapHandle 5308 -prefsLen 27452 -prefMapSize 244694 -jsInitHandle 1392 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5411e1cd-eb9b-46b9-a398-caad9c82ce5e} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" tab
    3⤵
    PID:4576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 5576 -prefMapHandle 5572 -prefsLen 27452 -prefMapSize 244694 -jsInitHandle 1392 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d0c1027-23d4-4ff7-b54f-d4ec3185ab6d} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" tab
    3⤵
    PID:4180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5728 -childID 5 -isForBrowser -prefsHandle 5468 -prefMapHandle 5472 -prefsLen 27452 -prefMapSize 244694 -jsInitHandle 1392 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76722327-f30b-4136-8c34-a557cd91b1c2} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" tab
    3⤵
    PID:2940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5984 -childID 6 -isForBrowser -prefsHandle 5884 -prefMapHandle 5868 -prefsLen 27452 -prefMapSize 244694 -jsInitHandle 1392 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cac5752-30f0-4f8c-9f37-976142295461} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" tab
    3⤵
    PID:3812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6244 -childID 7 -isForBrowser -prefsHandle 6216 -prefMapHandle 5396 -prefsLen 28018 -prefMapSize 244694 -jsInitHandle 1392 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85370357-357d-4583-8c07-146b8b6caa43} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" tab
    3⤵
    PID:4584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 8 -isForBrowser -prefsHandle 6284 -prefMapHandle 6268 -prefsLen 28239 -prefMapSize 244694 -jsInitHandle 1392 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {171c350f-3164-4bf8-9a50-b328e25d9658} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" tab
    3⤵
    PID:3868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6584 -parentBuildID 20240401114208 -prefsHandle 6476 -prefMapHandle 6608 -prefsLen 30773 -prefMapSize 244694 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6829b178-e733-4b39-8e9b-20be9ee7ffd3} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" rdd
    3⤵
    PID:1576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7084 -childID 9 -isForBrowser -prefsHandle 6376 -prefMapHandle 7092 -prefsLen 28239 -prefMapSize 244694 -jsInitHandle 1392 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8443ea8-129b-4560-b78b-52a941829874} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" tab
    3⤵
    PID:1932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6188 -childID 10 -isForBrowser -prefsHandle 7448 -prefMapHandle 6060 -prefsLen 28239 -prefMapSize 244694 -jsInitHandle 1392 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6891a83b-1ff8-4261-8927-f58b28640958} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" tab
    3⤵
    PID:3480

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2912
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1940 -parentBuildID 20240401114208 -prefsHandle 1868 -prefMapHandle 1844 -prefsLen 24856 -prefMapSize 245077 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b039dca4-40df-4aa8-9857-a6b7e717fe6c} 632 "\\.\pipe\gecko-crash-server-pipe.632" gpu
    3⤵
    PID:408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20240401114208 -prefsHandle 2292 -prefMapHandle 2288 -prefsLen 24856 -prefMapSize 245077 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86eda2b4-6ffc-4a4a-b600-46589cdca3c1} 632 "\\.\pipe\gecko-crash-server-pipe.632" socket
    3⤵
    PID:4904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2924 -childID 1 -isForBrowser -prefsHandle 3160 -prefMapHandle 3156 -prefsLen 25355 -prefMapSize 245077 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1491af50-cd8b-4b77-8766-c91147f4c44d} 632 "\\.\pipe\gecko-crash-server-pipe.632" tab
    3⤵
    PID:2816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4080 -childID 2 -isForBrowser -prefsHandle 4024 -prefMapHandle 4036 -prefsLen 30588 -prefMapSize 245077 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {778a80b7-71d9-460a-9268-ce2d35f9984e} 632 "\\.\pipe\gecko-crash-server-pipe.632" tab
    3⤵
    PID:536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4840 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4816 -prefMapHandle 4832 -prefsLen 30642 -prefMapSize 245077 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3900c140-f495-4e29-882b-dd039920b497} 632 "\\.\pipe\gecko-crash-server-pipe.632" utility
    3⤵
    - Checks processor information in registry
    PID:3092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5012 -childID 3 -isForBrowser -prefsHandle 5104 -prefMapHandle 5112 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72fd6d96-6bb4-4288-a858-efdaba1fc4cf} 632 "\\.\pipe\gecko-crash-server-pipe.632" tab
    3⤵
    PID:4048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5252 -childID 4 -isForBrowser -prefsHandle 5264 -prefMapHandle 5208 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcb5f48b-04f1-4a6a-affa-34a1f6ce4b2b} 632 "\\.\pipe\gecko-crash-server-pipe.632" tab
    3⤵
    PID:1692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5424 -childID 5 -isForBrowser -prefsHandle 5432 -prefMapHandle 5436 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24c908ff-9b13-40ea-825a-b2c285614120} 632 "\\.\pipe\gecko-crash-server-pipe.632" tab
    3⤵
    PID:892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6104 -childID 6 -isForBrowser -prefsHandle 6096 -prefMapHandle 6088 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ecf31c2-20ef-4398-84f9-20a4e12ef24a} 632 "\\.\pipe\gecko-crash-server-pipe.632" tab
    3⤵
    PID:5028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3748 -childID 7 -isForBrowser -prefsHandle 6112 -prefMapHandle 6124 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b0731e2-a2d7-42bc-92e8-05d3b8a0705b} 632 "\\.\pipe\gecko-crash-server-pipe.632" tab
    3⤵
    PID:3104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6360 -parentBuildID 20240401114208 -prefsHandle 6416 -prefMapHandle 6420 -prefsLen 30642 -prefMapSize 245077 -appDir "C:\Program Files\Mozilla Firefox\browser" - {966734a0-eb1d-4f96-8c4f-fd114395f106} 632 "\\.\pipe\gecko-crash-server-pipe.632" rdd
    3⤵
    PID:1704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6264 -childID 8 -isForBrowser -prefsHandle 6120 -prefMapHandle 6056 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03babb2e-9b15-4d01-a452-0938fd214592} 632 "\\.\pipe\gecko-crash-server-pipe.632" tab
    3⤵
    PID:392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5412 -childID 9 -isForBrowser -prefsHandle 5556 -prefMapHandle 6940 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {549fded8-a4ef-4fe2-98c4-1f789803593c} 632 "\\.\pipe\gecko-crash-server-pipe.632" tab
    3⤵
    PID:1800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6020 -childID 10 -isForBrowser -prefsHandle 3084 -prefMapHandle 5456 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32f83dae-bc50-41af-831c-2ff4648ff9c5} 632 "\\.\pipe\gecko-crash-server-pipe.632" tab
    3⤵
    PID:1548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6168 -childID 11 -isForBrowser -prefsHandle 7160 -prefMapHandle 5948 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0ce3f6c-4739-4b4e-8b71-e9412bbc2c97} 632 "\\.\pipe\gecko-crash-server-pipe.632" tab
    3⤵
    PID:3048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5816 -childID 12 -isForBrowser -prefsHandle 6348 -prefMapHandle 6292 -prefsLen 28027 -prefMapSize 245077 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ed00a48-e7fd-49c9-b9a3-1b94f36805e6} 632 "\\.\pipe\gecko-crash-server-pipe.632" tab
    3⤵
    PID:4992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7316 -childID 13 -isForBrowser -prefsHandle 7328 -prefMapHandle 7324 -prefsLen 28027 -prefMapSize 245077 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {539d1904-7347-4aa2-b653-38789d6d679d} 632 "\\.\pipe\gecko-crash-server-pipe.632" tab
    3⤵
    PID:2104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7456 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 7348 -prefMapHandle 7468 -prefsLen 30695 -prefMapSize 245077 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c86dff34-563b-4f57-a812-df7089bca130} 632 "\\.\pipe\gecko-crash-server-pipe.632" utility
    3⤵
    - Checks processor information in registry
    PID:3060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7220 -childID 14 -isForBrowser -prefsHandle 7440 -prefMapHandle 7868 -prefsLen 28027 -prefMapSize 245077 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d2b2cc0-675b-4e1c-895b-a34b165a5cf2} 632 "\\.\pipe\gecko-crash-server-pipe.632" tab
    3⤵
    PID:3440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8156 -childID 15 -isForBrowser -prefsHandle 8140 -prefMapHandle 8144 -prefsLen 28027 -prefMapSize 245077 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76b83375-11ad-4f86-becc-f64135dcbc79} 632 "\\.\pipe\gecko-crash-server-pipe.632" tab
    3⤵
    PID:1544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8008 -childID 16 -isForBrowser -prefsHandle 7888 -prefMapHandle 5920 -prefsLen 28027 -prefMapSize 245077 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6372f31-1555-4d46-a99d-35445cc6f061} 632 "\\.\pipe\gecko-crash-server-pipe.632" tab
    3⤵
    PID:2616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4952 -childID 17 -isForBrowser -prefsHandle 7528 -prefMapHandle 7232 -prefsLen 28027 -prefMapSize 245077 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c419088-4182-4780-afe5-d7b630291c7a} 632 "\\.\pipe\gecko-crash-server-pipe.632" tab
    3⤵
    PID:2100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7540 -childID 18 -isForBrowser -prefsHandle 7660 -prefMapHandle 8248 -prefsLen 28027 -prefMapSize 245077 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e29d59b5-8677-45a2-a547-5a29062e420c} 632 "\\.\pipe\gecko-crash-server-pipe.632" tab
    3⤵
    PID:3036

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap4393:116:7zEvent10575 -ad -saa -- "C:\Users\Admin\Desktop\Quasar v1.4.1\clinbuildhosted"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
b412e401ad64e50db5bf70d4413dbc44

SHA1
a2c3ebe5ef728ee16dddc439b41e4c6fd232ac93

SHA256
301823e5587029727e05e6caa4c802dd6fb59e22224469a47ccf79dbb5e44730

SHA512
8bdd2f0a8dc09ee743c6f3ce617c813e67e3d593bdc451c7dffec1ef558609e4ea03724e4185a891c09a1e52d1dd312e4ea36d130779925cdf71e4502e0c935a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\doomed\15880

Filesize
14KB

MD5
3cdbdcbf13ca95a9c4b95ac96b42b2a4

SHA1
514423556b4d2a2b0f77c44dbd50174bcaabb679

SHA256
ee02c244e2a0d2e70cd656ba595bb095ba06ce6df8a88f47b89b4986ea4be95c

SHA512
0bc8ec6439d5dc715f5780519ea03e0eadbb0d5b107a76e360e1bdda67fa038ac883d9ced934104d784adf48862ce84d170f4b311b1af96f1cecdb483c2b3494

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
9ac0c93d873a3d7d54041e8c1c364307

SHA1
149eb7580e3306a9261bc1c93ad1c32869aac8eb

SHA256
92dab882111c5813f77ddb1ea3b631e5c2808d08792540222a6ab6a09cd83c3e

SHA512
316dcc666b3a251001d6cf67c92bcd0a3b11236a11b28433b97fc54630a1668d766019ca0d5f25cbf7645b78f4929e6b03efafe8203a6ff9ec033125c846587a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\040E8FA698E4CCBEF6EB398BC91CA22941538451

Filesize
14KB

MD5
89e3853d5d72ca9bb73d16fb9f1554b9

SHA1
3d275ce6e3f3d5a3321233d4416000542135b529

SHA256
3fe3c101bc83a64754e64f655f018480c13f1ec04c7b3bff27e6d0a6a91ea577

SHA512
c67a33321657762d21cfc458f0ff1374d6f9cfdf65bb1a7409449e6014893e25a2cf155cb641bce907703fdd5ffbeb1d64b5ab136caa822ae712018ad15a5d44

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\0521CC4654678D7AAE5FA4C435BF1D1CDC8B70C8

Filesize
16KB

MD5
c2ae2df9b67aa78e28be5012af57993a

SHA1
a682799620763b6d978541009f99baffe359cf15

SHA256
debeba406480ae9cdfb25d8774aba3151158f5e2590be2dd435516003f12cc29

SHA512
338c8c2040c7f162f2e8289b352cd2d6d19ac17c3a34ffdd5fa38bdf5cbec189dffa337afcf998168ce51a944ccc5911f3ad1264032ecddafa3162f59485e426

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\052B3BA0935238D3FA7A9472ECCA588CC21104BA

Filesize
48KB

MD5
88e1afc8c691fcf9820b2881dc995935

SHA1
3b3c18f5652233f386bc20eacfdf37697273f147

SHA256
ec31fdcbacfec2baee0012334b284e7dae01ccbd70a65b7f53211b5123daaeda

SHA512
58f85504aa1e031e660b94615596f9b2c9c09e29215f74903b9a311ae36e37ca95b3bfdd17a769eca0ca4022c75e2201fa7ad02578131541e07677dcc75a144c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\057C1333DC628F967582E9B128DACDAF1994F084

Filesize
14KB

MD5
0df0bf7f473f4316fdc58605b0b39ccb

SHA1
808f0fbad0e97ac2d2bcb788ed95039e9dbaa36f

SHA256
56db01f2ecff4c891334349670ab9b9dbc6efa2d2284d0c552129c3549ebe4ce

SHA512
5cb4719f4008cd0268dc3fa91656162584969d7d7c034369e2b116d3304b7a94094e89df34df0e7beecacbef4281bc6a16d8043e6c27061698add697cd3feeec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\0A14640657965B8513D3F26C8B0E6802EF353192

Filesize
14KB

MD5
e02fe8ebaafa3b0eb7333e554cf5f1d3

SHA1
306a7864fc4c6043cecb0a5169e20cd659bab2dd

SHA256
a83db73c672a8d865bfe65f51dcb830a17f8d1c2c866ee8378c04a05c97437ac

SHA512
2b840bcc36cd4fe0b00f3086486823ede0d64b12a04512440489d6ecaaae291dd8b2f14b8dd72d55dc533bd342dbd12ebbe570a14471a88ac23d4258c3c6be34

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\0A7E7594E69C439CD52608F096A141AF3C4BD6DD

Filesize
16KB

MD5
92af0b2b451889256131e6003dbb96dd

SHA1
09750eeebe2444b99563ba2dac1deb455c43e813

SHA256
79da583997d6891a4e84e5b253256b67af77102d0c2ffa18501a3f11fa203946

SHA512
db897d66e2a7f571c341832a224c91e51e5b474bbf79fb36dec45f65f52429998fe1a914c204ba1a06a5d3bbf5340e78762fd40fc43fc05a2dc01cad0bedc916

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\1799FA68DF1D4B7363C7FF8B6FAB1BD11BB48287

Filesize
13KB

MD5
731bc58c68773cd43409c4642f4d12dd

SHA1
bf23a22d83e28d375d5a2c0866a39b835caaacc6

SHA256
fe0c126a2ad1173d20105811d2fa1c1aeacd13bf9529a18a624948dc39bc9517

SHA512
d561dc1f1987874683a0e8d68ac318bc33f3c7e1a40d2862593e3108cdbf1e32c1af36c0925598a3839b872b69c01cc5c90b1e84c169230baaf0e7ed142d58ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\1B46C8572BEFA8607BD3A0D28622AF3142E0BE6F

Filesize
20KB

MD5
53e270eadcfa112d8eb4d8d672d6153e

SHA1
978e46a311655ad3d97282d70cf8355e767e5205

SHA256
9883a922a40b24a68a89276386284ada42f65fbe42eeb8021d3c188c7df67191

SHA512
7647862ce69c2c26214cccdd89ee1b1d9fa0d7842c69cef0ae1ecd4291d8f97bdf516b3edc49fba5218706fb9a9675dbeea5195093ef76d11dc248432d44a848

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\1BAACC87E20392184398D4457610FD10EA048180

Filesize
14KB

MD5
f878bb5a764aba3319d20a4e23efeada

SHA1
a78081141165c35fc97ef3ffead73a1f59531c20

SHA256
2b536b65413141706f4105dd3c7d32ad84016d9bf9233fbe7fde8c5e10ed8f18

SHA512
a1a4d98b27bf201a94ed64ed684b94f901447a84bf98dad27003933834b93920e6000200e12772dfcd39ebef821d77882d16aceac708ce3f8f475d44b5ee9920

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\1C5C367DD3BED68F26DAE5DF384CBDC0ABC7810D

Filesize
39KB

MD5
a0ed69130c209982d58f6588380f79da

SHA1
41e6bb7c70fe3dba1dde555ea70a8ecc2916a978

SHA256
c4552c0dc5474eb45f8a0e681fcf6ee4af586975e9a5618705a5ce933259846b

SHA512
c7fc846a7a721a4663d2a5c049ca4824858648001166e57fe7ab60940eebbf10d8f1732b4309d35150662ef70a3783dab9bc48db8ec7a33060ca9df4ccb3e323

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\1CE35FCC261802AAE5C90EBC7454FD8DF8F051A6

Filesize
18KB

MD5
335973eee8ef8e9b9efdc9881b4897a0

SHA1
72c1c076b75dbfecb9de0b8f47b6413dc81f66b0

SHA256
0d84dda9b991455b8dfde00355191399c02c8a46879d1da34707cdf6d5ac47ac

SHA512
ca0dbdc9f2e00fce69d5add888b027cdbecfb95ec38a0682e4933ee14893a0813411c2bce7c745bbbb2a0acdca18a82893e0d93faf8e26f2b8bab5717d03aa8a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\1D52868987624849DB6BBFD502AADC6A5B458D0B

Filesize
16KB

MD5
ddaf3316f7d0882386956b6439ebaebe

SHA1
e4a7da07206da2e907f498a28b72608045abb0a6

SHA256
5a00d9b5958dead6741b868fdeaebf7ec132ba6ec19ddf8c42e43f93da913ab2

SHA512
583b6f8d7fb50a3232e303a6cd5b23247bf1c64e6c31566b5882663694e9f88d33e3267127229f4434f0e2d565741377c5511ddc1fd2cdb341f9d995f3ef4670

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\20B9D2D61CEBC2B22FC7199FC5370C8359CACD4B

Filesize
21KB

MD5
651466729af2916048bd3421c979b3a3

SHA1
209b6e9efa20f1a6f057982fd9c7a3c258106112

SHA256
4112fee881210ba7a42d4563cc9be9f73a657f4b92fad6690ef5069dd1d5b5de

SHA512
ed0eafbe7d5213ba1b7622d6ca0e2667e1c01e47539d07cb8fbef7a9bbfb08774b3cca396093164539bb49bf04ef7ca01b0f08db98c649a3ce1e3705235a382a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

Filesize
63KB

MD5
6893615225eaec68c1787458cb8a4062

SHA1
c6210c010f071811b640aa5596a38821e79a4e9f

SHA256
9e1d28cc4b029e10065d0931820087d8b02e7c8b0164f6be92da5a777bd1bfe2

SHA512
fbfa0d48b3264a87c1644782b7ec000ccca6d0f534084f0a4715fa7de2635181150dd55450a7bb581a252850b199459c045a4cc5b86c5b40d93f57e2bd02b25c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
ca5f10b81d174ef810d79f7d22581b06

SHA1
3a39a03c10759b8e173a34ce9ad8f847fea2a806

SHA256
6f33516c53b24ac8dcb1fe40bda1bb0fc7355d041b2150f1e7c8df1f1e7edf39

SHA512
67363bfab619894efb6d3e2366af496bccb2261496a5bfcffe2f70f04e9bdaa657bfa687809a7a593640cb4188c02a8c992d0d4b731b345e6fda7cfd815086cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\29A0D4C5DF568AB7B8ECE5545C463A02732496D2

Filesize
30KB

MD5
f762bfc332b61e0846d2ca76200ef61c

SHA1
5d0624710bac964f091c91ea2947391c27de867c

SHA256
faa9c347c6c2491d345f068953d694c3eb1be7b5b5d6eee472da8e05f6080924

SHA512
ef54e14c333e10e2e25e92111b5a7da3418e9efb5453c10c9db45db787d9531edc5d3c9f443d733e7f3f5ca38bd554cf1c0347599b4f2523c5a70983bc17d876

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\2CFCC364A7B2E7A8E9AB96BD93785B6E9759AA7A

Filesize
18KB

MD5
08d1aba9624548e743a3b3b7e8848753

SHA1
a52b0216d36e187d875b0c7cbcf8dd17cef5e4e8

SHA256
9611babdac190d688912d0708ad21136440b35eab3b2e300f775abb7e440abe5

SHA512
0bd03165d0b0fd7a2c11cb18f964d1c7a2120d71d82a4957a418a20317d159957d6574a2972f5bf4581d0bcef69a964dc3e81b7b07e2f8f2685870174b512d49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\2D8DC8A9FD7C7378A6F1E4A22F6614D2F586BC6A

Filesize
15KB

MD5
ebe5eab7d6eac2ed1009e65bc6870eb5

SHA1
341041ae0b1ef4ee37b3d3a759fac14edad9371c

SHA256
9d932e59d8cf03d7ac7f30c5ff82ce0395dfb53ac0b6073eee8a1b22d4928c7a

SHA512
a8ae764cfca2f96ae67eca1eddf12891ed0df24b19daf7ee88cf56bed3874977ca1756a85b2c2db397a15c695d2e7c5965cbf6d21e5ed1f46396eafb5f60d64f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\30AC9E9C28EC1FE2B05598F46EBAED7EC52CEEF8

Filesize
19KB

MD5
43a6b628d29b4443fdd02b11684c6354

SHA1
73fdae30e2cbd7a1255d68de6c181ad345e8a8f7

SHA256
9066407690c010280db43e885205335801763ff6d3fd6cf538095a0cc4d21b5f

SHA512
aac198ad88287a97125e4b90279e4b06b44daecd37baf86fd0a60744d757b44abeb357329bfb76ffbe98308344f5eef3b6172e9b00ec5fe2dd964a85528a5c4a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\3281DD4C79ACB61B312FD94931181EE61FD498DC

Filesize
13KB

MD5
3579ad52db7be1076eeadd08a4f47357

SHA1
c196999d82ebb2d8f6c8a2df556ef8d633bd25fe

SHA256
c1f7cb18588737d83c500de0eaed90da9c3086a7365a3b8a77a4720a75c1bec9

SHA512
5a8aef89fff29f9f333dd3c6f44335614af390db2cb56fbd1caa822ae32212cf8d5bc6631921456d9bbf7950190bb5a78d3571f2f19ebfe3a6391de9dc0076e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\386EAC11CA4B921A58AF901DCD97B7FA5108EE6F

Filesize
15KB

MD5
79576b5d88d2c858c536a3a5c83ce170

SHA1
7a14d525a120b116386d654692e0d05515ac60af

SHA256
3cc08489df42adfa56e10827f91693c700dacf195572bcafdd047e7b4ae5d920

SHA512
bf8621204527ca0b82833532d3fb4f19e57424b80ce65d81e562bbbec0232d641cae7f739206f93e6313b4dc10551781735ee8ea53165b90134df1e5ef189992

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\3930490DF197F2E8AA8F589EC09C30B6CF1E614F

Filesize
16KB

MD5
ede66d6da8fef7c538e992788230324a

SHA1
5986288cbbf2636b27a4ef4e7e85ead71b86e3a2

SHA256
1cf29ad5e91a8ccddb4d5d5b811296fa3f8e4cd37b4c84bbf77d1282ff77f6fe

SHA512
c166cbfd0595b5ec40b2e7bcad6b434a5a56705115d89726f7647587a743410b7990a8034d459cdbda4814288b3e10a794380ce7b37c56bd8f27df03af06416e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\3DDA16BC6DDABAD758EAAD1BB9028434BF62D323

Filesize
15KB

MD5
10b039b5fa20694e5ed3b12b83e15e2a

SHA1
db60fae69a03c5c933528b00503d4071124d1c8e

SHA256
18b95e40eba7bdf16b2982ebed88d8a1c7bf598762f2b052a6a7de52350907b5

SHA512
ffa8442a890a6a78cff7726c479b32e720a580d0b897af7ae7074ca7cd2195113e52b872f329d9c7278c85d51d66319151665e99eb13ddb29fdb06ac5b9fe824

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\3ED7BDB8AF45BEE9CC5969FBAA43A9E0BF86A632

Filesize
111KB

MD5
6c7ea8acb3cff47b9d000f395c6e8916

SHA1
c883e0c549a3b51ecec8354767a7c4a149de14d9

SHA256
4046164f5b24b55898c0e898a2e55313c0064f32e502adfc9841e8be8a6dc3a5

SHA512
c459cf1c788e7a0efebdc40d46f62210697c180e6df3ecf94f3a40e9c36ed7bb753827350b961df5932c57f2783b2efdfa5194332cde36b2a9bce0b217d62067

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\3F0747341C7888664C7C69F7D8D201BD8052A403

Filesize
9KB

MD5
51d48997a26dba094e1e0833c45407bf

SHA1
a9c1591ae910c174b3dfe09a3162a6f3121f7020

SHA256
f5b19d25f0f031936d5e35beb51e676fe8b4e70b0f5fb19356f91bef655260b2

SHA512
51cfbd697e35ec1d56d30b171bbe3d66c28ed35b07dc340fc20c8bee7fb95216ce94331c714dde90f967071f7f0365afa837a3a42d7ecf76919869fddec24e10

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\423716A53B278F0D19155081F89DE40B534D9D69

Filesize
31KB

MD5
3d682224de4cd2b49e8970a5ad0b1237

SHA1
9da45e6f9d22e4183d2eeb21657eb51bbd28b39d

SHA256
26bbbbb1e7ddeb759a19f578b5daa3d15a579acdc090fc157b780f640daf9a27

SHA512
2de81ce5df761cdb4b945901a7b7db77fa56a459fe1abab85c517e27da6eb051bc24da493defaa789d1fb29b803ac09b10268a1a8d1d267197a61b5fec137d49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\46F6ABC54D6B809AD9F00C0F6BE5552B5097C9BC

Filesize
13KB

MD5
6639c7d05997030ecf1110330ffee1e4

SHA1
7d79d13d6fae768b9ef405c67e832af02125ed23

SHA256
28219019cba1601039cfdc7d2565680e6509a184bfd3f50d8d61df69c4067d2a

SHA512
e24df9d74b25895f3d63de3f81e1630219c777ebcbf580e1bcf7e28e1f5719bf076e58579e066e1f1ae3e998279b77f0e7bb568bac3aefdc9423f63dfc3e5428

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\51B7F3E61A4958EF2CD262BAEEBBC1CF8785743E

Filesize
24KB

MD5
51858802cdfab92ba4c713233a0c0932

SHA1
3f8a9028a5381daaf304393a1aa6e26a1f36216b

SHA256
397c435985a26773cc22fc33a355659ce9ada54cbd23721175da85d7270f8517

SHA512
ee257774ab68b1069d5d74d637133f885b60ae6e5fcb61648ab90efcac4a0d30318533e951a618da5265e84c4055b326ee54266c968d4e3ec8525c270e5edd4c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\52E2B2D145D174DD26CB222B3A6D4F0253F5EFD2

Filesize
17KB

MD5
4d3381a7eaea7f7f49abb4e61a5a6348

SHA1
6d93e5884d32a8fd708e866753bff2dc4cd7ccc8

SHA256
373085e38b02b15c0d50116fce7743bd4467b6b5df8ddb27e06d31a0564c2fbc

SHA512
696c2c5b04f02d645cabcaf3985259862fa8f900f7fe4ece78ca5684b0f95ba012e5725613de7cd90d4b4f385ff728352828637f7f2101bdd42785ae0e311c5b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\5987E163C6B8AFFBC34127F2C5EF73B2408DD518

Filesize
11KB

MD5
51bec4d811f0b44e25f29ebda1093141

SHA1
18f578b0e12a7d05a0be5c1cb13b3e663778bf91

SHA256
fd511a76e99369d31335076a3472f98efe73bea4903b2f3f2cbcd2416fcc8d4d

SHA512
d43ce2d31029a97aea21f71089b09258e40b236298480c0627103e7acba5d913026eb0cbe78ce578fa72000acce8961abb8bddf25031a315751b5aed27a414f2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

Filesize
32KB

MD5
ac45921deb7f3f26c9872b451214d673

SHA1
b47cda01857e369d060223db5700609b349e4fec

SHA256
a082ccd9ab07ddc720d7b135829a45de3df58e05f5f6447d7ca9480730278768

SHA512
5d66983a4dd3a47f233cc9758c4680592cd77c39d1912de8718ddbfa30426dfdf4c99f7d6bb975c6544301f177df9dd945be2a30a8798e48312090c639b7a928

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
14KB

MD5
400d618c0d7fb09ef6885b08dc9eee26

SHA1
02b760f81919f8e677ce3a8f75dd154aef2b87c7

SHA256
4d0b76af15f5f000e06e2c9e1fdc828512895564e397b536b3385cbe6bfe37a4

SHA512
c21def15b369cf2b28ab67184c8cdcffeb328d0ddfeaa75a8de93d0da0809c558d2b4fcf9005344405f6d1b8f08151ee7672e9c28e7c48840274d7711ec83c45

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\6EC2AE770EFC3451D85A600B7DBCCE4A25142850

Filesize
224KB

MD5
31a4923c3fa3af37cd4f715053ca2853

SHA1
bfa5b5016c70f3da3b039d2dc6ea954b8003964c

SHA256
f8873d7e31380c81faf108a8c6aebbaaa2eabeced41587b59447920b6de008ab

SHA512
d5b4cf322c8ae0a18681c4467d5e9f43a0d49c7b5b568329a49ee5e33d4c74e00200a7177f8e6917b12a9e75f1088bc9fd05c3b3deeb9e760ee7e307d76fc959

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\8DF81ECE98D6DEC2320680C8EE12CF4A90AFD796

Filesize
28KB

MD5
de08dae9c818b2f92230abbe265504a7

SHA1
a53314272e53ae93d1558de53a68f1db5cea4811

SHA256
1ecb45069182c8a6a020b1a8913f9d67ac9bf77629d29e59a4a3197473bf4bec

SHA512
f591b92eea27f20d4fdd4d86e21f0ad1a2ba2f5c70bd17165028ab5febe53832871b88ed781a325b8fd4a9bb612bb7024aead71d03337c5916b6ae0476732cb4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\E2001B8FE6CE9A9AB2CCEEAD406A3054D94858ED

Filesize
30KB

MD5
fd1087adc2574a41ffd6a310a308e502

SHA1
aacc411803924040f7d03c90666ed153fb3a004c

SHA256
e300dc77a4126a043fd99833c03601b228ee3ea137427af6c6faf40d35a8b407

SHA512
44e07984e108732cc70f76ad6e0ba91fd32a57a5734fc8177508083c6177c9c22c9f32b0b7840dbb43a7b801a847096e40843fe6f3f95f8f5e31b50f10884a39

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\EB5DD0021C5A2C0667798B2EF5727F612CC79260

Filesize
11KB

MD5
387a5aa632886798f94aff74a1bd82cd

SHA1
d397e086e0cbcf9ab92ed72719c3e458aef7e688

SHA256
5ef66fe088a520d24ae39dfb143c5772df3fcedad96f0286a3c315c4e4180e90

SHA512
2fef7c7b24f87df5a587d9b131e0f047c0ba71847d77b7327705b85396fadeabef3bf1aff8e67faea4266f5b28133505eb2b5b4d4074acb0215becd76d5bf0fb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\ECE4ACE21D55A285A41D6CEADC85A33C6466DE8D

Filesize
76KB

MD5
2fac86835c5dc6edaff8ea91d87c3780

SHA1
b7fdbe6cbe7b7d051f36db903c81e3621df2b2ba

SHA256
b4418c91075933977b4bce4d66958e51cae713dc91a340f8d306fd5ce74ec007

SHA512
4363d399f3d122f953a42ce5920eda59599a007a6347cce9fcfbbdd7b314385a85f606a434e456f701147254e609db0675fde7021bf7581f503badd96f18572f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\F81120F86AC3A718773DBC6A128B9A1260DAEC57

Filesize
10KB

MD5
768c5f46feb1989e62717b5b0198c5cb

SHA1
8d7143ccc13b0b6ce395b769e5ed1724d16e6968

SHA256
2835d1023357a52214e35f240a94a773667b1bb1acb65865ced7eb426726b5db

SHA512
c6023e5f9f0fe888717c3b081c8e19ee1b223333d310a724833a86661d3aa80c5215d5b0ca456cd69c4ee44977495cfbbefc5e8b4affd25cc9e080e913968a6a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
13KB

MD5
f99b4984bd93547ff4ab09d35b9ed6d5

SHA1
73bf4d313cb094bb6ead04460da9547106794007

SHA256
402571262fd1f6dca336f822ceb0ec2a368a25dfe2f4bfa13b45c983e88b6069

SHA512
cd0ed84a24d3faae94290aca1b5ef65eef4cfba8a983da9f88ee3268fc611484a72bd44ca0947c0ca8de174619debae4604e15e4b2c364e636424ba1d37e1759

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\startupCache\scriptCache-child.bin

Filesize
469KB

MD5
15405b40b11396456243a08ab4c1f30d

SHA1
eda1aaf4281a3f6ac05af57ae91e37f6faf3048f

SHA256
2aa3c813af62320d33d79d971fe48ef775ff66a716658e428b043e2425e721b1

SHA512
e7aadce7de8ac6ca2243cfba8ab242ee6b7e7590445c4d8bee16d39cbfc2b74f0095230ba2bf70db70eede4a3cf1be98372bf79c3bb0db2826608a5da4520618

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\startupCache\scriptCache.bin

Filesize
8.9MB

MD5
9abe253ee7489216ca255a483e44d36b

SHA1
c2642b839bdfc11440b2978d8bcda611bc2fd7ef

SHA256
9965624622d60e11775e8078e6065e432a254949053d652b1ad56b7883ed8ccd

SHA512
6a9b26ae9e8762cef7c8098dbad4455caf33940a61ab2c9d3cdc72f09bc7219607c19c2bcfe7e3e58c2959efe74d912ebeeadfd92e3cb24c93b6598cbd4e0a8f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\startupCache\urlCache.bin

Filesize
3KB

MD5
d0f5b89169a45947c82b702d22e1e7d6

SHA1
5560ed7968406db18fdf034d3527e061cc718e15

SHA256
3fa58668d3a5806a319b3409520fb9bf49358ade181dbc81c6d4dcf87a8f026f

SHA512
518148321521ef0c024cb1bb6ac5ef7347cd96b56deeb125cc59abf4a2790558135d7bc97ddc70ea5c03c1e2cd9d8d56e2d9c5d8e03e3769cff0cd18cd74e46a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
109296395499eef8040d01ece7aae423

SHA1
f504b3f22a4f10fb8ba2180e4a1997c3e4de2704

SHA256
1595cd43a72312a95b55ae6aa5e373a7a1210ae9565b96830b76b6b5ebc1c586

SHA512
53bffcf35b29aec51e51fc82be478de2e452f7798af0aa101c2e9b6358f44fda7a12f9d2e4523569651e12423a63a79387611b45522d36198da6cc93eedb17e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-493223053-2004649691-1575712786-1000\86fb56873de058cba411180cc7bcd658_755b0f1a-bb38-4bb2-bc7e-240c892146ee

Filesize
3KB

MD5
767d1cb2d142e2977cb7f5dce63e0c58

SHA1
2df1ec49c8794510f721e1a20ebceac7af0ec1eb

SHA256
2d5d7355bb327744014866bbf1ac3d24887c6890585c21e3e3d49f786a96bb2e

SHA512
c7e497a28fc3c8d43ac96d9ecf97ed45ae2668a93c46dbd088a6121cc29bcef1d94ab6e0dfd06cebad9ea2c18e961b30719d5eb2d84cf596563807ee10b8d69f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
2c9ad7c992dd1ef765e4ed6c966a14e0

SHA1
10ce9e4b0e43641f0d9ca50a34508eafd77371e0

SHA256
98cdc259744b2f89ca8737bc80f14e11878788a0294f20f4faef0d54cad501bf

SHA512
09ae52333bd584dae55b1212411bf7558da4718d32f1cb2dc4049e29d6630ed5927b1e30078ad0c3be0065626152be8d226b65178a3e3d33b210fb53824ee647

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
661c41808752c98ae475b5eaf06fa9d6

SHA1
0a2756eb34156af647574d37c3aea014ee6760fb

SHA256
bae3f2e5db3d8701d16c905131e6955a22fd5f3156f8c77d8f5d887869945705

SHA512
4a782531abc2ba64092d728a8ed5a8fd1b588e9aebf2bf73a3b86aa6c2e6900dd26f6c3b843d8ac47aef324d8ef727a72fb57e8cd13e8bb2e7bb098fa583fa97

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
7ca4619c6c5c4dab1d27b0019f8ba47b

SHA1
8dfb1ff00493ae3ef50e68a03c79f36cdd85832a

SHA256
a563c1ac532193c7fe22a33aa2d428b569d8051ba6185459f78cac9635b12fb2

SHA512
e935b0bbb1a1d036eb3acb09cea43bc8f4e0b8361a685a581945a1e58ddcd2f52777d3eca62a9a362c844974b476ca0a54bfd4dcc7d48a0ff54ee80c86ff9a06

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
45a33356666b1a4924b171ea5ca072d7

SHA1
22336de7b564aaf521593e655a9e7f19797b7809

SHA256
b500432919d2f01621618f474a1c8d797e3f27c204eaa6ba402494f99628d434

SHA512
75bed38ff23f45a122e608e9ddce6013fa74eaa8438ab641961ab8f434fe3edd0c15ebbab96cabf7c379f051eeeaaf342d38fdae80a522cff429e545e8fcd619

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
479c67e349d27226cc8a10e4005889c6

SHA1
10bd1bc111f130f02a999481cb33032e482ba6a8

SHA256
cdfbd3622dc5654f83ab7d43013add4c6f743a9a89c228f76349875bedf95079

SHA512
46c96c1ae65af19be36dacd9c206cfd0f7f940bda5809dcf583aa29c5a309b9938aa885088720448a9fe1a51aebe6924ecabb4131098f5ee645b93d71dec3bfc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
12KB

MD5
a140344245d5d45d630e2ce9605f0064

SHA1
e26af8975487f53d2a9f59194734677f40249bd9

SHA256
4c1ab6e8a9bc7e0b3a592e3fec31367fb09b9ca8aa77827f2b082b060cc9d4ee

SHA512
8d876f3399e8a63aaed0960971fb97aff204a1ca8ec7899b178a065cb2afca6a8c2772bfc0dd410a1662357b68eeee9cf1a0229cce95f48f08dc51635d2198ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
22KB

MD5
d97f4ee9b16c81ba8067e84571e5b1bd

SHA1
1a38a3a4767ef35e88c070ec5a3720ef865e271f

SHA256
5fcd90a738ec3e1614a86ea5591ac8c08bc585738b65270f1c539822ed4eb350

SHA512
7e273b131b2cb494ae4a9193835d80db52e04c0fbb54e497b80283f44b2747fc7f8a4bd8383b224e1fa169e5c320d21e9df701c6f981ec3cb1d930660b2137f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
6KB

MD5
9daecf543b81fd8edb604d391b6c5896

SHA1
45b25c2b14a0c9243e823edb85a34c0b8df76b7e

SHA256
d203861f4935262fbbfc0bf7a7711f6a9295d31b9ed6fada3a6131e6087c2310

SHA512
78d61483f9ecaeeaa7663147e252693228a42f001c2494dbefbf4667a991e5838c7917ba47f7f9cb0943c3df83f11755e70ff4246cd1a898659441fc34168851

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
51KB

MD5
b7d6bad42e11c64cbfe09970a6c78ff7

SHA1
7e4bcd32b3ad4d34b190fd6a151651197ec42664

SHA256
dcef42133da9853d8fb824cf6ec8a0fe61d513e0db951508a5959b49d8bffbfb

SHA512
7049b4d135a636915fb4258a15d1d99e4f5492cac1dcd112e45e3f1a8e5e8800843c6d7460f22b26695fea2b555a0dfc086028435402dafd7f3a65e6fa4c71ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
6KB

MD5
9fbf663dbad3b67f5f5f9d36f2e2f9cf

SHA1
9030c070666b8683f37c06b2a700a613710b1231

SHA256
4b431bb15483a0712af3062513385b2a889212a573ae03ab42564ff6ec17edcb

SHA512
623ac5e79a981fd14b8659c95c6c7b858e88a9f297a0a631cabdb7f411c7bf8e537db7b365d199df6b011987f186216e73444aa9847de95be6aa16cbec5fce5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
7KB

MD5
3017fe13365c1e00b6f8af28d12f896f

SHA1
037c9921af1d686e4260158e9f812dc963d212cd

SHA256
397f65ca2b55c5721f739f9827b80cef699c071bfb0208f09ee583b836aa8f22

SHA512
154fa696961c17887db0ece7c97f89b3e05f4d5acff7e6add06dd23dbcfcf4d87378bee8dbad7bb244c3522da4c4b9c528e13369e7105b2ba42c4c968cdc46d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
abfc02c131dfbd3a07ba1541c39e69f9

SHA1
12277761e33a4eaa8ce3fec1e9c64938c93ba1c2

SHA256
2e845a1135611dd955b0a9502ecbbf54b6dd475cb6f148e7e07e47d19ac258a5

SHA512
88dec812f8b12eefbd50ea10be74b8d1a024530fefb8416097d0bfab20a29f0f06bf021466fce17f3c75e98f1e9700dedf31293759d9075c76388eca8805c4a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\bookmarkbackups\bookmarks-2024-11-11_11_ZrdYzC-eJDxPzl9eWEGoog==.jsonlz4

Filesize
996B

MD5
faec8a82c35d6bddd9b1d7f4a7c68dbb

SHA1
518f8d9856574fc11d61576a2980fec26cbd7327

SHA256
c173a9013f78ec791bc1617ce873f96299c46c83df700dfdd02986b08de89e84

SHA512
20f8627622f835c46f59f44e6a5f6cdd6f20d775f3a6ab817b0489de7cef6e5be0e9825fa56787e19fca912a5ca7c1ec3332e0a7f5008c8c2c8970468082d2b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\broadcast-listeners.json

Filesize
209B

MD5
97c3738563a9448365a735f5f29ed3d5

SHA1
15a81433236ca6e6ecc4e1c8d0fdb8523b265c57

SHA256
63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24

SHA512
ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cert9.db

Filesize
224KB

MD5
c1bae72a9f8d7f4877a5296ff53807cf

SHA1
b35eec9f01ef5ad3a56c17c6ea4d0799e8a40f78

SHA256
1e50c1e68c94d122c070a4913b4bfdadb345e1bc4541b549cacc0f7591502d4a

SHA512
8cb19cd9951268baf4b291232add40fb82be36a1d387f3b23b8ed87a06deb1069bd4ee4443cc394c16370038a858fae166f54ae55cda0a54a400525af274a3d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b5acd9cf58ba89e643e7b2e839e0707e

SHA1
82c2b9cbea4acb50b446b786818287be7b0b8b61

SHA256
4d4fd87f1cdccc9f826ab7de2b3980db6fe4ed328f079ceb24f680557da9667e

SHA512
1fdaf5173a2fa956e3793b3643b44d928a4c81a1599bdf4b057396bfca5948ce1097194dbb5f528959c8cf4e34d058922828236c6060b41510e9ea2cb9ed424b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cookies.sqlite

Filesize
512KB

MD5
b22fca2a44880c4b78e742882216373b

SHA1
575236b93dd661bb6e4324ace83dbe57c0293b39

SHA256
a39db7de5bdae24fb142bfdc7525f01e189365b76229c307215188c3e2e09190

SHA512
ac2b06cec714c7d5ebf2176ad2a22f5acb07c786b0ee44d4b6b06d14a3fa74ae15caa97f66c0ebdd98e044cfcfadeace15e26049dbd6b2d1ef805cb21683ff44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cookies.sqlite-wal

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\crashes\store.json.mozlz4

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.bin

Filesize
50KB

MD5
aed4058c03f805112c972c2a10c72aff

SHA1
bf0469f72721faecec5a3fe4b246d9c90542073d

SHA256
1d248546cf7c8af2ae39caf497f64bd1aac19b9f6a70a41d52fb3091e1cac65b

SHA512
039ebf35229fe3f59c7053bf130f2c6607812553960448aa92f41b2dc9e54444ac3b7105795be34649a0ee4d64af5d09365be8ab65b84e862f69d6d4ac707874

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
409e08bc313edfd3947929cf6c16c0cc

SHA1
b969b90d1183177b1d41adb13374276316cfbb07

SHA256
31e83026c36ecc967656cc9d6f43c9a41ccd07f2ec05aa9fe4e12a561cf86680

SHA512
4d059744699979974e10ab755574451a0fb561772f48a8c1370d8f6279d56a5e08c15990e49c49a5aaf84e999348c14df8622cfd0da189e3ea9b2a7606e3da0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
48KB

MD5
b44911b1645b80337c87b2d250a2de19

SHA1
75d204074ad74e7b2a7bdea2ed484384885d1212

SHA256
d8defd108ade5be6f462060443af861a477b6ff1d75e52a438c924fca142c6dc

SHA512
f498be7f5942ed1b5811c97a5fa79a6067f95098df344ccd83f18c92b9e4dd1643016a8aa6d84a79cd9d72ce7b86301874d5f27750cdeebec18c528b2b06ce03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
49KB

MD5
62b5bcfaa1f6e67fcf3e25496fccff7b

SHA1
451e670cc23fd741683aefe582ac9d6016bc330b

SHA256
422584e616650cd57c6d3ac4885903bd9ac0f97e55da2e88456047c3dc8d8012

SHA512
cf71822b9f0535624772ce7eb3e183308b8321b087a7ef5c808d7fd8ae5f4c5fffe2e086aeba8083db22f6acdf946c17c682eec64f8e82549a44d4368a954992

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
120KB

MD5
30e071fc1b5b3439ecc6531d4a5989c5

SHA1
b2f2129bdcb0d729094a90009439ed572d61b6fa

SHA256
6532a38d640dcf90c6f58765815e6531c63f4373e6b53080a56c1ab53b8fe6f1

SHA512
2c23a4851d2cdba89812199822446087ee8e1306ea4ba30021591f57308e524c348f8c4feea0f94ceeb1da34ecf38222d6fbd6e02a3aea940fca1833f351af69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
86KB

MD5
1189ab0fa043bf661ce060aab1955d12

SHA1
16b6a2a816150f9a96a488aee3f9ec2d0e4402b1

SHA256
9e0c05c1fc08d38a74d7428a6323e4229ce22b6f8807540106e4250bde90bc92

SHA512
1677dacd430b458783ae23caf1128528f1600a23ab990fa6f7d7427cbe20f0b32c467fd6d845ef204a2720f796d3e4b2dc94a3bb3adc2b1f6f65c6fd4ea23af7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
50KB

MD5
d9d0bed40f3d68e6ad6daaf5949d38fc

SHA1
381caf8f6a93a18267790d8203fb7aa5e8ded189

SHA256
00f5750128f3b4be9f964b01acb5e12cd8fb26ece3da774b8b9dff1cf3b247f7

SHA512
8f3bc72bb2550783839c41f2bd453ec1f39047884e755e694b3c1275127e5a1ed79c4d003e1ce3cce89cb3b1cabc4ad527d4ff7e3a9ce5a192becc93861c2171

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
47KB

MD5
dc43b2483665384a24016b55bcd8f005

SHA1
820470afef33e190a93c8a302fe5884b774d3e05

SHA256
d58cba56d98d6b6d260e7e3c9534438e86a473a46f4169c320d8d5755908f913

SHA512
1c50db11bf9ec44c1693f15e4b528d0b8b5762f4dd481a7f7f45ac336233d364c2a4c8b46c3359a87f3837ff34707b5f034bf472d07d5c0c283b36243e2b0d9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
93KB

MD5
9897a4622ea5700c2d27b16b7f570397

SHA1
fc4aced708997ea48130de0fa1ffe451d1b03c3b

SHA256
d621aab6696ec9637f501f05ce05c26f6d8cc91481553c9fab520e1dfe0d594c

SHA512
27171864796ffe09a4facce5ebe8530b7fdc7a1fc30306b8538945327c7fc9452768d59c984147eb462eede46ada876a6a7e7c30fd2ba6857b865ea0e3ae1687

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
93KB

MD5
5ed1108e3b9a0ed1b2d4472ec4b02285

SHA1
875556ebed85bc9d4ae4ab8266b05b299993fa8f

SHA256
f51de122fc7ad3f0a6dccb2db7014ff742fd626d9cbd6fce41f17ed814ae5260

SHA512
621b704e350068c15355b32730b39dee8d8949537a6191697a5fc30f8e165e88cad503df00752ff6dff26360477aea387a3cb27335d6d10ae7a0483bcadc83fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
87KB

MD5
1ba14ebd3df38d45b83dbbff871c2b7d

SHA1
383368b492618152ec89b793521a9dfc121dfa8a

SHA256
cc0f9fac730bf57ac9368a852cef7fe8d066121dccf24ff149364b1bb8705a95

SHA512
9ab28d4336f072e609af4b5d335967288975a6f8e1a41deb8867b020de43d6563506117ba154283047d89a8327185c8bda2ce057cee563b0027945a9c090b340

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
925b53824e75787b044e0ebd94f77368

SHA1
383699e85b9040681b565fd1140eefa916298c8c

SHA256
f522a75a9da1e3ba072f1b61eafd6af2b2d8c537cee199cbc1a2084656158406

SHA512
12e650905620f5413d6d06c1ce9b8b40192ef1c48ad646be16c5627c57fd55514ea410edc32e2f4cb00d2adb8d9278ad7ddd97d7b0a79ee6544be94a5ed0f173

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
b8f3fa1ba24d627922a1f206a7aad9aa

SHA1
a62bcd8f520a415376471ca551a69fb89ce9eec3

SHA256
e2372be062fb4b23a8acea0057d01e17a420fcad108ef209c98b8c06d4b0d88c

SHA512
60e566c8620fb253fb4bbc07c963315a70c1785a333a1fe21cf1c2f9fbf10288425c64512d7e19c8a441b2e26f34314850c6ffd8d6dfff8b318fc5ff4957fbca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\events\events

Filesize
104B

MD5
defbf00981795a992d85fe5a8925f8af

SHA1
796910412264ffafc35a3402f2fc1d24236a7752

SHA256
db353ec3ecd2bb41dfbe5ed16f68c12da844ff82762b386c8899601d1f61031d

SHA512
d01df9cab58abf22ff765736053f79f42e35153e6984c62a375eb4d184c52f233423bb759a52c8eed249a6625d5b984a575ca4d7bf3a0ed72fc447b547e4f20a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\events\pageload

Filesize
359B

MD5
1f7a4f46f1deaf83b81297f526e515f7

SHA1
4924e7b346bbdd71de1df00233aa31dc54f31e44

SHA256
f0e87e2bf596ad651280b5765b7e780bfa5563b1d081e975b7fa6860b0bb9b2a

SHA512
19ea53e307884aebf23e46d8f8d0edd5f7ab4250cb52cb0f16e666a36048a877b993dc70fdbc68097211d2a1bf8f87c469ff0c89801d867d698a9b6a8e5b45e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\1cac950e-a416-4d23-86e0-314a4e6460ef

Filesize
25KB

MD5
cf0a01f4b0cdab3345cedaea13d08671

SHA1
480d2ec72e416057d2fe018e9dd0b78025be3205

SHA256
644a6a9c79b785511675faa9700cdf97b98910be86dacea09262226fb5dd9caf

SHA512
b2c8081aff26de38a4e01686ff6758e2a0690360325f65d25b28ba9b4b50c7a78030747b8dd80f0150e03a16593490a18a43c9d876e4c5abaf7d97ae5468695c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\1df66a65-3f38-4f1a-bbe7-2963bf3c31d7

Filesize
3KB

MD5
4a269e38cde342e07a4732d68e4c4318

SHA1
02fadd8c42ade14ac414f21f09283ac8709132ac

SHA256
f2fa2f351147e03ac69787a494538749afdf24952bb51db5c4142d5ce849de65

SHA512
d06ba0a2207851db73060e2af378accb1af80df6bc92138834b4437f2ad5ea9cd089c5546aaa2ac520f69564fc495d80d798e802a4aaf2b8f6e7ef5d632dde84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\30910575-e88a-4fef-9dff-513aeaaea57c

Filesize
671B

MD5
1d422128cc4c3dda3e243661037a7508

SHA1
f47f730fe79810ac14a0832d8a36166e4b88fc74

SHA256
9aa06dd643b5f08e9539ac27f362c9929cec9a59e93c9e4de4bc241c615e943b

SHA512
c47e3be579d3ea1289cd36ff5bfc6a05ccbd43de6177944950867ffaa40629912aa6760f67399bf1e19b8e47f39f4b210ce48c1400fdbd732134d9fe6aea6a16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\49ae24de-1856-4eb0-ae54-b46b2dfaac00

Filesize
9KB

MD5
a8d3c3acccc8a0718c2e0245f948c271

SHA1
1ae7f0838181b1301f3a5d6f521e00e274864185

SHA256
f61c710e0243a360bd6dbac0d9b4cf7b4454024a9a41c13c4a343c02a230f9cc

SHA512
b18e84db0e6fcc378bf0f805554d1a8ff2a9d746978127ea08e4c640285c86147e96870de2513d8c7ae8339f12a9ca169efffa88bb4510f58d3ab5f34574ca50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\75363ea2-2926-484a-9114-655e5b8f4345

Filesize
905B

MD5
dd645c8c3392b99e6ab7b5776b438ef1

SHA1
2b8ce9b169cdb407ab231471fc5d0c55961e1865

SHA256
573a4d940c0cce8252dbb75d7151b2f9705d3cd11d3c07749bc6efa7a31488c6

SHA512
dc342f2eef11e2af3a2830e5f931abd4eff2572a7fde8b02edfae0fa1489c0ada17662000197c6610de528d54a9a70292a25a4f70f5d9653ade387293ec4c744

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\8565e649-d059-4a8a-8163-22e45f036942

Filesize
982B

MD5
f6da0a503bf77ceeb9ce7e8747af6ddd

SHA1
189c88adcf1db950a25c8cd8867b86565f6ed053

SHA256
48f3fbf0d1a3c2d703b2aef56fc4a2e14d5c08ce2f2ea49e9657eb570dae9203

SHA512
daeec014313f2d6c0f81e4bbf32c25433d601488386e2b8475413fc38fcfbb1a7181572b64caf74888bf0553a24e9f23db31e71e24da1bd68e4bfd19d639f2cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\90ee53d8-1dec-4858-aad8-c9d4df01b3cf

Filesize
734B

MD5
27c87d3bdc4d843cecb577bbc2ea0ec0

SHA1
46c4992b8d134adcb15d4a3f93263b4d081dab1d

SHA256
bd21f29fd1e1eade3ac94211b4943a6b3d8672daca6889cfc5e256451d9ec891

SHA512
80b5d9aed75c190a4df71975f51bae2a93e74119529a074b1444ede0552fd9b867272ea1aa940e75ec9170b15596c9c192c4c7d815ba2d9d48221294855cc2b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\a88cc756-344a-405c-8c8b-380882f00025

Filesize
1KB

MD5
eac54ff12768e1b8cd178c0bb78b4f34

SHA1
e00cbc7b7efb7fb43e2c73ea1b16415fd1f5907a

SHA256
92b825a5969bf603330b34c8dae50c382c1902aa5874a64d0c9dc797e0e49799

SHA512
1dbd6f93069cc7b904fd90f9435eb1587861c4f810142a3226383eec0b5a70bdd2455df98aa4968c775c5354cc59ea3020d560bff96b9b33fddf24091e84aa13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\c5b36d1b-31e8-4f93-9b45-4f2a06d04687

Filesize
748B

MD5
708e191e3c8c7e22c168ac344e7f57e1

SHA1
04c6deae906bf834e7b87e50ec96d37252589e8c

SHA256
34ce24f2b73a515d8ba93bd92c31a8806e42ad0da66cfe7b59ef527bc58a5db0

SHA512
8a5a65ca8c3f95cafc03eb0945f268a98dbe3739031bc62568e09b65b4470918de925385d27b2d6d283f971e66efc6693fc961c50afa3f3e5d4e369fd227434b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\d117317f-5dc6-48c9-b516-10231b3e9aa2

Filesize
17KB

MD5
81a8decadcb81133924d2947bd0553a5

SHA1
8201e7c6964610d713f4f160260f2f99a7d95268

SHA256
b1eebc16aa39a7695226eb96d9d94e1bdeab276350033a919a6bac11c27baf9f

SHA512
7d268b232666d2c5e249edb492bc8d3c973abfee500dd34b820ef5d92766bc05cf7e7ba7275582b98f908049e85a5e69f4834f8ded920c88582d53001a964349

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\edda7811-4f32-42e6-b178-30a0545459ea

Filesize
734B

MD5
b9559ad03e8649f6cf86a9ffd3f36593

SHA1
3301e8749ba100434f0652de077d5adda6428d06

SHA256
f7b4a38c1d5533356be690c9644e6d1d659751848a56078f771cae890651149e

SHA512
8330d846ac4616d8b53ad88d70ca49ca44118b75f323d6276109546d8b381da98c36ee9b63ec18e111b5cc97199bf7b417b934a2fbd821cdef4cab0acba25c4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\favicons.sqlite

Filesize
5.0MB

MD5
c3b512b630c9b544b88c914ab353a04b

SHA1
8efc1f71d87f06d687412419aaa90ef172b6509d

SHA256
365b653303a86acd99c242346b4b953a0c2d952445d0ec6c046d0a9616074202

SHA512
9da488f087238a9cc68c1b52dd4ad2e96defeeb02b361d1c19a5b655eb4a624a43f409acd081ad765b3f13024fde1c1003bf3581a5deb009a6a1776c9ed8cbe3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\permissions.sqlite

Filesize
96KB

MD5
c25113922a70839d7e5650a666c004de

SHA1
6f9f46f45963a049a4ad7505af0fe4405a9cdeaa

SHA256
ce36c7979f14befae8892d867e6734501a4678b204dd3a9ff637ea93ba47cdc6

SHA512
2ac78273e3d6ba7f2f489d313ddf3ea635407fa83c84c5c5428dc0efc4eaf8838e98d732cab725e570aef4173949ed47640e156096b38ad41c4ad397d7f3cd25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\places.sqlite

Filesize
5.0MB

MD5
777a6ecc742114afacf1ffb94ba06a19

SHA1
e7ca1c6978756bf47d57c98eaafc38614590b5bb

SHA256
eb68dfa245979f6f4e7a42d3048d6ac5a07ca58291ed360b43c1783d701389a6

SHA512
57786e83018d38125c053c9d419b6be1d0f27cf850ed1714daf4eae9b894f87aa2c9a9fb765c934ab0c4c89f1eec4fe8801a7249bbf2210a7fbfd48238796e12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\places.sqlite

Filesize
5.0MB

MD5
d4530708948ef1e6f9bc2624d9469201

SHA1
7062eb47e31dadde1d4143deee775ebbf0d81a98

SHA256
1da997649eed72af75aabc9fece70265b0005d8b12070c526e4e25682843c4e8

SHA512
136aaddf1ffaa79dcc0936f6bb1def9441a409830b188b8562ef56d23f4ca5fe6f2299a02ad1cfca0d8c245caaf8d5903a6c1c0a853e3fb2c7d48071d8036a62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
10KB

MD5
319d8d2e8b63c5a67f3b2eb30d34c171

SHA1
8870fd0652936c2c319245e307f690c1456f8087

SHA256
6ce5c899793225a385a1c9204500a336500b35a26996d09577f835f05d9f272d

SHA512
753db09fca549f917b4370bc9c4a347dde85847a75354366f74b2624cb336b9b4802f20795593591b30d76fdd7ed75cde703dd42c4f223986d84e274ca2ac370

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
10KB

MD5
8348d93bf681de0cb21cb94b2585910c

SHA1
25ba24f26e22e5babf82622526f63d12ea476014

SHA256
3e63317d89b4766a5958ef79c854702cd6c0d16ff88f8a197829a3e20818c043

SHA512
7f6aafe8ede5a024c23505c0b907bcc9c177e353b2b2624f1caa0566bc0c5a7ae83fa15d2a9bba490dfb9046253d368fe7fed0bc0661f8d50e34ba33ee2a1a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
12KB

MD5
ba30dd845235f72d1bafbe00fe397546

SHA1
867d57c149cd0d9ef0e838412d930ddffa1df309

SHA256
4f98179d153efab9b4c28030b061793c6e7e6a94d561ce0ad1f4db319c115362

SHA512
70260fc0b603b7ea09e0b4a85c440cdd11442c014416438b7f3757e615d11d6bfec5ada793459dd88912792e6998f5412b2b544cd4a5e0d0604c65007cab50d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
10KB

MD5
0c0ee58e1a5d275e3dbf2656184a8612

SHA1
c10b3e98cf02d5a5b4c2d6595b5453a5ce0a7635

SHA256
b130b7421bfc90e38a27e46cba9f94d89876e32234ad7d54d42ee6fd13164bbc

SHA512
0e31e4c15a61d5e97d246bdc209413d11ff295aff8a68d977d2e6ce153b0e2729d4d987af2743c319c3a89feb9b4a9a97d131d10e0bd60ece70520bd82b827b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
12KB

MD5
0a4cc3769cb6d7661a797815de0371dc

SHA1
9173f62c3421178c7bea7f280a357debe414c439

SHA256
772303619dfdd1572cee20d60dafc87a262b6ccd3e9069ace3d3f8f24b3cfc5d

SHA512
242fc8550836260855ed67acb8d9cde16b078f6840405825b3f5fdb97a9ba331ba9e8e55b71d4b98949b2fc9558ec4fdad682c2ba01010579a24254218d4c064

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
12KB

MD5
de316b6bb68979c56ea4a937cedcba2e

SHA1
204510545ce113b46d4e36be54860dec330b347f

SHA256
9a68b40aa7caa2d247955cea695d90e121c8d68b7cea7ceebbb2e1cfe4928374

SHA512
18313540e3a4bbbb2a235cfcbe10d2be6129c4d4c995eb6c903148c8db68a1c8215e19bc68e5e71926451206e46cec46c4a49ed692fa5bcc802e5d98f37a3660

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
11KB

MD5
9a55a69e1d26b9ca9cae5e16bd835467

SHA1
1813a375cc5843a9e5c9f9b57aae306e3b9e0575

SHA256
4c9fa0c6255e6700ee609ae9180af23ab039293e6e1521906683e76115f7945a

SHA512
2a0ff482df239cb0548596acf18f639cde00f5d85789621c375ded2a1618edfb8f90cd16a6a7159d7deb7647bc9327bb6e0e4cf10cfff71c464fab9f805910fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js

Filesize
10KB

MD5
5f4112db11d35c284a1d55eb24ac21c8

SHA1
f18b50ad06722e47c19b593ade2ec9272b2b62bc

SHA256
eb91402735f9f2e18fd524dcf9d6dac8600ca3a33bfcbf9ce3f0363fdc5cb646

SHA512
4828e1e7161bb6418764ce5e00b8e24ce8557e231f886accb46632d0b5d2050a0a76d1d517dda91fa190dd17d8a5720aca2b00b4d2922d6a2db0011846fff368

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js

Filesize
10KB

MD5
43cfdffbb3dbd1362bf827af9a8467b8

SHA1
e6be0c3b5219784e5faf1a52a29912ef647cbe8f

SHA256
c57e60073ede84fdd063f6f5d5e2b9c86f642be636853c040d06d5524fe4bade

SHA512
2168c0e46f21c35d4dae4e2440167197fc66d01cd45ba0f9d44c8b4308e027478c43e1853846399f8cadae052d2e74ce7623f77bb7ea551c8079f65cb72123fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\protections.sqlite

Filesize
64KB

MD5
d7e5433a87ae3a30de4ab9adc47023bf

SHA1
4edaec48083abd90bc532ba8dd015fe209b0e439

SHA256
c2da29c9c40900e9ae211f9083849b86355850faa503062d14ced549563f273e

SHA512
9b28c36dbe02dff99519fac684c8cb88b8a40b06454524ebf79e576bd22cd94ae0eabb2655aba32bc118767f645d4e12da06764ca5d73c4e42fc2c2e0c343961

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionCheckpoints.json

Filesize
193B

MD5
2ad4fe43dc84c6adbdfd90aaba12703f

SHA1
28a6c7eff625a2da72b932aa00a63c31234f0e7f

SHA256
ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933

SHA512
2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionCheckpoints.json

Filesize
228B

MD5
a0821bc1a142e3b5bca852e1090c9f2c

SHA1
e51beb8731e990129d965ddb60530d198c73825f

SHA256
db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2

SHA512
997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
13KB

MD5
686ebfcca503ffa24dab27f34a253f0c

SHA1
98b199e4b0209a1714c3d29006f401e96e20fea7

SHA256
5adc74c9dce73171029daf30a9d242ae4676c0fee851046685018779a3427b17

SHA512
cdbfc7f284bfe3adaf07977058fa519406c716b5bc2d13ffb6531ad9c4ea2857317f22003ad75634aa9f21535849c49656c1565f001fe578343f173a5b33c8ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
20ea3a8666f81cc89fe60c93e68ecfb4

SHA1
79be2ff13f5e8043403b50007f38ddacfd7ea1b9

SHA256
9e228a1591126aa71f48e8d590bdbf4434a826d5618bae7aa8e79c3f1233c4fc

SHA512
a9a0500494ddcf34b079edd63294e2966db80363ff5917344096159160c6d98cf69b9325e50b6fd895c13ef0b00b0fb6ae25589736ca9beb8cf39f155cb778b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
905f3ef3c22432a0f0d3f8a540f101cc

SHA1
538ad6196f38872b07d546a2c2ec679d660c6247

SHA256
8b39f8f336553eddd87f529cb779409784c34ab48b44b3139b47e464b3138ff4

SHA512
b5c51d89272a2d4cd992fda4c1b6052e3c34e1e54324f5a880383e1eea1e3664871ef28cd0977fd1063b6fbfd66444c3b30e5684ae9212fb4758436f6fc2bb7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
19KB

MD5
bfdc98f63c52b94ddcf863a956b8fe7c

SHA1
a3ca4cb85afec01da067cafa5c48ee881ae5b738

SHA256
a5375a928aff72bb564d3dfb4600c08913723b2a09053768dd249489f54d8a0a

SHA512
d518dcc1890405cdc4bc10477ee9cca377f566374e992c46796e7a8712945aa7b256c0bc53bd14db68321b773241fc0fa4f05769631e921a2439631dcf06e06d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
13KB

MD5
047738f7bcdfb0797c1e8d8502acb990

SHA1
d83c0f15ddb94f31b13b5b57d8b011248cf62bdc

SHA256
53ec366ff7f45cadbc5aad3411858a04423c677dc132ce2830d7464157f010c7

SHA512
85744121d07091dcf1dd07619aada37ce001ed745688356afcfb00cc6eba3b8cd5e6166423e96607bf584ded83fe3ec169f4b7fab263981bab1c1504ee208420

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
19KB

MD5
5199f32a65ac42cc2334bf2890853bba

SHA1
5cce630abbae07024afbb25579cf8d059ba02fe3

SHA256
fd1f13af7b5c7ed6c4f857f514fad80cc2f799e5f38976a4561cb3d3564e979b

SHA512
677c710b0fc45af894e5d5583db4d9b98188a509dd53482376456c434ab869664a2c93e58921136e8391b5d32102136f1a1881e5f0a6176f70bffb3e21a12d3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
13KB

MD5
d0cb7e8c423a58a2932560468ba5590d

SHA1
a5c7b795eecaa14bffdf775cd4bf7932eb4f372d

SHA256
c1c30d86d60babe40ca9f668a1ab17808ba6229969dd282288b96e96624f4c9a

SHA512
d1be2da846326d80b15cd7c715a895ed3babcd81db3add79873bf8222259001c6074ec6e3e5d37ce6223b6fb9ade4c9abac921027770a2017242e30b307a2747

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
22KB

MD5
f6e51f815dd83bad591b3b981b6fe040

SHA1
7973b9d25863122602c52a546d980c3b72c31d13

SHA256
becd3160fc11b3fdf62457e14c0289698fed89ca0f7293b7d17d9c96a873eb20

SHA512
3327dff2846ca20b5316c0b5598eac6708358d722c75eb813fd0d79d891a6c429cdd3b89e4e419300c9ebca6c3079efbebab7b62648d3e0bd3d8cc183b02238c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
13KB

MD5
5822539a3e44e8bebd0b1b08c9634bed

SHA1
fc8037bfbae854652c7fcad509a6010f2be20d0d

SHA256
f47f8ec36064c8e119e8a94078580b20dc2499aa435be990698710169b5990c8

SHA512
541fbc867670551e5fa263748d7fe70c77a22b0c161d050f070e961d2eb1cb09fade0f5f28555a68f54ba090f37221f5ed7a201f4da761cfb4feef1b898f19e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
16KB

MD5
faf67afe091f78f1e853b1df1b0c9d7f

SHA1
b991cd6ae110e60098237d43ce9e13b847ff4b0a

SHA256
f90c5420a9a1d574741686df632367da278a4f60dd92a0e743530d8d7ead738f

SHA512
ab4eaa23139507207ec08dfccff147b813ce80a0a3e09be059f6580837a06e1936748fa5446547f5e6d963c6f298e4c46eb5d0724ef23cec47611f1258288950

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
13KB

MD5
7affe125400cf66e8a61d014f1652149

SHA1
f701bb4530a1423d3520e4f33455eb5424566aae

SHA256
c37f9d2cb0459f132012cc89caf3b24f558809dde84406697dca1f623f3ddb96

SHA512
482059a716fa27b08fe6e42d7bc7ff108dfbd7d6660e5ba0aebabbfdcc74a70188a2e67e9b90de76ed44b18f796077bb3f0d20f17e881ce7f041eb8166525840

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
19KB

MD5
686a269f11f03fe0f515388653be9a39

SHA1
4d02b980abe7cefe4b02cac0e1c688e5af1aa0c7

SHA256
c6fd9d67906073734f347647caf7e64b999b63bfb5d7ac5a926dda258f2b3906

SHA512
5a5558af3bb55d4624ae975fe515a0bfc62c9f80d2413fd1881530bdb1f0fa1688c440192c05ded032b3f4a76c4acf9a721d48ee9d071caed865afabe10a8e7b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
13KB

MD5
4a4cd9b842db9b1e8f56fbb746a207df

SHA1
bfc34b342d101aa6b502b1704fa3d924a12713cf

SHA256
002dcbe4d2f8f600f61a7228f10b49aabdce0fad2ac71bc03edcf5c88ade3ff4

SHA512
639f4bbd8bf61e9c9aac084540f87086fffb2b279a046f5030b647983396647ba297f454b96963890ffb5116ee604723e72d50a6c112d5a01e5d9fb8f1458b38

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
21KB

MD5
e6503c70520e067f8c03b51f564d238c

SHA1
a7d5a566f0e921101dc2a755477d34a5c3febddf

SHA256
53a490dc4b005c527d4375db8117193fc4514787ee79e40a607c317191a65d13

SHA512
afcfe3ce241db827ec73c542f01f5e5b1da29862cade3ec8475fe986397e6241f001ffd1d6bda893d7896feea731e2e793e0f921e2c0d04acd5f86a2811fac8a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
9cda6e60d438d3f01d5e9a8362d385d0

SHA1
25c2f4439b3eb9bf823a9977ab06952c4582b9f2

SHA256
14cc8fe2df2cb9552426c97e4934cc9adde31876a7e282806145f99cc05739e5

SHA512
fbdbfb8ee1d72f92f8c23b1fae1c5e8df5a03210bf6ca60e1759e76336a53c4c888af675722f405260fab173c72d6affea9c869ada4886d95c565bb8ad3088b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
82eb0cc184e15261ff53a650cb4f6866

SHA1
2dcce7321e33f3b608a2e0162925ab009c2eef49

SHA256
428910458d176bfde928b51f7be554cd0dc010c85732af2feea527788c517d75

SHA512
ad1ed9bd13a447cb6e8d2220e72bd072949ef8debc78834645c9e82f71276c2595740f180e0831f19b6b106f3d8b237c26f2522c9fb396a5f18765cbae233ed8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore.jsonlz4

Filesize
3KB

MD5
144fb529b0af8699f40bb1b9eb7e28f2

SHA1
8fa58aebf26b44f4aee8dee66d6cf888ab2eeabe

SHA256
5dc86c03f8a1fef0d0d99a0e221deb03a8d3f7c418f326e8d7da948a7ec9b9aa

SHA512
76aa992ec1b2bec5f2c73ee347bd0362394d816e394e6f9c0886c03cea2cc6e366b7eb3db4f3e8ccc7a35b9b1ae281a03b20408bacca48cb093258a13a19d59e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage.sqlite

Filesize
4KB

MD5
aa6fa1d314322e0b0f3765707697578a

SHA1
8dde93e454e45802aaa2420caae4b4e639ea9437

SHA256
205e0ccd449c203916c9a06018fbcaff7a0d3142d9651313cf954be0367533ac

SHA512
a630c7d85cf79f37af2bf69ad2d9b257cca314cb2ac1f9db09c47ac4b27aac49ddcf459b0292d9612a61d9cc93e79444af11291bdd8b8d402019f7f0c9cb89e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\default\https+++github.com\.metadata-v2

Filesize
48B

MD5
27c648c2a3d8ae46f0256b840c205b23

SHA1
5be550b1ed6f3bfd812cc9550133562cd92cf117

SHA256
7a240104118f74599800f6b0fd8c6db0ce1efcb478ec53b1bfbd8a4ab9200932

SHA512
c4ee59b4a26529c9ab22697d4b77b7c132c0c696897433beba9dc196fcbd6d316dceb490973a60f6ba3c61a54848e1095e4117db30ca1adc3d5000512afe5064

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\default\https+++github.com\ls\usage

Filesize
12B

MD5
18dca94c7c5690e41fca02b72ba9ceb7

SHA1
f64c3d3daee87a147432c616dda86c38a3807654

SHA256
e93b568a962e159aeb6b15cd1048ebf1052585bcb630fbad430aeee482fba9d9

SHA512
3cecb3d8a6d0fc24203770edb9ddb713d2214f94ab3c45a67f87952e498da19620a7de95f62d5b19c0c62205c47b0ba01d7d4fb9cf3a5f6b19bda50fcef0dc7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\default\https+++whatismyipaddress.com\idb\993782502OBNDE__KSDISG_NLA.sqlite

Filesize
48KB

MD5
66f518012291910bcedf474f00f0e34b

SHA1
eb81ee1b8916e4c5ae79a16ce22fcdb08eb866a6

SHA256
f6e7d9558b373fdf023a4ceb44916fda604c798366b71741c2e0ce073b8ea829

SHA512
eecc6cf83876e0972c8e9a01748754f44fdea0d05a8203e51508850e3bd8b22db1221e08bb50626455654dcf435f0ef910ddd9704ad1bac1e2b511ece7b3cf20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
da9db707f81a2a9d38baa116c2d884d2

SHA1
bb43930f1ee4e8145f19f33cba92f1b7aed8dd76

SHA256
50b6768fad48cf6b46c8067753a61bd077ee6dd8ea8802c3922d5ff5e2870116

SHA512
d907da7f8e70bec6c830be8e3c23b380dcbe4e88459eecee75721166adc1ee00749799dc5bbb4573fbbcf3d2c491d8192e8dcbd246a3a90380a58bb9bd4dd71e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
560KB

MD5
656c302f010fecc787d2948fbd535c8e

SHA1
feb3c59aa68a5613a6011c89cc0f830f3f330212

SHA256
2b875025be9279745052fdacbe79671eefcae5975ad7188926a068693f79f108

SHA512
06bb5e9088f67d67fcd41101705791957f00d94b954086baefa33c243ba374e22f5cf056b0f53cea968307cc0e9a003d1ef0a872b515a227e718a0fa07f13d7b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\xulstore.json

Filesize
217B

MD5
3c7edbdeecdb47fba617e3d03c36b0d3

SHA1
53628ce8c5170810fabafab8e001bfd971d47825

SHA256
c3db6f2519b071b7441022f9ed508b0da5ba40295be0ee449a27bd6146595d04

SHA512
bbf56ea374114173f7de198cd71ac6e75276b0f30926c6690db512f45ac2e54d099d990c285578f702696494d2884d8550e5dddadeee01077933034ac3817842

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\Client-built.exe

Filesize
3.1MB

MD5
d4cf4ac92a94b1a4e91b75525eff7ffe

SHA1
1e30d96bfabdc4cd87d5a6d0cccf902d743100ad

SHA256
897ae9d2efa16a1029a5c9203caa5079ab69d545e6e89744eb83062c3bf7167d

SHA512
03fbad00dc22c9ddc1ac64346f840474767fcd882f16f8e3c542bcbac6cb545a863327928ecc120c159f515a9a638ba6ca95830048332ace1c5ee740001786ee

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml

Filesize
1KB

MD5
1d71d244dd8a84c5ebda24ef0e30a254

SHA1
fde860ef8737800e73816380d5d75a53c19c0a58

SHA256
fe41835ce3d18fa30a5118becc8f7577de6941c6a1cfc5b9e73d7f97f0271b73

SHA512
26d1dd07047da451866cb0965207d8d53c8ca78bfa3a3ee11587fd29b962a7d9ffffb9fa0296b206cc268267bc9972874d156df9449211716158470bcbc671d9

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\Profiles\Default.xml

Filesize
1019B

MD5
a1123317f5fab915ff3717fa5723bb84

SHA1
e1dff0669e3c7ec83e21a2cb92398588e1c2818c

SHA256
c8b0ba9c67bdb73de1b35a3e9120fa8d6a101d1c9f3afbd948c66bcb2d9e402e

SHA512
8605229a023bbf962f9584b740038131e3fa3f0e97f62268c968e0da39be808476109297639529d1aa558a3cfd3d938ea249b8eb1c88333904d4cb9d556deda6

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12

Filesize
4KB

MD5
1e985fa969e2150ff380f438d9c31185

SHA1
6130b572986b5b4211d6833f2294f8f4d7220c67

SHA256
3ae498d6978bea6ef423a15db57101367aec52c0bf33d4e29f0360a67f2c38cf

SHA512
6cb4566c6f3b4a53a9769ad9777a8702a4aced862aa5c68b20b383c7d13f4ba29a191c3a45e7136cabb4ac3720c7bccb7ec57f76e9f8dba8fd47db7023b9f783

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\settings.xml

Filesize
373B

MD5
b6af1da05c1a00991f04f8b898cea532

SHA1
24c48b062d8d864eefd32f2d84a36e1a7282e911

SHA256
f2ef0d8f29904a65ce6dbe29baf9379fb4659afb6930a5af5d9fb88f73b73f41

SHA512
2ab2de469911c3fee5b9bbfdbb373e5eb15023bf25b9e1835ebbf5890c66cfd7a06d7d5911e2fb630afadf9b30489e589634cefe52ca4c4156ae24b24c00c8aa

Download Submit
C:\Users\Admin\Downloads\Quasar.12u-HM8d.v1.4.1.zip.part

Filesize
3.3MB

MD5
13aa4bf4f5ed1ac503c69470b1ede5c1

SHA1
c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

SHA256
4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

SHA512
767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

Download Submit
memory/3620-545-0x000001C846D70000-0x000001C846EA8000-memory.dmp

Filesize
1.2MB

Download
memory/3620-576-0x000001C8643B0000-0x000001C864462000-memory.dmp

Filesize
712KB

Download
memory/3620-551-0x00007FF91BC50000-0x00007FF91C711000-memory.dmp

Filesize
10.8MB

Download
memory/3620-547-0x00007FF91BC50000-0x00007FF91C711000-memory.dmp

Filesize
10.8MB

Download
memory/3620-546-0x000001C8472B0000-0x000001C8472C6000-memory.dmp

Filesize
88KB

Download
memory/3620-574-0x000001C863800000-0x000001C863818000-memory.dmp

Filesize
96KB

Download
memory/3620-575-0x000001C863A60000-0x000001C863AB0000-memory.dmp

Filesize
320KB

Download
memory/3620-550-0x00007FF91BC53000-0x00007FF91BC55000-memory.dmp

Filesize
8KB

Download
memory/3620-544-0x00007FF91BC53000-0x00007FF91BC55000-memory.dmp

Filesize
8KB

Download
memory/3620-552-0x00007FF91BC50000-0x00007FF91C711000-memory.dmp

Filesize
10.8MB

Download
memory/3620-577-0x000001C8642F0000-0x000001C86433C000-memory.dmp

Filesize
304KB

Download
memory/3620-548-0x00007FF91BC50000-0x00007FF91C711000-memory.dmp

Filesize
10.8MB

Download
memory/3620-581-0x000001C8645E0000-0x000001C8645FA000-memory.dmp

Filesize
104KB

Download
memory/3620-580-0x000001C867B30000-0x000001C867B8E000-memory.dmp

Filesize
376KB

Download
memory/3620-549-0x000001C864610000-0x000001C86493E000-memory.dmp

Filesize
3.2MB

Download
memory/3620-3359-0x000001C8644F0000-0x000001C864502000-memory.dmp

Filesize
72KB

Download
memory/3836-663-0x0000000000170000-0x0000000000494000-memory.dmp

Filesize
3.1MB

Download
memory/3836-664-0x000000001B0A0000-0x000000001B0B2000-memory.dmp

Filesize
72KB

Download
memory/3836-665-0x000000001B900000-0x000000001B93C000-memory.dmp

Filesize
240KB

Download
memory/3836-667-0x000000001C8B0000-0x000000001CDD8000-memory.dmp

Filesize
5.2MB

Download