Overview

overview

10

Static

static

10

Client-built.exe

windows10-ltsc 2021-x64

10

Analysis

  • max time kernel
    534s
  • max time network
    527s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    15/12/2024, 15:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • MD5

    749286088524b5c49a9f6fd5dd15de49

  • SHA1

    bc255bc2f5a7f50e8fec2e5eca55c82de0bb15a2

  • SHA256

    e1dd16d3d0550466cd1e5efa60ea8f0d3b204f52ddccb4b58d46a7dba9dc5587

  • SHA512

    b0ac4798d04e443f6e795e718bf301a885bc96ab2bd12f4d2b14d47e75aa897b5f53c22dab14b95a12a4f2e177d86a78a0af08ab916906a9a9ce7eb0b860dd8e

  • SSDEEP

    49152:WvWI22SsaNYfdPBldt698dBcjHSlRJ6ibR3LoGd09THHB72eh2NT:Wv722SsaNYfdPBldt6+dBcjHSlRJ6c

Score
10/10
quasarkdotcryptdiscoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

KDOTCrypt

C2

fedx.ddns.net:7000

Mutex

f70e50c5-1467-4cc3-8be1-b4ca15c11c35

Attributes
  • encryption_key

    92470F4731518ABFA77DC89068544FB7E7B7C459

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    PID:3564
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Vr2TTLeMAqwx.bat" "
      2⤵
        PID:2712
        • C:\Windows\system32\chcp.com
          chcp 65001
          3⤵
            PID:1860
          • C:\Windows\system32\PING.EXE
            ping -n 10 localhost
            3⤵
            • System Network Configuration Discovery: Internet Connection Discovery
            • Runs ping.exe
            PID:5036
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:4448
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3424
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {78d36a4a-ead9-466c-b664-5a39f81f44a6} 3424 "\\.\pipe\gecko-crash-server-pipe.3424" gpu
            3⤵
              PID:1080
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2388 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65f8dbe2-5c3d-4490-bad1-b190d4af4281} 3424 "\\.\pipe\gecko-crash-server-pipe.3424" socket
              3⤵
              • Checks processor information in registry
              PID:4332
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3332 -childID 1 -isForBrowser -prefsHandle 3368 -prefMapHandle 3156 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {442fbb3c-8c55-4a8b-b819-05d8058f7386} 3424 "\\.\pipe\gecko-crash-server-pipe.3424" tab
              3⤵
                PID:820
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2520 -childID 2 -isForBrowser -prefsHandle 1276 -prefMapHandle 932 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3f03fdd-518c-405c-99fc-197b4d3255f7} 3424 "\\.\pipe\gecko-crash-server-pipe.3424" tab
                3⤵
                  PID:3704
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4860 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4856 -prefMapHandle 4852 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf3f42cd-bd8d-4a10-8aec-37e306827d25} 3424 "\\.\pipe\gecko-crash-server-pipe.3424" utility
                  3⤵
                  • Checks processor information in registry
                  PID:4380
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5252 -childID 3 -isForBrowser -prefsHandle 5236 -prefMapHandle 5232 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a88ab777-8df5-41d5-bf1b-28009f43e5c2} 3424 "\\.\pipe\gecko-crash-server-pipe.3424" tab
                  3⤵
                    PID:2996
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 4 -isForBrowser -prefsHandle 5488 -prefMapHandle 5276 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4b2aa61-afef-4c8a-bd6b-76dc44506ba9} 3424 "\\.\pipe\gecko-crash-server-pipe.3424" tab
                    3⤵
                      PID:3084
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5600 -childID 5 -isForBrowser -prefsHandle 5608 -prefMapHandle 5612 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c200f96c-8ec3-4e1e-9170-26974ed32a06} 3424 "\\.\pipe\gecko-crash-server-pipe.3424" tab
                      3⤵
                        PID:1068
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4636 -childID 6 -isForBrowser -prefsHandle 4556 -prefMapHandle 4596 -prefsLen 34717 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fb68461-a2a4-491b-8c41-445a1531ecd8} 3424 "\\.\pipe\gecko-crash-server-pipe.3424" tab
                        3⤵
                          PID:2736
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3180 -childID 7 -isForBrowser -prefsHandle 3528 -prefMapHandle 4652 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41808c7f-9822-4043-9f54-93275d8a0cb9} 3424 "\\.\pipe\gecko-crash-server-pipe.3424" tab
                          3⤵
                            PID:3484
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3188 -childID 8 -isForBrowser -prefsHandle 3184 -prefMapHandle 3176 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08172530-48c5-4fa4-b1b3-7fd7a266cfaf} 3424 "\\.\pipe\gecko-crash-server-pipe.3424" tab
                            3⤵
                              PID:1460

                        Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mg4xad17.default-release\activity-stream.discovery_stream.json.tmp
                                Filesize

                                19KB

                                MD5

                                a64e0b21c655a3976bcb2bcef8797c76

                                SHA1

                                63d2654686cf501ed2572d83b6909e3dec1facc0

                                SHA256

                                ca6337a4f8199b357b8d09e3b8bbab8aeef21f5e7b0a9125723fea47b48e25cc

                                SHA512

                                86a491fb5b486ac7d77d783fd0e80ed03a5d8578953cd1cc16a5b6dc9462ea8bef083032b72e078e7bad18e39cf3577d73632e9a43942ba28254345320258ea5

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mg4xad17.default-release\cache2\entries\99CA409756CAAF841D14C3F5B81984EFAB5C85E8
                                Filesize

                                224KB

                                MD5

                                3e6cf3949c23669ecf0c0d1b02106beb

                                SHA1

                                e17914338b988b610afa28cd49483c1723047169

                                SHA256

                                e6de1d62e6ab94eef8f846a9643f4f3350cb788035387044ab0f4735507290ca

                                SHA512

                                f0c4a809ecd19278acff20a42cf2d22e882464a1207d6227c8face8bce652a7062dbaa18fd829d01c553653f41bb0be5c0d2821a6d744cb604b626b501f91865

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Temp\Vr2TTLeMAqwx.bat
                                Filesize

                                213B

                                MD5

                                28f7c870a84a7bff7209f9cc3daab22d

                                SHA1

                                f49960b0382e500a0552f773cc92c83b5dfad535

                                SHA256

                                bb5852614186c3d180b4f5d0b6dbc93cfe6425a5e1a946ee8d79b0a7772c0866

                                SHA512

                                718087183c7eac2aa548a9dff88b2673f102cb344a2dcd75753a266cdccdd3ce8ea92d223d083aa3b9c0921ff6f85cdef50717c8400729eca3ebcd0a1efd816d

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                Filesize

                                479KB

                                MD5

                                09372174e83dbbf696ee732fd2e875bb

                                SHA1

                                ba360186ba650a769f9303f48b7200fb5eaccee1

                                SHA256

                                c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                SHA512

                                b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                                Filesize

                                13.8MB

                                MD5

                                0a8747a2ac9ac08ae9508f36c6d75692

                                SHA1

                                b287a96fd6cc12433adb42193dfe06111c38eaf0

                                SHA256

                                32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                SHA512

                                59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg4xad17.default-release\AlternateServices.bin
                                Filesize

                                7KB

                                MD5

                                bccb78e6eb79a898a1c993f3649cc8e7

                                SHA1

                                6aa87ffabd6ad8a9f1f9773a5a16e7d73b14ec14

                                SHA256

                                145018c28384d507951b8cb0283c8edb1f470cd4c19fdf7b834547bbed7959b6

                                SHA512

                                85c4bd78274b91ebd90f3dea08fb343af6d12612b7ad02c1d6e45cf37b3010a91e304a8ec3192e77e36309ec8abbc5a01973a5596ff46d0d5267ba4f1d7ed178

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg4xad17.default-release\AlternateServices.bin
                                Filesize

                                10KB

                                MD5

                                76793f967e19a6ad6d67b3a72edfc16f

                                SHA1

                                87c2f8284196f97035339898b6c9f77daed9067d

                                SHA256

                                e6c863cfd7c2a138d32f493c37d1266e813d2d7333fe293a5fb7d1b29771a006

                                SHA512

                                b7ab95ed5f230ee1a7b6cc9d1945c46225eb0320a6d91145722cee3abd4f1b4f3288936799ec589632b5229c85b6b871ff7c2a820b49c50491e755ea547838ab

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg4xad17.default-release\datareporting\glean\db\data.safe.tmp
                                Filesize

                                5KB

                                MD5

                                a9268986754ec8aab05ef74033d1d533

                                SHA1

                                b7bfd9a8e1f02367b286ac14d750752d42240415

                                SHA256

                                79d6ceed5d8c80e5bb203a781d72f5f61a84f787796e8d314d1cb520627ebb46

                                SHA512

                                7aaa7d00f0417907e16efce52693f0b75c22c8527a99dd84852a71ddf2918a61e85fdae0fa1ad2c2345cfb57808b00b7106bf31f705095cd4d786812e4b693d0

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg4xad17.default-release\datareporting\glean\db\data.safe.tmp
                                Filesize

                                31KB

                                MD5

                                3943ae9b95813ee4f496999c25a41d64

                                SHA1

                                2f0773a456dbe1759d859716a7547ef5277e1bd9

                                SHA256

                                767706cb70b8081ee25ace6aa7acd646876da9eebb6c02a2cc6daf2fe7c3a7c3

                                SHA512

                                d148ea0ed016c32fbd2e2c1987e0611fecd5d1ec9bc527a9889c05830ea2beba7ae78c6fcc954904bdd9866f503aea85b604788547bf82da4e8b0662999d9069

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg4xad17.default-release\datareporting\glean\db\data.safe.tmp
                                Filesize

                                50KB

                                MD5

                                27bf15c358f4d34f5a97765d1bc14d51

                                SHA1

                                2a488fb96b0c40ec98b1ec56a1a505f91736397e

                                SHA256

                                ecc91fac7559915c50582333014c202f90a1d6a775eed0845a389a6127d0c2e7

                                SHA512

                                5dcd67b6c1e318c00ac73756d71908124f4aeee337bc9936bda928b7395202a20fee22a7d77ec1fe13af0e43ad2eb25551909f99f7dd4819ee7b8c9972e1df3b

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg4xad17.default-release\datareporting\glean\pending_pings\244cebaf-f9ee-45e9-9c13-1934e53abdeb
                                Filesize

                                671B

                                MD5

                                cb47bde78a3206bbc394be5ff15ea85d

                                SHA1

                                86885b7c2963d4cc9e9e7cd1aa315cecec53e8e0

                                SHA256

                                35404bcdc293cf9d5493532e53f5e4b9c83af61266b80d212b98c833f096b876

                                SHA512

                                496d60960ee1706074557a5aee8a4bb72baaf7c31af4ec5d87d28514257c2a6c691a440ceff50bc04765b3f5956636dc561c716152b3b8ac609264a065b5170a

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg4xad17.default-release\datareporting\glean\pending_pings\7d1dc68f-3a6a-490f-a6fb-ac211eab4c98
                                Filesize

                                982B

                                MD5

                                f08aee4b9c62c9a1924ba17fcc5aac50

                                SHA1

                                a9f4283dbec2487ae2597406fff818dc7505f97d

                                SHA256

                                079c7081a1ab92374d6fc870173f2c2ef1ec1ef9e12c1ab6e7ddb3987c4fe181

                                SHA512

                                bce40abcffa8acf4dc08b7dab4752e4ea4abc7f2062d2c3404e878d8dd7dcbdfbee4714c1cc4f62cd93b2cc9c66a5d0898b2d1dfefdfeb3a49efadd8a7093271

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg4xad17.default-release\datareporting\glean\pending_pings\e0da2b21-ed0b-449a-abd2-394166e7640d
                                Filesize

                                26KB

                                MD5

                                7780c8018f7e247e4bafb02e96a1a876

                                SHA1

                                141287169ecd2f8a5184c8203e2c7905ff53d067

                                SHA256

                                1578d433542ba29a737d8f16f6872926c3f6600b1f1f9c327985bfc13fd37d4b

                                SHA512

                                ffc375b921039fc0844f2f317a99abb3d291f9f7a20e9b829b2f34426d6a0e79f056ea0e61712da6d3089bac754e636ba8dec4d0c075dd8be5f6c61bdf79e09f

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg4xad17.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                                Filesize

                                1.1MB

                                MD5

                                842039753bf41fa5e11b3a1383061a87

                                SHA1

                                3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                SHA256

                                d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                SHA512

                                d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg4xad17.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                                Filesize

                                116B

                                MD5

                                2a461e9eb87fd1955cea740a3444ee7a

                                SHA1

                                b10755914c713f5a4677494dbe8a686ed458c3c5

                                SHA256

                                4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                SHA512

                                34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg4xad17.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                                Filesize

                                372B

                                MD5

                                bf957ad58b55f64219ab3f793e374316

                                SHA1

                                a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                SHA256

                                bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                SHA512

                                79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg4xad17.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                                Filesize

                                17.8MB

                                MD5

                                daf7ef3acccab478aaa7d6dc1c60f865

                                SHA1

                                f8246162b97ce4a945feced27b6ea114366ff2ad

                                SHA256

                                bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                SHA512

                                5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg4xad17.default-release\prefs-1.js
                                Filesize

                                11KB

                                MD5

                                542087fc3783d9696b94ef7fdc6595cc

                                SHA1

                                b6144cb65c79838fd9ab385b4815011f86458019

                                SHA256

                                f1dc74fabc36ca9c35c4ca4b8dd3c447415f22f43d83829cd58b421bc65f8118

                                SHA512

                                6ed16be9556ec181f3eab053dd8f4e1ca6061ac829ecfc8c50ea2c0dc184bfc6b0369c8b3695e3cb4aa937acf1d264e67d77a125ef48680ac483d3d21a1600e9

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg4xad17.default-release\prefs-1.js
                                Filesize

                                10KB

                                MD5

                                93790d83a2a97f0a292acb0a0e32c9af

                                SHA1

                                92d17fa72bbcf6f7fecdc2254b3302bfb404a647

                                SHA256

                                9a160adad33295eb03e6d0ed89b4753a1b7a7d79f5b53e855e9686960672085c

                                SHA512

                                9debcea3a40c1873166be93d0dced328e7185ebb4ac39c23e2314810c00f020ab82478607a89c1d643b5a8e459faf5692d5a429310f24c5c49bfdbe1598e5aca

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg4xad17.default-release\prefs-1.js
                                Filesize

                                10KB

                                MD5

                                971d510741712840bc737377c8ddb769

                                SHA1

                                478e96fe693abf3bd1a24baa5d371b10a79073ce

                                SHA256

                                e4a201e7558987c3d78e4d4dda9432c5e0596b309467f8c8f84a9614330c3770

                                SHA512

                                e82d79dd7e7640feec163765f8b4d6b06da3bf284138026725ac9a30a1147f7579a297a33432d6035d7ee62af6ac6715c488ce375b1a2b8d6477ba30bfab939d

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg4xad17.default-release\prefs.js
                                Filesize

                                10KB

                                MD5

                                55416db97d4d02572590ed5e266ff900

                                SHA1

                                2d922eba2d81c3f4726ad59ecf603a83ab75e714

                                SHA256

                                78eb77a8f3352934c7260ba877d0e6ad8a4f50232c32339e0c1021e07b0dad42

                                SHA512

                                c0d32f1593d5f7150502a5859e82cd7b2b831545d1c1cdfd8e25515461ec048bfdb81ddabe4fffa82143c1ca80ac70a0322f4ef34c5b76980195f75a2f223003

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg4xad17.default-release\sessionCheckpoints.json.tmp
                                Filesize

                                288B

                                MD5

                                362985746d24dbb2b166089f30cd1bb7

                                SHA1

                                6520fc33381879a120165ede6a0f8aadf9013d3b

                                SHA256

                                b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

                                SHA512

                                0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg4xad17.default-release\sessionstore-backups\recovery.baklz4
                                Filesize

                                1KB

                                MD5

                                15bee5f14f92ea6f7926dbac14a666c2

                                SHA1

                                d7012ff67696d95e565e6e4a02fae25e401c83fb

                                SHA256

                                6604158b6a405478767048c7cb2df6c37f20a2e08e2da509c227dc865625e756

                                SHA512

                                5c48f48747fe85e709f1e6a076be4f9ac7d9fbb6de333d52d92c625583a91b62a37889405879f38c930ff4894fc51c30950f01e0a9720b7179e2692f4e75fc32

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg4xad17.default-release\sessionstore-backups\recovery.baklz4
                                Filesize

                                1KB

                                MD5

                                c697ea3290a27eb72c632033aa4cd26f

                                SHA1

                                b5671c8d6a1b4900a13e1d3c3a9738b829a01018

                                SHA256

                                d23a4e47b5cedfc86cac8455143608e1cd9a34e70b62d2a143b3da44debc6766

                                SHA512

                                d85535553222739f8d23d4b4e32eff355d5f95eba185872db399b4dada9518712ba453360f277507d14fd5184706934976077ad46f8d658b9a0dc893db3c2c3c

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mg4xad17.default-release\sessionstore-backups\recovery.baklz4
                                Filesize

                                1KB

                                MD5

                                fc651628e7f12aabf5987d9493393850

                                SHA1

                                f8ea81fa43880f0ee8f9ad51cfa42786fe477e46

                                SHA256

                                af8175e3f5bffdbedbb8999b1c43459c0907e67a4eb918e90350140127b97f54

                                SHA512

                                b41c4c491fb2f153e39c59d4b208c0f37f0c15c4baf60226f221a451fcd0865b0ff5b3ec2f1c871c8acff4daaeea4cb1e7c548b19e9998c9423259ab50c73cdb

                                Download Submit

                              • memory/3564-0-0x00007FFD875E3000-0x00007FFD875E5000-memory.dmp

                                Filesize

                                8KB

                                Download

                              • memory/3564-508-0x000000001B3E0000-0x000000001B41C000-memory.dmp

                                Filesize

                                240KB

                                Download

                              • memory/3564-507-0x0000000002920000-0x0000000002932000-memory.dmp

                                Filesize

                                72KB

                                Download

                              • memory/3564-4-0x000000001C250000-0x000000001C302000-memory.dmp

                                Filesize

                                712KB

                                Download

                              • memory/3564-3-0x0000000002950000-0x00000000029A0000-memory.dmp

                                Filesize

                                320KB

                                Download

                              • memory/3564-32-0x00007FFD875E3000-0x00007FFD875E5000-memory.dmp

                                Filesize

                                8KB

                                Download

                              • memory/3564-2-0x00007FFD875E0000-0x00007FFD880A2000-memory.dmp

                                Filesize

                                10.8MB

                                Download

                              • memory/3564-305-0x00007FFD875E0000-0x00007FFD880A2000-memory.dmp

                                Filesize

                                10.8MB

                                Download

                              • memory/3564-1-0x00000000004A0000-0x00000000007C4000-memory.dmp

                                Filesize

                                3.1MB

                                Download

                              • memory/3564-664-0x00007FFD875E0000-0x00007FFD880A2000-memory.dmp

                                Filesize

                                10.8MB

                                Download