quasar | hxxps://github[.]com/quasar/Quasar

Analysis

max time kernel
1013s
max time network
1020s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
20-12-2024 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/quasar/Quasar

Score

10^/10

quasar microsoft-office-365 discovery phishing spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

microsoft-office-365

111.111.111.11:4782

Mutex

ecd2909b-2d5c-42d7-b9ca-2dc06383b25b

Attributes

encryption_key
7D55309135DCD3C7F1577862EAC1BBF3B1375D2F
install_name
microsoft-word.exe
log_directory
key
reconnect_delay
3000
startup_key
microsoft-word.exe
subdirectory
microsoft-office-365

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 6 IoCs

resource	yara_rule
behavioral1/memory/3284-673-0x000001FF84D10000-0x000001FF84E48000-memory.dmp	family_quasar
behavioral1/memory/3284-674-0x000001FF85290000-0x000001FF852A6000-memory.dmp	family_quasar
behavioral1/files/0x0006000000025003-884.dat	family_quasar
behavioral1/memory/1892-886-0x0000000000240000-0x0000000000564000-memory.dmp	family_quasar
behavioral1/files/0x0006000000025003-4400.dat	family_quasar
behavioral1/memory/3000-4402-0x0000000000D90000-0x00000000010B4000-memory.dmp	family_quasar

A potential corporate email address has been identified in the URL: currency-file@1
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: w@mOMVzJddvKzBdhjEKq
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 9 IoCs

pid	Process
1892	Client-built.exe
1744	microsoft-word.exe
4932	Client-built.exe
2928	Client-built.exe
3000	Client-built.exe
3460	Client-built.exe
6952	Client-built.exe
6916	Client-built.exe
6248	Client-built.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com
17	camo.githubusercontent.com
17	raw.githubusercontent.com
33	camo.githubusercontent.com
34	camo.githubusercontent.com
36	raw.githubusercontent.com
37	raw.githubusercontent.com
2	raw.githubusercontent.com
3	camo.githubusercontent.com
5	camo.githubusercontent.com
16	camo.githubusercontent.com
35	camo.githubusercontent.com
56	camo.githubusercontent.com

Looks up external IP address via web service 5 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
163	whatismyipaddress.com
173	whatismyipaddress.com
143	www.iplocation.net
150	www.iplocation.net
159	www.iplocation.net

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Checks processor information in registry 2 TTPs 20 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	Quasar.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000000000002000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Quasar.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac04000000c8000000354b179bff40d211a27e00c04fc308710300000080000000354b179bff40d211a27e00c04fc308710200000080000000	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Documents"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616209"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Quasar.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "6"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0\NodeSlot = "5"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MinPos1280x720x96(1).x = "4294935296"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Quasar.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MaxPos1280x720x96(1).x = "4294967295"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\0\0	explorer.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Quasar.v1.4.1.zip:Zone.Identifier	firefox.exe

Runs net.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
1812	schtasks.exe
4044	schtasks.exe

Suspicious behavior: AddClipboardFormatListener 5 IoCs

pid	Process
1472	explorer.exe
6548	POWERPNT.EXE
5844	POWERPNT.EXE
7836	vlc.exe
436	explorer.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1324	powershell.exe
1324	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
1472	explorer.exe
3284	Quasar.exe
1744	microsoft-word.exe
7836	vlc.exe

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeDebugPrivilege	4812	firefox.exe
Token: SeDebugPrivilege	4812	firefox.exe
Token: SeDebugPrivilege	4812	firefox.exe
Token: SeDebugPrivilege	3284	Quasar.exe
Token: SeDebugPrivilege	4812	firefox.exe
Token: SeDebugPrivilege	4812	firefox.exe
Token: SeDebugPrivilege	4812	firefox.exe
Token: SeDebugPrivilege	4812	firefox.exe
Token: SeDebugPrivilege	4812	firefox.exe
Token: SeDebugPrivilege	1892	Client-built.exe
Token: SeDebugPrivilege	1744	microsoft-word.exe
Token: SeDebugPrivilege	4932	Client-built.exe
Token: SeDebugPrivilege	2928	Client-built.exe
Token: SeDebugPrivilege	4812	firefox.exe
Token: SeDebugPrivilege	4812	firefox.exe
Token: SeDebugPrivilege	3000	Client-built.exe
Token: SeDebugPrivilege	3460	Client-built.exe
Token: SeDebugPrivilege	6952	Client-built.exe
Token: SeDebugPrivilege	6916	Client-built.exe
Token: SeDebugPrivilege	6248	Client-built.exe
Token: SeShutdownPrivilege	4536	control.exe
Token: SeCreatePagefilePrivilege	4536	control.exe
Token: SeDebugPrivilege	1324	powershell.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
3284	Quasar.exe
1744	microsoft-word.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
3284	Quasar.exe
436	explorer.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3284	Quasar.exe
1744	microsoft-word.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
7836	vlc.exe
3284	Quasar.exe

Suspicious use of SetWindowsHookEx 29 IoCs

pid	Process
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
1472	explorer.exe
1472	explorer.exe
3284	Quasar.exe
3284	Quasar.exe
3284	Quasar.exe
3284	Quasar.exe
1744	microsoft-word.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
4812	firefox.exe
788	MiniSearchHost.exe
3284	Quasar.exe
6548	POWERPNT.EXE
6548	POWERPNT.EXE
6548	POWERPNT.EXE
6548	POWERPNT.EXE
6548	POWERPNT.EXE
5844	POWERPNT.EXE
5844	POWERPNT.EXE
5844	POWERPNT.EXE
5844	POWERPNT.EXE
7836	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 4812	2068	firefox.exe	77
PID 2068 wrote to memory of 4812	2068	firefox.exe	77
PID 2068 wrote to memory of 4812	2068	firefox.exe	77
PID 2068 wrote to memory of 4812	2068	firefox.exe	77
PID 2068 wrote to memory of 4812	2068	firefox.exe	77
PID 2068 wrote to memory of 4812	2068	firefox.exe	77
PID 2068 wrote to memory of 4812	2068	firefox.exe	77
PID 2068 wrote to memory of 4812	2068	firefox.exe	77
PID 2068 wrote to memory of 4812	2068	firefox.exe	77
PID 2068 wrote to memory of 4812	2068	firefox.exe	77
PID 2068 wrote to memory of 4812	2068	firefox.exe	77
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3440	4812	firefox.exe	78
PID 4812 wrote to memory of 3768	4812	firefox.exe	79
PID 4812 wrote to memory of 3768	4812	firefox.exe	79
PID 4812 wrote to memory of 3768	4812	firefox.exe	79
PID 4812 wrote to memory of 3768	4812	firefox.exe	79
PID 4812 wrote to memory of 3768	4812	firefox.exe	79
PID 4812 wrote to memory of 3768	4812	firefox.exe	79
PID 4812 wrote to memory of 3768	4812	firefox.exe	79
PID 4812 wrote to memory of 3768	4812	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/quasar/Quasar"
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/quasar/Quasar
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d958f34b-7893-4fc2-884e-03ef85aab2f4} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" gpu
    3⤵
    PID:3440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2392 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {102ed800-7e54-4007-bd54-164c50eef53e} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" socket
    3⤵
    - Checks processor information in registry
    PID:3768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3024 -childID 1 -isForBrowser -prefsHandle 3192 -prefMapHandle 3012 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {072b7a55-2daa-4cf5-8118-79754c781d91} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3856 -childID 2 -isForBrowser -prefsHandle 3896 -prefMapHandle 3892 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb273a64-6752-4ddb-9052-061ae5da6dff} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:1888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4824 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4848 -prefMapHandle 4844 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1867aa63-f65d-4acd-bcce-271437d54932} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" utility
    3⤵
    - Checks processor information in registry
    PID:4364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4832 -childID 3 -isForBrowser -prefsHandle 5528 -prefMapHandle 5508 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {671c912f-ab73-49f6-a90e-d2cbb98d7cae} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:3520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5676 -childID 4 -isForBrowser -prefsHandle 5684 -prefMapHandle 5688 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7aeee6ac-f975-428c-ae39-0500331e44e3} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:3704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5876 -childID 5 -isForBrowser -prefsHandle 5888 -prefMapHandle 5884 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c488656-36a7-4d46-a444-bb236e0ac248} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:3444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4576 -childID 6 -isForBrowser -prefsHandle 6104 -prefMapHandle 4616 -prefsLen 30491 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5da70399-bf39-4eeb-ba67-667a4951ca80} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:4596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5076 -childID 7 -isForBrowser -prefsHandle 5052 -prefMapHandle 6484 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de0cee81-794f-4038-b5c0-6c77404b007a} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:3732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6804 -childID 8 -isForBrowser -prefsHandle 6520 -prefMapHandle 6360 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e332dee3-3c2e-482c-a29b-9ee8f3375555} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:4164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6184 -childID 9 -isForBrowser -prefsHandle 5964 -prefMapHandle 5540 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e783517a-591e-4b7a-9c5b-6f20178a8f83} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:2372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7096 -childID 10 -isForBrowser -prefsHandle 7052 -prefMapHandle 7056 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f52ad08e-d09f-428e-838f-45b74b9c629d} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:2600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7196 -childID 11 -isForBrowser -prefsHandle 7208 -prefMapHandle 7024 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06d9f6d4-43ff-432a-b1c9-7aab604efefe} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:3368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3584 -childID 12 -isForBrowser -prefsHandle 7324 -prefMapHandle 7328 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3154b661-1399-442c-ba81-a96206be28e3} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:4720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7564 -parentBuildID 20240401114208 -prefsHandle 7372 -prefMapHandle 7324 -prefsLen 30570 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e4f62e8-a639-4eee-9c1b-1be75f82b8b3} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" rdd
    3⤵
    PID:2436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6900 -childID 13 -isForBrowser -prefsHandle 7288 -prefMapHandle 4088 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8512755e-7067-437c-838b-c07fd296ab12} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:5060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7720 -childID 14 -isForBrowser -prefsHandle 6896 -prefMapHandle 6912 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a43a5e65-fd1c-488c-96f5-0b8143d0f607} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:2104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7252 -childID 15 -isForBrowser -prefsHandle 7924 -prefMapHandle 7224 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f5b612c-3356-41c2-aa3a-509cbc55959e} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:1964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7036 -childID 16 -isForBrowser -prefsHandle 7880 -prefMapHandle 5876 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a00f19ad-9dc2-445d-8273-318c5398d469} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:1044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6608 -childID 17 -isForBrowser -prefsHandle 5348 -prefMapHandle 7660 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bd86a9d-39db-4c12-8a96-20bfb9bdbd24} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:4436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8036 -childID 18 -isForBrowser -prefsHandle 8044 -prefMapHandle 8048 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8486fbd8-dd5e-4839-a630-d618531c14ed} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:1212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6536 -childID 19 -isForBrowser -prefsHandle 8320 -prefMapHandle 6920 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a74de8a-7eea-4bca-b5f6-76c13767ed10} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:5468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8460 -childID 20 -isForBrowser -prefsHandle 8468 -prefMapHandle 8476 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {291d08df-026b-49ec-b3a7-c17403832ad1} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:5480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6908 -childID 21 -isForBrowser -prefsHandle 3580 -prefMapHandle 6580 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4185711-7093-4405-94f4-9adfa8ea11ea} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:5888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8028 -childID 22 -isForBrowser -prefsHandle 6580 -prefMapHandle 8796 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b3f8f3e-1e6b-461b-8d68-5995b013b6eb} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:5372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8916 -childID 23 -isForBrowser -prefsHandle 8992 -prefMapHandle 8988 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72de55ea-3eb1-4181-ad16-d2cccf62d19e} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:5404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9140 -childID 24 -isForBrowser -prefsHandle 8900 -prefMapHandle 8904 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e9462cf-4ceb-4863-b1f2-cfaa5b99a75e} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:5408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8900 -childID 25 -isForBrowser -prefsHandle 9208 -prefMapHandle 8444 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba5998ef-5c87-4576-a29c-cbd41175e09a} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:5168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9164 -childID 26 -isForBrowser -prefsHandle 8964 -prefMapHandle 9456 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99a6a152-60da-4c10-bf19-cae72a244f18} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:5360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8076 -childID 27 -isForBrowser -prefsHandle 8016 -prefMapHandle 9500 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9948e2f7-375d-486a-98ae-4cfd4045817f} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:5412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8332 -childID 28 -isForBrowser -prefsHandle 8344 -prefMapHandle 9644 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0efc1db-28da-4967-b481-101eaf56acf0} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:5472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9584 -childID 29 -isForBrowser -prefsHandle 8368 -prefMapHandle 8364 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f13403f7-e82b-4537-ab76-2d2512c57138} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:5144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9952 -childID 30 -isForBrowser -prefsHandle 9872 -prefMapHandle 9876 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db873b91-446a-48d3-94f7-f9f5f2503dbd} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:5396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8376 -childID 31 -isForBrowser -prefsHandle 8348 -prefMapHandle 10116 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41a5a480-c06c-4e49-9763-7a1f2ae080c5} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:5584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10380 -childID 32 -isForBrowser -prefsHandle 10460 -prefMapHandle 10392 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dca3a4a-8b1c-4e84-9a17-279648eaaa3b} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:6376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10516 -childID 33 -isForBrowser -prefsHandle 10512 -prefMapHandle 10508 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a6c2161-6135-4539-9033-17f49c4c6191} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:6384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10896 -childID 34 -isForBrowser -prefsHandle 10960 -prefMapHandle 10908 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {760a6a5a-32fd-4bc2-88ca-0f08306f24d8} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:6960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10940 -childID 35 -isForBrowser -prefsHandle 10948 -prefMapHandle 10952 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ac9fa40-4cd5-4fe7-b952-beb3de60aff9} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:6968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11232 -childID 36 -isForBrowser -prefsHandle 11240 -prefMapHandle 11244 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d6ce403-3c90-4186-a15c-d9c487240dc9} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:6988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11404 -childID 37 -isForBrowser -prefsHandle 11516 -prefMapHandle 11512 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecfa5849-decc-4986-a63f-f1e69427c93d} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:7060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10948 -childID 38 -isForBrowser -prefsHandle 11176 -prefMapHandle 10972 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2efac939-fe35-4604-bb1d-d85ce92750a0} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:7080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11764 -childID 39 -isForBrowser -prefsHandle 9360 -prefMapHandle 10600 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc3402e8-e72f-4be2-99bd-811398545653} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:7108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11956 -childID 40 -isForBrowser -prefsHandle 11868 -prefMapHandle 11872 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdde89a7-589c-4813-9075-d5b14658ea0d} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:7148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12196 -childID 41 -isForBrowser -prefsHandle 12188 -prefMapHandle 12176 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de3e3c86-6e5b-494e-8b4a-b41683aae84b} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:6572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12128 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 11640 -prefMapHandle 11644 -prefsLen 30570 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bb9d8f8-a237-4f55-b1ef-9b8432204861} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" utility
    3⤵
    - Checks processor information in registry
    PID:7316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11896 -childID 42 -isForBrowser -prefsHandle 12384 -prefMapHandle 12388 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbca37ce-8dc5-45f1-8e63-121f7d759baf} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:7540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12476 -childID 43 -isForBrowser -prefsHandle 11432 -prefMapHandle 11428 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3969c874-9988-48d0-97fe-7a15de38ff10} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:7552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12668 -childID 44 -isForBrowser -prefsHandle 12588 -prefMapHandle 12592 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81700c7f-9110-402d-a417-853e61a34ca0} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:7564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5664 -childID 45 -isForBrowser -prefsHandle 6916 -prefMapHandle 8228 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c05e897-e011-42d4-9640-5ab463e25d0a} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:3784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8968 -childID 46 -isForBrowser -prefsHandle 8788 -prefMapHandle 8216 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06730680-9b38-410f-8acf-b297f9b6bcdb} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:6104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8392 -childID 47 -isForBrowser -prefsHandle 8768 -prefMapHandle 8432 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6c6d5d7-b21f-466a-a7db-c28a268e64ed} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:6900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 48 -isForBrowser -prefsHandle 7332 -prefMapHandle 5692 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b4aa1bb-47f9-4d99-bfe1-31c3f90a0a9f} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:6536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7472 -childID 49 -isForBrowser -prefsHandle 6980 -prefMapHandle 6988 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b9c67b8-fb9c-48f1-84dd-3a8181d5db43} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:6552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12260 -childID 50 -isForBrowser -prefsHandle 8704 -prefMapHandle 6620 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {703acb66-3a1f-4779-a475-48e07c7f2b76} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:6560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8648 -childID 51 -isForBrowser -prefsHandle 12312 -prefMapHandle 12300 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1e5f180-1383-49a3-ba93-e93a7b519f53} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:1368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4304 -childID 52 -isForBrowser -prefsHandle 12184 -prefMapHandle 10956 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b1afec0-2b95-4de6-88a7-c620f3fc580a} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:1920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8984 -childID 53 -isForBrowser -prefsHandle 10344 -prefMapHandle 9852 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c084f19-a582-4014-b525-aa5465456d32} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5780 -childID 54 -isForBrowser -prefsHandle 7032 -prefMapHandle 9348 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c64b8c30-57dc-4928-b468-7ae239bc5846} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:4432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7372 -childID 55 -isForBrowser -prefsHandle 4640 -prefMapHandle 5072 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3cb35b0-1d55-4c48-b156-63e1b39b86b4} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:5048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8496 -childID 56 -isForBrowser -prefsHandle 12308 -prefMapHandle 8508 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b086f04-6718-4c8a-afac-3e8acd840b62} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:6664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7160 -childID 57 -isForBrowser -prefsHandle 9284 -prefMapHandle 8996 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe0a7c89-d682-4765-920e-b9dce57de390} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:6732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8136 -childID 58 -isForBrowser -prefsHandle 10348 -prefMapHandle 5076 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c801c4d1-2b76-4d8a-9a44-2f6975adc6ff} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" tab
    3⤵
    PID:2360

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4472

C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Quasar.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3284
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" /select, "C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12"
  2⤵
  PID:1208

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1472
- C:\Users\Admin\Documents\Client-built.exe
  "C:\Users\Admin\Documents\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:1892
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "microsoft-word.exe" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\microsoft-office-365\microsoft-word.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:1812
- - C:\Users\Admin\AppData\Roaming\microsoft-office-365\microsoft-word.exe
    "C:\Users\Admin\AppData\Roaming\microsoft-office-365\microsoft-word.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:1744
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "microsoft-word.exe" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\microsoft-office-365\microsoft-word.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:4044
- C:\Users\Admin\Documents\Client-built.exe
  "C:\Users\Admin\Documents\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4932
- C:\Users\Admin\Documents\Client-built.exe
  "C:\Users\Admin\Documents\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2928

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:788

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:5856

C:\Users\Admin\Documents\Client-built.exe
"C:\Users\Admin\Documents\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3000

C:\Users\Admin\Documents\Client-built.exe
"C:\Users\Admin\Documents\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3460

C:\Users\Admin\Documents\Client-built.exe
"C:\Users\Admin\Documents\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:6952

C:\Users\Admin\Documents\Client-built.exe
"C:\Users\Admin\Documents\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:6916

C:\Users\Admin\Documents\Client-built.exe
"C:\Users\Admin\Documents\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:6248

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\Documents\CompleteSwitch.pptx" /ou ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:6548

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\Documents\GroupConnect.pptx" /ou ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5844

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Music\ConfirmOpen.mpa"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:7836

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.AdministrativeTools
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4536

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:4976

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
PID:436
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe"
  2⤵
  PID:1512
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1324
  - - C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe"
      4⤵
      PID:7932
    - - C:\Windows\system32\cmd.exe
        
        cmd
        5⤵
        
        PID:744
      - C:\Windows\system32\net.exe
        
        net sh
        6⤵
        
        PID:1100
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 sh
        7⤵
        
        PID:568
      - C:\Windows\system32\net.exe
        
        net config
        6⤵
        
        PID:3144
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 config
        7⤵
        
        PID:7300
      - C:\Windows\system32\net.exe
        
        net config server
        6⤵
        
        PID:7808
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 config server
        7⤵
        
        PID:4516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

Filesize
471B

MD5
7cc523fdbceeeb12a71f83889c9512f7

SHA1
e3d3cda9f275f45bf3468f066dfc8b85022a83b3

SHA256
7efad954dbcda2f12c6575282c6e5ef5e4219e660b45afe6acc8ff58c052f832

SHA512
5e3ba76de72b8666e59f2ddf18aa527877992836b462e1ce898d5a46f0fba8f3b67b8c1e86068452c1f0132387a2d14cb867ad7e3bd57effc1b43b5b3936ba89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

Filesize
420B

MD5
b0b702ced61b3310609afc3bf4dcbd31

SHA1
550d222af875d4ab761ef4a400da7a5581f6e11e

SHA256
fb35353abc48bb4c050c62d9fc27e391302b6bb984501e1bc83827236c384189

SHA512
f637ed23bb91cccda32f1b8e06c4e95ee9e7694e40013199f5e2a84fdf3ec0d5c7253f086e67979916c1b9ce432a4ca58f6a2d3515179bc94f388dc330e4f145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Client-built.exe.log

Filesize
1KB

MD5
b4e91d2e5f40d5e2586a86cf3bb4df24

SHA1
31920b3a41aa4400d4a0230a7622848789b38672

SHA256
5d8af3c7519874ed42a0d74ee559ae30d9cc6930aef213079347e2b47092c210

SHA512
968751b79a98961f145de48d425ea820fd1875bae79a725adf35fc8f4706c103ee0c7babd4838166d8a0dda9fbce3728c0265a04c4b37f335ec4eaa110a2b319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C8E0486A-9E7F-45C6-9DE0-2DA269DD5798

Filesize
177KB

MD5
67b77c503876f8891cbae16a5ccf5efa

SHA1
b9954e8858f385c893057c88ff4ca71b26274108

SHA256
eba731b29b54f6236c25484e62c8ebc992dfffa686b254e595a1ce08b041ac68

SHA512
20470d4933d3b941ae1f76e078b9edc4ae6c6271c0f9ce5d79afc50aa39ded076f3f94f75c5c5ece0a5b1f04590b3f74d51c3254846401085eee865ab4f6986d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\powerpnt.exe_Rules.xml

Filesize
372KB

MD5
5ce5cbb95bf38850797302d37dd08c95

SHA1
a5d2c545c261ece9b9cfb62cf14048639b4a5cba

SHA256
4c2701a059c5e9a63e31769bc437884549db6f364b7d5c664fa14285ea6ccd03

SHA512
9e1e9a86101defe704f33a3f7743974ed5e2c44cb3e29ba883c6e098ef1bef36a0451289c14fe972c41593cfe3ad82c18e9c01bbf12a2dfa65d55f7e4111d4f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db

Filesize
24KB

MD5
a6064fc9ce640751e063d9af443990da

SHA1
367a3a7d57bfb3e9a6ec356dfc411a5f14dfde2a

SHA256
5f72c11fd2fa88d8b8bfae1214551f8d5ee07b8895df824fa717ebbcec118a6c

SHA512
0e42dd8e341e2334eda1e19e1a344475ed3a0539a21c70ba2247f480c706ab8e2ff6dbeb790614cbde9fb547699b24e69c85c54e99ed77a08fe7e1d1b4b488d0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
173cff11e68ec2bf01bb4fece882c31e

SHA1
5e8c6c907ce7bf2d74fd0fef9616548ac8c8971e

SHA256
a83d505b290c5d66fa65d36d61687f9fa4b56c3e4b03170f604ad96ee83e4ec8

SHA512
7d564e10f36e27aa882c8069eed8c69dfc6db49bb990c8da69659bc9de697490abd72dd2b2de2d63ee053c0c7097010bd2b50bf2786beb208afa7012aeb2e4ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\0742D054EE9A2DC66A4AB25551F2F261F0A69D96

Filesize
144KB

MD5
80cd60d6efd9cdd338d664a744465f33

SHA1
2c3e7a9a3ac6f67176e7e45dea8d7f2257aff219

SHA256
b01f9e82ba1084735a5412fbebad953caf4df8b0453da241a634946def15fe7d

SHA512
eed4115ba8816c13fc24cdfb0e7ceded570c01b0f2aa32a7272774496cb2f4d49cd2cb27fecd4b325a28bbeb01c959a43297b9f7a0013f3ca00849fe7439254e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\238641FF4319DB92FA26D92768491F47E47B8709

Filesize
17KB

MD5
60221ee91b003b0d27c6171c5018cad6

SHA1
4757099c1dbc61ce132c52db3653486807a375e9

SHA256
21b1a22b88e60870a98da2410971a37d203ac0720a6f963e64640dd1ce455aa6

SHA512
c16c67e6a1eed86eb002dbcc766372688e44bd67b2971f80d0db74bfb56a5940a463f3339bf679507c116795f12a4d4b7620b1ca6420ba61b99907466d7e8ad7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\3B23BAA9FEB71E82D4ED83B23D44946CBD917D00

Filesize
535KB

MD5
c3c8084ee2a05884a6805ae465714572

SHA1
14b6a051c60538a7bc34c8c741c76faf9b9cbc8e

SHA256
3f73f3e7eb6d649940280b96aabfd1d139c7a9480fdf4dda0f51f6a60393f852

SHA512
4cf63738281566eb7f93a8662fa902812bcaf8984ea80e923c75d8292fe192d52ea4576b97cc0bf10f0113312b9214a753dafda0d594ac2fb9a74ca4bd0ff9be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\41A9EE05B1A75B2821C7080D50443D3C15F90A56

Filesize
214KB

MD5
78a810323d3ad0c6955a89e90fe98071

SHA1
56baa47c6e384fd19e66ec7ef081db10adc736e5

SHA256
cf07b959c4a6d53511226700f9dde9539afc2ab59f89d157854ae6c3da4b295a

SHA512
cd9df9bfa993d3dc1d6fe59f64c47aa43d1c4065df65d7aec11cbbf22f3873100e5be62f686f6dae08b22468c4fd2b2e8701d0e568001eed852f15f67af048cb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\4528BC5C84A706FB29EBDC8EE52345E73C84E683

Filesize
29KB

MD5
ead6fc6d56c00aa073b2dd5eb3993f5e

SHA1
8e864606f99f6f5a115e269a04ebae8a6188706e

SHA256
a7c2b75e3bde935e5eb5d7aeae87e21a543214b875f8541193698a575d8784c6

SHA512
fa271eb1b0587266ead32cfea39b757d8580ae4f997ea289b8e9f5cbd12eda379aa3587bf45c2f65ca3e52043dbe4031dba9b98a0a5110b3f0e3f614e82a365a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\53768A7F9AA624CE0DC0EB81A2F85BE618CFE486

Filesize
154KB

MD5
23b2bf0d0b2eeb48bf76780c1a993e1a

SHA1
70a34f26a7b9f3f3263e7bc7dc095851353b7836

SHA256
156cb9f6d38d7d6a93311b2a9ddd77c8f155607cdfa33d9342a6b52e08bbe202

SHA512
186d07f7022a65824f990f3e0b295dd4bb25588f3adc1d07660adbc960cd2a8f849d4401130ccce2adf367ab4b4fa0f56b106cbba1cba2929422d409a4e8afe2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\5617C2BB77122AC13DC0FB65336A8386EC872F9E

Filesize
21KB

MD5
bfc603093d3a9a69100c8bf0417b5011

SHA1
236aaa21fe834665a864b13dbe46c636f59eb975

SHA256
b78798194550cbe00d44c2b057b2c9f8a8e9a5b37afd546b971ed9381b0a02d8

SHA512
684c1b34832e2b7d9e088e2a6dc51bd083043f363547fafe30a32a01fc2197fd3cf2740cfb1431dda3d8455c030d925dc7e7faee2095f3b2a2612fa86620e5ce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\564EED391CEB1CE965B4452C0F94241AEC1FB742

Filesize
1.0MB

MD5
86e2658a673786a2aa251118710e4c5d

SHA1
7c2d7d3a0142a42d68e581c0e40b83d92a7a7e94

SHA256
d29a52feff6a077b5bd97b01f1eca4cfac269f664b4ed1f289413b0d3dbab3ce

SHA512
a56b32e1eae75679165fe22f26502927835af579c38cebcfdfc19fe37af1e3f8409756eeccceb4bd7628f28e9f91f205fbea493d6c38e2eb949955706d490556

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\58D9BB076DB162C3AC3BE5523E8DADDEBFE603F1

Filesize
162KB

MD5
09552cdeb62460b5bb15783acf94bbfd

SHA1
98fa341e2e89748913a58f4f1b8e2bf2e17b5cc7

SHA256
b7dbb1a35a18da279168040be63edc82ca92b9881082e0338af2efef64f6c8fe

SHA512
90d43e478f1cfa172e51cb50c9a3e4e30d5d76e11d2597379885f87ef819c049aac5b080378141f7b442e5424f574ae213238b898d875b851d9579088d17746a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\602DEDA22D5BBBE8894BA25775A0BD91D391D412

Filesize
30KB

MD5
8efa2233dcd475b60fbc8a4caed109b9

SHA1
5e4f9e1f824e32d1c34b828702c713d133181e7a

SHA256
876eda6357634d6718a359a723cb6a0dd120220ea38ef994f802612e571a55ed

SHA512
6e2937bfcc13c680445898efccd0eba66adf88b381cbe2fd01c33d792582ae2540643252af8ef8462e27f0fe267ee568b4c045cb535fc67b440dc53998f820b3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\6080B6025B5A1B1DBC59ED12D37C43BD99D7AA45

Filesize
121KB

MD5
5733ce89dc993ac6a38c3092a629057c

SHA1
6d7e3819f1bb00d179bb5315c396faaea2b8de52

SHA256
34cb868a791c0eec1fcff98e3c134d72f9119cf8b7ab17591a7961b5f3fd5f9d

SHA512
6dcab20f6551e5859b00bc95606f28f0eb108ca3d9eeaf57b8c2fce5a23f68fa4def09b8d2057c8b5cff3cf24d86831ac5d7deaf6ba56ff1bde84818bdf27457

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\6328E4685B1C621FCBC1CF94CB6048D1FC5BF7E7

Filesize
13KB

MD5
65677592fa1448564e8b92c513d75c6a

SHA1
3735e974e65d6fab19bcd64787855870f2cfeda7

SHA256
d48f42751e6a6d5d6797c307969e2690d8fa1357011d6d2120a3f813a51ca8c9

SHA512
7b51a2f384dc4ba8ba7603a3a2b7ef11e3c81137e1e8d7510550193b516a9005886bf250928a47158af12594715e018f3448e46c1be3282f51312401c77a1d5b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\6675F83157A27275AB7C98B98A4C0E4BD34CF038

Filesize
56KB

MD5
eca09280cf476c857c1af103d6f5c9a9

SHA1
f42f9b09973d806bd6dcc49177b024a891917684

SHA256
fe1d55acb8ea08b1c0ddb89d02413d8d25ab1092df565a9b9ae9f9eee4087628

SHA512
cd0e6d12c4b22047488e13209e93137e26919e7800916fee66fc5f3d1f4010914dade9495b6da7c7db2da272932e8779a063b7e52d7a14cd636ed4e3b819ae08

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\6751EAF940B45945962F07B498AEF7F97B121D34

Filesize
113KB

MD5
83b20deb3ef6d8d4c1a83adb1e4b040b

SHA1
2b18612f1cb408663f5cc29b20cc56b1d0051623

SHA256
b6de78967fb7a36a32c8594282f6bd0632432032fde97a84cda1125b559ed0e9

SHA512
5948afec18f5adb482555c6e660397f30699b39e0ced5d13f9b94375c31458db6581764ca92114eabb9273edfa68d7d0eb8e84dc0d5352c60daeeff6e1aefc63

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\7D0F7E83790769F9F033222B40473D3FF354923E

Filesize
13KB

MD5
1e596b0b6edcca72a66664873672dd96

SHA1
21f8c32cb8aed9414ebab6536b5ae210b4ee044b

SHA256
d2c25d59e0e638f93958d469e4d464115007d81f8df13bbe013cde0ca39fab7a

SHA512
07993401dc4b44480b3f08c3990b79560e1393c4c63c53bcb0809e89da6c8616cd5d0f1a469a12dea2d3e714edb985a461c67517a9ce18afa41dc9f90db26be4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\86B40D6ECB944E332887BEAEFA404249E489AB4B

Filesize
76KB

MD5
5d9ce180cf714b79568c39ca27e2b684

SHA1
239b87e5c374f2dd8f44a8d7fef704c2e898dda8

SHA256
69429650f9c974372ff1a6b170f9ea1202a7285c9b273d608bb975a85828cdef

SHA512
795f822a872fd79640567c65f455c3cdcbdb3349af4ec493f997d0baad6962934941f590ac2bbc18be5286fb69611123d299c08b44d2d9128c77e92fb93cab21

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\8C30CA775FD94AB7334C5B53106D316EA91BA757

Filesize
179KB

MD5
c51dd8d9e528f4eb56edc06bd31a52c4

SHA1
10c211d03496108a98a45e6545788018072cb0f7

SHA256
c59331192ea59f22480934dc6992a61f1df4d10f9762833eb33135f71274b6fc

SHA512
2c9fccc3fbb7d1ee0f61cff5065c5e2745cf20f3e570ba080d976d6aa0f8e19749adfc86d7480352a5a147c67a1d3372ba97ebb5e1faabdb66039834c7cbf9c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\8F91BF378EF4DB9314197B3D00794A590989303B

Filesize
26KB

MD5
1fc0ac74e24a3df3e1e36c107a9a47b5

SHA1
c3b482fcc3c01522990a5101c50b5109c8a72c3e

SHA256
1d14b9d85f62ba2e6ee8d3f5099af76189c1ce70d5819effe0fa7b8798d23aa6

SHA512
cc9d525d3fea5e91a4f13ff49890ed8103c4ca96bbc7813235bb65bba34efc080dbb2d93341e4361e6df03bcf6919759b95daf1c9295e252ae0fef29f1b95625

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\9106D04FACD0D171FFD9706366A68E837F25B941

Filesize
25KB

MD5
7ad55c390ceca37d4b0a0481917084c2

SHA1
d4e98e8ec77cbbe0c9373d592c93c41d4cdb86ae

SHA256
4c483e9a4e0393e8497c6ac01d7f91e44e1f0ac765221078737b6c738e6dba19

SHA512
0720a393ef7ab5fd0d0d45adb5bb991de00832fe08f91b808fe008346f52562f856633704ca5c4c780536f464ad2347a12b94788261c575a948e0e514b9916ce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\9E02C4E72788FAD03F37E8D02405F3EEF92507C2

Filesize
968KB

MD5
c4b00e84d7af35ee485d1987e1e3a07d

SHA1
6789c04bcedcf7d12ab1a83c86267aa1316fad74

SHA256
514870abbc8052a824720f9e3c2fb37882e479978c032647b20b1884c86eb586

SHA512
e2e5a0feb4b6e521fc9e4455eda2d92006d835e8662ea446779a4b76f45675ee97a411c78540a0a272e3ad59d40f81854ecfcec1d66236ba7dee62e2472399cf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\B994D471433EC0C890ED45E68F211CEE0FDBAB03

Filesize
104KB

MD5
24d2fd3bbc63fbcf71bade00cf6b0509

SHA1
fe38d28ffd88e7c2bc11789ab41239a746b7d196

SHA256
2801d5720d1d14599e2d239c08694e379e45ee8a651b12256358c121c4706c90

SHA512
f46887c4563723fb5718f3c8e3e6c4d6e130f7e21dba4319a7472404dd6fbcd51287ab7a0697d069cdb13e60f6eeed878e43f60c9dd3a0a722d9553340dcb49d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\C340CD15C4D4FA89FAC1FF7CEFD9832D3A7627E6

Filesize
42KB

MD5
267b45e70b1760288d88ac818d9846b1

SHA1
d8370f6abc4dee63f4167b630d2eda263af12bb1

SHA256
8739ffd4aaa733272b7d79356aba8b9ed6ca4bd46ad0de1346c416ba16737227

SHA512
e6034f0aa7016382b4f7aa04e5c1e431f2bad67cb38573bcf2c0b326555f773af82f6cf2df557a7218edc8ff25076a4dd2c7f6b1dac40bc1ce329bc4b4cfe3ac

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\DFAF798699EE7D2494A7287D4CF123272A2A18BD

Filesize
1.1MB

MD5
e0248b34790f6e67df1ea4e015155f87

SHA1
12f6ef93b032edf58ecc8e9b4c429ecde6209ae9

SHA256
2dc1efcc9a5580a1e6482dd1aafc8a6b7a2b772664aa16494e6a570405a9d892

SHA512
7ad854d2451ad1efe06d8c9883fdd4efadb4db4b401d54483d40bea70d52a7878350d057e3ff620144aff0c9bc19ef365ad3f2638be353d4ccf9b6e03794cbfb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\E291677D69D701999EF7E66A97CF787FDD6E3D8B

Filesize
14KB

MD5
58eaef13c8332455ad94a39b028ab89e

SHA1
ca74bf8475adf2c9268c387a30768fc76e6b6e3e

SHA256
666f8d19d57f44a73eb49737b868229c5104da1d35398b8e3f6cc05a40b38b89

SHA512
425090bec35ab93676668b51156cc3cfb48bba81e4dada263491f32bbccce3dcfe0492b43b68744f2b93632577d6adea3c5e3214a8f65dd2a580a92ce2b417eb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\E3E096661CC12A0FFB4E42A32E6157FAAC411A71

Filesize
97KB

MD5
a30d4a6b82dfd89ac078e44413a4d488

SHA1
7f18e85ff70ff076da05df8e0d0203b76a621960

SHA256
eef2821574db2d386a2f5d5e97072371c58a6e38663b31e25c7963b400352ab4

SHA512
257ca865747299e919c8a4818c27d80c6621dc2b8579b789ba14bfa0ddbee4d264a9009732aca7bf187d705be174bd1806ab3f5631a450420f161c45cd7defb0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\F0EAF5000FD9C2A30FD2826A9F349C1386795C38

Filesize
70KB

MD5
e64ab0e72a863d0d1d7ebb1e6cef7d77

SHA1
e842d8352fc57d22ca773ebda32d24f769dcee40

SHA256
aa9007404a46ddb3f98f0529173608a953517d6fa9ecf2696b570846bf3d5588

SHA512
d89bb23832bc759af342b397c37cb1330078f718d13355250e6b3a344cb59900fe007b0ed70fdc01c88540a04dfb50515e5cb5d7ca115a698ecd1b46d6662171

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\F1EC4DB10C24E5971EEBC3A9013BA446C4FF6E10

Filesize
255KB

MD5
0e4fd77c15eb21172d62bf9d361f7b37

SHA1
19d8a4b9cd59cc526dabd31fa7d8b0fe966ca763

SHA256
1eddbb19009fa8030dd74d392df433a7df66a1ee8024e0cf29cc77429bc8dc71

SHA512
b3efdd6e98dadaf350e22d71ad437cf2d623fcf60edd31e81a0bf42e876348d39f33a08a1ec3075cd04011289809a906c8b09581acf7f4f21793eed194acc245

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\F3808C50DC187288982C94C7D4B39A971936FABE

Filesize
44KB

MD5
9f386c95a8bc9b071493ed2ad9bdb9a2

SHA1
ff67c6a44b306327fd2f4dfbbcd3885da40bb9dc

SHA256
97b556023614f196b4e89aff363943996a09d7c39514026a8a4a1a31438e09d4

SHA512
211fc2ecf69380536eee89b20c5678f139cc6707dc3aee19d6c0a91dd2c20123d9ac2cda77d14e2f78a3c6fc82bc6d37237d8cb54d0018ca7ca482713b0ec85c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\F97070679FB4F914D8C5A99E2742A2D39F07FD98

Filesize
17KB

MD5
3d2331ce941ff7bb67cd2eb6d4a3b859

SHA1
eba8fb6a8586cf2f0fc44f5a0757d8ffbd0f9542

SHA256
1322a73badcbf36f185a3d4a302d9c68e135f44f79aa4a9602b30aec15bba080

SHA512
e403287715c2c34757065dee0a74edd00fb8de90bf50be9d03173f7511457f48ba1eb42834275daed659f235eb07b9c1cae7daa2d103e5329f4562b3e58acb1e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\thumbnails\0b2fbd7a319dc256004b2184cf32e0fc.png

Filesize
10KB

MD5
dbd0accc1139c7b996863134afe1ff0e

SHA1
9f75a526601c5f4981474f530eb3404bc7b4878e

SHA256
4ad725cc3636a6dee78bfcf0060a48d4ed6b4687dbb8606a8eccbe5e26b3ae36

SHA512
d09bf8093a7c680e849f57e8491152fb2286cc48239a62fc54e76c5af448679d472608b5d980decc9dc9f83bad467a7c585f1357322f073928d1bbaf8e3bd805

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\56523cca-0449-4c90-9f1f-4aa8092178c7.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
ad7a569bafd3a938fe348f531b8ef332

SHA1
7fdd2f52d07640047bb62e0f3d3c946ddd85c227

SHA256
f0e06109256d5577e9f62db2c398974c5002bd6d08892f20517760601b705309

SHA512
b762bae338690082d817b3008144926498a1bd2d6d99be33e513c43515808f9a3184bd10254e5c6a1ff90a9211653f066050249030ad9fe0460ec88335b3d423

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
18ebbe9c5b9d1f57828cb23f70ee4358

SHA1
3bffe5a39ea4b5dff89e2e051911dc366d6d517f

SHA256
32feacc1e37265de0ea41d7113a91ec4ea7a697d92941d747adf814039111df7

SHA512
99ea34ce3b016720a2c5d651e68eb4bca122f8cd05d9b18e4e0225b836a576517a691914c00472977570a24a9360a2049d7150d8392abbab76cd5a3d6e3fa01e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_eferjur4.vmd.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-556537508-2730415644-482548075-1000\3a3b10493126b78ba5bd2b1007d743df_dd844bc0-09d5-4996-aa38-4ceeb7107a86

Filesize
3KB

MD5
b0cd30d15e030a2bd59d1b8d0a543696

SHA1
a71a5719a7512b89c196f5f43fc4e027602bab21

SHA256
11d44cd1f6c81765da8f5cb4fe23541e277d7522d46d618c46ba13ce977fbe62

SHA512
a959922ca4f5fcf78e8f915d36be94fb3b2336feb4b5bb7b4685ccf3293f245a24bb9b5211318caac90930c734561c1f85f47e3d153897791ef6acba2975df14

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
8a8a88eb81aa5621a47aee2ebdc5ca0a

SHA1
b09df9039316cb0110690460a8c1015e142630b7

SHA256
59fd08256b78c6c584e7652d5aa5ccd1d8049dedf44bbb9a2c2204c69bf1c59f

SHA512
0a8278fa3b21669d47f207915d90a53d91320339db1cbc615bbea27564906847bbfaff829159df05d35f201f006b90c81ae63dc389080a173cad06a5508698ef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
79a055f1ce011aa3ea5950f30e89fec3

SHA1
ab8e267c090b68afd630624aec6c96636401a117

SHA256
90d1b15db683ee16b7b491ec9ee910633476946b89b9d652e19273640bfb5dc1

SHA512
85b2393ed160e7649c3eb07d0df2005ab2a3be4691cdb1c8f2a38c1d171b0bd537b42e89c8c071d57ed3aac4f940ce68af47f2c596899b9684e9c561c3106e80

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MLWIE561YZPKOYS7YQQ8.temp

Filesize
14KB

MD5
b83bb50c6b926cfdcaf04e700687d9ca

SHA1
6fcea7fb7aa7f9cdf9ea518a1a6351c8c4528d04

SHA256
fec89cc486719a63dc9748285df1e5ca773a9ecaefd341d521434e655564fd1d

SHA512
e5fc21ef46efee1c12ec264a68e7dbaa5c95d553ab31cb2cf530dc7f3d03c796a8fab85ecf8bb8bd93f8336ccf417b07ddf8b3930bb27c81869d649f7693ae9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\AlternateServices.bin

Filesize
6KB

MD5
011ea342ed38f0f70bfed3bc801b9d1a

SHA1
d830f453c886fb11518fb97cfadfe00263b8497a

SHA256
66de09bc165e858e97cf49435a14e18646ae56fd8a9d87c76396a16d6a0263b9

SHA512
2c3eb605549a5d8a178380e8c4e580744490be9d2487d1ddc122ca382b0fe825245595eb962d0bdec10727ac0c2f43845e2d6c78d0fc88da2bd6bafa64e97c21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\AlternateServices.bin

Filesize
8KB

MD5
1e78d27a5f86e8e857f99d133e63a836

SHA1
68318d143e7a13145b51b3da04e33a95c470959d

SHA256
92eac0a4a251940c06d60989fe5780d8b67d91ef0cf34d190c003b17e11ccdb5

SHA512
e723b9cdf4f25198cb1ebd05f888b7e32d9449e1c7e2daeb4bfcca69d9a8ea33845456bada0c546095f76435325acf4fcb5b0ac3d7ef19501fc513ac0b48140e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
c6d4c2ead06ca1eba99e3c8d3e18fbd7

SHA1
e80679c4d1acee2d396138e406d0dfcfb2815ee4

SHA256
b458ff19b58c35d7a08cd86c81f57414be17602f0e16a5b5a759c8287f44ca71

SHA512
712c29a9f3497a199693277e0d685d83cb9ead0e0dbd42de36ff24ad76176e2e65ba84f209dafcfef54b1c8dc8693f8691878efbff441663329b29c6e22ba508

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.tmp

Filesize
39KB

MD5
fd405a35bc9c16b351dd543d2c096ec6

SHA1
543653326c0536c7b8fc22ffb99634da5cc78349

SHA256
17f19513555d4e2afe6868ba4a8345aa66147e11cf7fbb6868c1b9984c6168b5

SHA512
e9be381716b6e1ddfd03293fc22d0deed15000f5a5b3fc6bb2e9af56e8b5f95a52da5c35b637555da10c27fd212fe65493a2df7dc71d6daa87c886e3f377a113

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.tmp

Filesize
71KB

MD5
d337a10cdca7c4ea6b8a5e08d9ce0c89

SHA1
23a21d8285790b1f2e1cc047fc14cadc38ed29d1

SHA256
d921778a627292f3262fbd276c2624a8e4df85a018561972eea369d42a8d4148

SHA512
b4b405403f132727e0c9a79bd6837fee73ed1b87d4c7a9a848f74ca29fe0cd3fe8e5b86480462b55aaa6af1ee40e01019f2cb1ddd396adb284d484ce8daa15db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.tmp

Filesize
62KB

MD5
a70758e9e83d7232990ceea22ab597ba

SHA1
dee05c747955aa55928746142bbf00c5a02df4fa

SHA256
7fbaee64b1e86924a31388ea9c83feccd45c1e61eecc5e10ebf3e0bbdb9e3968

SHA512
077f69fee6ec6e42b0dbc50709beb0939e610497874319406b39a62a6329d2f48bbd3889f193a83378d224e2f23466bcabec8ce4f75bdb80452a8acbc1da9da8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.tmp

Filesize
127KB

MD5
2d0ad8ab8b8bc6f0aab33808fa9a3930

SHA1
b203f0cf7d6f254048b5d6214235a6d926dd93ce

SHA256
d4c3a78db4ba1232a283e609aac55b7c2407e20eecefc896b723ea84550c8f09

SHA512
9d574f5e5e0b8d2b683ef492859eec6a37058df5bd08ac96aea2e39ec7d9ba796f997eb3b6fa18502193a51800431d60a27b4c668a7230024ae9bcee59307656

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\pending_pings\534bec6e-7b0d-4408-88aa-41393eb60f21

Filesize
3KB

MD5
0890d3c1b0fd7ac81a2a85f9cd24d39b

SHA1
3bb74d59d6f4287e177af8df425b84e4585d42e0

SHA256
9520124fbe0d7e57584849ab88f8690c9d59f9450764a2c4a5452da4bcbf7c9c

SHA512
b22fb0a8e8eddba23f85157d6a339e7e7a39b218252fedc13a31280a4ff38e3996e6359ddf285888a096615a8033c614c0f92ff8fb1d4db757378ff9b0452cc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\pending_pings\b4246f5e-a7c7-4398-a199-21542705d0b5

Filesize
671B

MD5
9491f5773c5777044c0dd6a1f78fef6d

SHA1
64a09046fcefca150710c6f12a100f78357c2f81

SHA256
621248d920c90060a9dca7c0b33d91d74ff7fb4ef3961b474ffcc0c05f9d9bc9

SHA512
d2fbfdb4a5c082c9095739117790df3bd640f7ab3ed1fdcc4301c9ab101d07242bafd62fa248169860fc5c2bf6e36c4904d689333ea97ccf2ace6117449186fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\pending_pings\c0451c24-e88c-461f-88c9-70191484468b

Filesize
982B

MD5
5f94cd1f6a9a5767471e0d439f9983fc

SHA1
b23d824f62df73e1be60cd3fab1b6d3120f3d43d

SHA256
3a5d24af0488f5db0ebb000d395b92a7085c99369c23bf6c0d8f6e872a3948f6

SHA512
ece35623397717839840f20394017e1474e775648b0d4bc0d716ffd2de1c617489acacfc497ce7a1be6cc1380158b8f0e3bea3ac5a2eda004112315fd5ff1bda

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\pending_pings\dbbe0194-d9ad-4894-8742-c6379386b102

Filesize
24KB

MD5
86410554c02e28a246732d82030d541d

SHA1
5cfffd012eeaf7f892ee222d58a60463366406d2

SHA256
1fbe23b0a2bd8b8f102d57204cbc85e5395010e22065563afdaa096513b41554

SHA512
a1432af4ced948af6c7367e9c81931bbd7caddfa533c80b37689999339fa98b8a8259a0fcec2a6d932ff440af8bdeb398669bf9fef473da2b53984172abd8b68

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\pending_pings\fa50326a-a55a-4a5a-9355-6fa66dbd6e7d

Filesize
847B

MD5
322a4bd01b7789d96cb7dc5671356181

SHA1
3eb1feca7dd4e1b433a7103515f2f7167315953b

SHA256
f4f1c6d961caf314950da6b35a42099fe30c67bd79ffa5c5fd92a1fb28dee371

SHA512
ad0730a4756bf147e3cc868d30e56f54da206e4bdd2fedea41b6a844d8dff1a8dca081d9c61b2f131b847ce9daa36c9fb72a1afc2d940d39f8630cf0e7abe827

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs-1.js

Filesize
12KB

MD5
8cf1b3f9ed35b31798dc47f016731875

SHA1
2b79c895d76a56ceb7b6a44b8a2923eacf76da0c

SHA256
f8a5290b8ae61b5a9605f6a29bc360d415da6ea1d90f0a3ff6283590979b1add

SHA512
badac8946abc565c233a43a16508ba12fea2ddea2464b0dff58ec2e0d8802d916c5b0fe2fdf57154de2186a7fd363eacd5c3cd63a3cddcb26a6d4021a07a1033

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs-1.js

Filesize
11KB

MD5
7662e128b3510b135774b76f13fba8ae

SHA1
3d0abea87adceed518361d27989f439eb071e944

SHA256
56a034bfbf9386aa3181b3421ca15eec215b651c1aef00061771a9d39ef17b20

SHA512
14323d05746bb3186f762a383a782742d8638e9b0e4462cc4622758ccb996b69362fbc400533729aaf506929d0810b461815d751d4d34626eff947cf4cd97829

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs.js

Filesize
11KB

MD5
a62c1769c81d416cca7741b3bf239e8c

SHA1
e7c217656d71f627aef9ea35bebd046bdc4cad39

SHA256
52547b6ead8160d01892f2bc9ff45c063e7359ff545d98a846ee381816c37d0f

SHA512
bfd6a3499de8c337ab7ded351ae8f880d3fc90718d2ca6ccaea35b437f0645b05c2588cd94b56f42253217aff03a0f40c7f9f8e2ad94b6a779cde121a0347e7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
6b4c345536c8b5e5ceba87d977f39fb4

SHA1
6e308b1b6041e65dda6d576d997d6d500d249d98

SHA256
06fe999751559ab6a60c988f120477d2103e628d9991024a9628001bd44d160e

SHA512
2eae3b0c57e612cb9320be7eca2d7a58ba3b48845ef3a5d8182cf77d96dea8386d2028f8fb32cfad1b9ccf791b8870a08247a7389f368625f24ce6efaabe40ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
39c5ec0d7b372a7920087e7747f91eb2

SHA1
f8f3ddd07c4c0056263c47f6337dd3a2ce532acf

SHA256
024a74e33938b3a39b403aab3c5100f94d5b48d1923119da3a2752215c682eb7

SHA512
c0a75896f986476251d23d5d82d34ef618fdd7bc951ef24504c610348bc5a749fb7737f7558c67f5885f5371372a0973fd86bf28cc9660c1b70e5647e725f35d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
4383a2fac59edd75363c7d8b34a7b5dc

SHA1
47f871cc8e0542cc37a4f173fdb4850da649cdd4

SHA256
bcbcf7359474cc7e05d51e8657607c94475334323946934f38a7c999da8cc76b

SHA512
c5655640bca32e3ebf134f4b10fe5423137f8b7fc545b325ba71f1e87c0f61801322eedc69f3f9c9c91e07ee0c9af1bddda649f644d8aa94567c6548802aa28e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
213d3e32c1564b58faf75e6bea3ba1b9

SHA1
f995f5a4b5801c0d5565f5f54a335d3356b03078

SHA256
1dfaa153126e77ff0a94860ee3ee940b8143ed7599bc1a48f77fb124efb62b9c

SHA512
6296138c0ae5c6f9f8aeb37e0c7101df34283ba98859af34e21039e718de1b3de71f4981b79986e28c9d71861211331d9e25598a5ee370523c75213eb9bcbac9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
22KB

MD5
a0271ade2f774a31df84ef26721c7112

SHA1
997f615bce9c4e73c64d971c7e220275d3be7f7c

SHA256
03e778fecce6ceecd977a36ff5f2a4b7d5e5990af69f9e9f8140b0d1b3c2fe18

SHA512
fe296ef798b48ed1d5769ab3f58aa172c7f6029f164cf422acb1c48213bc9c5c847d53631799c7d991fa9067127732b0af80d972f76c0a0e65cb045f4da48427

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
194KB

MD5
abdf134a3af2d7dbf355f09fd08b9b5f

SHA1
d6e7af5912bb5e07f7366aadb6093c9103ba4373

SHA256
90afb2fd373289a6c76c22307ed72836fc68921e2f936f5e894b4e1d25544207

SHA512
91c33849fc36727a208d86739c123838bf149a29e9836017f0cdde68d1b65f3350f018cc49767b9d7d7d83968632ed8709883614d7e49d3c92509e6c105e3234

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
04933b139d91738900083292cb798e37

SHA1
5c059c87a99fbe3f39d143eaf9c3be6297305495

SHA256
bfa8101ef1c80816e5f830be68c5acb1cf58d4c555de917ad10f2415b69a9f24

SHA512
a19a277ed2670d143b06076b86c679c6bcdca67cfe61d7d4b62f7f0dd2b57aa0623df1c5c809a645d0dbf501373c3960d5d597068b994676d2fe915ae2eff7f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
23KB

MD5
82d041501c3386fd32a3dcb1966fd721

SHA1
3dba4f079e4d4c425253a280766803bdb7ce2d30

SHA256
cdff42a7f10461325e4853dfddb14aa0be6d9cecd13a2d8a44cb42bddc294dd1

SHA512
67da39b7950fd2e151104c75ff8e1506a92b8aec9a4c3867cefcaefb133e3c42265c5f0d87c8d50e53a6e46ad9ba06e073d181a838e9e2225343c3de4e34b3e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
14KB

MD5
a59d3e420fee00a69b7d9e1d87603134

SHA1
c149298db9a73f80beefad04a0b5e717e60d6403

SHA256
2f6f9a138539f4ff133008125c177d7340c00ae05018a63290cb3acd79cc7c98

SHA512
1c79286b560e49aecb671154250c62bc61449517d8e3620d25ca52a4b680657f39154508dfb5502fd82e941a933b79688ce8203765fb29640079da45dea1bcaa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
37KB

MD5
90fb583b8c3570b378982e7e4ca50341

SHA1
5a6d8af0071f17fb8d683952307369a2e055c0cf

SHA256
515e02d050e4342b2d4bfecf3971a7cc2fc0662bc90bd1e2c221e4b55779396a

SHA512
0e18adf63a80b2a0c14d1f379410304d67f879a6caf58d91633d60b1823e14f0e81518fbdbb4bbc590a2709dc00345a75dc5270f223fe38596838290861b9045

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
38KB

MD5
3f15da9d254749b7fa90e55c538ee81a

SHA1
566342584e67310c024cc828587552d4c41c93e3

SHA256
7b1a8d96879cc19bd37ff7244029f330f94ce37e7b01681799d02a798b5fd3fb

SHA512
e75d8b387d70eb23b15ce73ec3fcf6076af08e194bcef1a9910e503bc3d1eff98d634322e38594b4fe13f211c18d20a7165b96c744e2a5648cb59de37edc67d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
d3c4a74280295bd7c426e522ecbb446d

SHA1
aa84a0d10c3d3344cfff334c556a6ff09a9bb176

SHA256
07a1951ec3f405780f4bd4382dd6bf4c3b3f32bfcc1a15c51f0cf2f8028483b5

SHA512
99b2e4cb8b7ce19b4473c32aee391dbcde63927d280f6e2f4e4e4aed79134a8f24aca82687ff7bffe55444d41602f725e0c703b5c460e092250c30242af76a9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
43KB

MD5
8237ffb628119e64248633c3d04ba0f9

SHA1
18b5463cf89219784ec5b9b244e35bfa3b77a737

SHA256
b2ac448457bedd671bfb4de526c86dbf2f1696e0227bcd3eb6b50c24cf87e6fc

SHA512
438939adb05ba8d3c1eff58a29fa2d0fa492106369632845e4e5557a43c84483df8a5f7885df61d50bfa60bf9c7cba5c6acf5ecf0dbdee745e43058a742fd519

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
9fc023e980bf65200d5155a055c7b92c

SHA1
0347d10d81ef2ac9a73f1cccd1c93ace50078674

SHA256
1c69e554903a178095c5f7e972dd351b49342715e9df019086831ce680b2dfc6

SHA512
171955cc9a523e8ec12dbd615b9c942a091694d9b824f0c297403cb178ed7551cf9fd9f63aee59a3228d56f13e451106392ffadd56c89ca5ff2becca3ae6330a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
44KB

MD5
33513a264a687bacc9afb828d5cfcaec

SHA1
f85bb3c940a26db8367ca9f35b467f22d4c94c10

SHA256
0648a59d5f4cf1cae97534ffdb448244003a3fc1a1d4bcf4c0e5515d832715ef

SHA512
786f0a88d10b24748ef1c278d0c52bf9d753fa97278d566ccc8927f47737e4f5a156d4181c91624baf7ab6c4a4b975ebd68f1856807ec3aa1592d1af7ad30e5d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
14KB

MD5
8c04560467d99ce9e5e63f685657f89c

SHA1
17bc320da8169fb182b410bc9d2e9565bc7d22f9

SHA256
81352f17d9da3f51c9101a627c59d6f20023b773cbaacc9aa842ca1c4d38906f

SHA512
e8c1a87ef04388921b8c5469796f14b1ceccc2280cc67ab8cdbc5a47c04dff17bacbf5ab09e195ed8d0991a7851075a5e6745bb6c01da6ddff49d3e2eaa2d0bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
04b0ae5f083912f6d3a9de3f2f567c54

SHA1
730a17595006901dbf445448eefa49e7f2214b09

SHA256
bbfadab8c5f5f6237072dd122e228085f802b71ce11e63fb95bdfa2aea0d45c7

SHA512
82b6230bb8040f8f85957eebdb30e5dc274f400f7ad18cb62d729369baffa371c88099189d70f19c22e54b7dbe6b021d833263c57fbc9e85ed8eac8ecd17bfe7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
26KB

MD5
202932536ca31d0af2879a7f63810b50

SHA1
6f1f22acf8393719dce5255b74e1e91d76955d12

SHA256
127d8d4eed6a03267c550447cc60b967258561359bca3aff9ecb8ca3926dd916

SHA512
5a79f3269abd7a1aea655c9a8c8c9c055c7a186d15be22ce1b8cd5024198cd391f0d40ba347b60faefb318de50804fbc7030cf56bc5433b924d471907c2322d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
096432b5126f0fe9f35c27cfc3033136

SHA1
e6bece595d109e752a7ca7df84941eae85ddc368

SHA256
03a76ba45c38da461f522e54039c3f01fc56ba3272a37b63678b82e7b90694d7

SHA512
b6d50056cd64fcabc9197e3e22ebe38ad368e799ee7aee6e36cb262695ae56bb5fc0b3ec8860bf867000bfd8573470f9f4e5c2a9c93eb1e6fa2dfda4fef24e5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
38KB

MD5
cb68e07fedeb07873a99e1cd23eb79c6

SHA1
2b0afb097cb2fb1ff7dae218351b047a8f1fb4ca

SHA256
472b8f96de49bd80419517ef21bcb03648fcc6f1ecf179159507d15b6349b82b

SHA512
277aca8f08232c3433ea6dbac34decb9ed9235d536a9b3d7f3889571b23e108217c2cd9f806ec1d6bb461bf535284e3db462b2add3bf7e2a392d4ea1ae319e9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
44KB

MD5
29afc4bab891187239aa8150ced7be0a

SHA1
1304e93cb313e7ff8ab1e04fa6325c498a88bd86

SHA256
efbe69a2de613a339d9b76f93bf97e460986e9206bcbbe97f742c80184b758f9

SHA512
934ade20917d8a3d3351cdb568530425917ae179ad7493d5251f2835e88568e30e0f159008c262f76230dddd87d8d0763adf9a45efa46867e2676e1454d64515

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
44KB

MD5
55afa8c04f15d43988966d63e94200ba

SHA1
ee8f9488de2920951706ab6d19223f96712f0302

SHA256
0da8032714339ca1194504b4a44a5eb44271fc1bafdfcc8bd87836990efc820b

SHA512
ab7b6f4bf57de5e1453a46a56dfe505e3c405e32c5fd4eb2cbfbc99d27b5768af800fe0d01deb018da232369fe9b4ca8346e1ef47a555b6100c1e48aec82ef6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\storage\default\https+++whatismyipaddress.com\idb\993782502OBNDE__KSDISG_NLA.sqlite

Filesize
48KB

MD5
8ac51c5f9ef5233c9cdf9dfcd72bfc1c

SHA1
8eff9c74480c87d7a2642359bdbfda11106c8771

SHA256
0fdf90b626451c945720a1b8c378b03ffe974f017d6c3fba2c4dcee34cefa0b4

SHA512
b58980cc949eaa6d072b992b308a9dcc47957a3c61d73eaa64cc444f96aab89066c62669df387b2aa74e6e6eb017bd86eefaf6559558ff0ffa99c7adc2695214

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
592KB

MD5
c7a26055a0ad04713162fbeb665501e8

SHA1
572acd7cd67acbb8afe9eaba517f66929aafb7a7

SHA256
74fb54ab70da5226251d8f4b15e5908f4d2cdef9c0b3dcc9b2f3d0c28731c654

SHA512
4bac0613cb8ab5ab67c5d0f0d04de15073a4a63e887b18914eb725e010f92a2ad873baffb6499b71c5c39423b1315677807ed8f307ce1fb53d93b3763b9a60ac

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
75B

MD5
e9c39e6d66717ea3bf525090aed40e96

SHA1
118dcd56b6f67d2171f3bcbc4ef47455a220d5ee

SHA256
bb19d308ad46afc885f48c2981ef4594c8d9669027da1073ad05e5d6e36e4602

SHA512
27846b8285ad9965772c81accb832d7083b3d20693ba2c9799d2f25ee67e2e66991a709f8fb891721db569cc374fd7658fa23f60190156eb7da0579ed4db305b

Download Submit
C:\Users\Admin\Documents\Client-built.exe

Filesize
3.1MB

MD5
28d5f015636b48443da528d93d9e8b08

SHA1
0343134c771608f0d65a1dc36d090603542b8378

SHA256
68158b050083cf57ac4ff18d666cf9b134f7846851d0386d5ba2bfc923ffa960

SHA512
9d62b41671c09c78dbb0d7fb6e62f0fb395dd93adef1d458df63b80d44e16b2d786faa01777afc94ca01592bc1f5090eabd7f2239e528d849c4c89a0394fa3c6

Download Submit
C:\Users\Admin\Documents\Client-built.exe

Filesize
3.1MB

MD5
538cb9e3d7c2eab13290b2d442a757d0

SHA1
e5634d6820ccfc027991038c30955b0f68b17dd6

SHA256
bbb63fb126e809f250e455aa31c954a0009b8f9f586cbaa2e601340570fd5318

SHA512
bbbb874b3f4aa2b4b572bfaf12de4e3863b63c2720a48b0112d4d7dd149d85c56cd2e542a3643ec6ba5e2b00f70014e6e541a84e7287660d0e1e8781dea202e0

Download Submit
C:\Users\Admin\Downloads\Quasar.kZWA-ZWX.v1.4.1.zip.part

Filesize
3.3MB

MD5
13aa4bf4f5ed1ac503c69470b1ede5c1

SHA1
c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

SHA256
4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

SHA512
767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Profiles\Default.xml

Filesize
1KB

MD5
2450b5f43bb3354c760cbfc124bc29e6

SHA1
f001b661da7cc931080422ea5887517c9ff1a9d5

SHA256
e1742e8b5ddb3480ea8db5f148e3c6faa3d24a3f72415e2874583d1d779c5fa3

SHA512
ed63c54c6aa906d2b37f358cd3d498b389039c6f9d0988f1e45d994b57516029995832a0800a3be4253ca2798c24913012fd695b71bbc608cc3ff5f508a99a9a

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\Profiles\Default.xml

Filesize
1KB

MD5
ac1a9222672006faa2497405e9f649b1

SHA1
52dfcdbbe54b76f232b1a4ea419846c4a68ad2e7

SHA256
8fd6eb97eb5b36ab33124f16c5f003a539d7c3db36dcd3b3e188a8982f515fc8

SHA512
42fbbe9cc76dd3e8765965e959402fd5823739c05da65fbd907c95d240876d04a1845586644682c6130842a620aaeab20892e35366a69be476bd689bb4dffe2a

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\quasar.p12

Filesize
4KB

MD5
abdafb610db438e9cb786a3eea5acf69

SHA1
1fcf0841e164b78b2d5ef1ca5db22aa5b38cfc21

SHA256
e62fb7434d66603d938d581be2bffdc0f9a849523a2e752b66aeaa6741b39284

SHA512
d6d170036fae2e558fdebbd61320cdc9f8cf4128d72186f7567f0a3beb59e7cfdf43b37a9cc7aa5230cb91a2206b06fcca0372d3895a5d7370f162e5917f69de

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\settings.xml

Filesize
370B

MD5
0976101bdd0737432c3d7ad32cd72d21

SHA1
b41aab717bd3445fe9fda25d61aa434e5430f61d

SHA256
da1e5a1ecfd4ccd15d19297fcddd53041d80479e887c7bef90b4f41bd629ecb3

SHA512
bb2309004feba9a927a3361052518f6868a65cc4154541fa65e602761686a67824778bc62900933293841fb8c60709fc446c19d49aa939bae7bd3ed0bf40ce29

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\settings.xml

Filesize
372B

MD5
ae71d9794df809c967f77780f694e058

SHA1
afc1a3a73f90dd007161280c07a0f89e53353cfe

SHA256
2c76071cfe0d27bc18328b177cd3a386d14f400d3b9f1674a05e9d2dfc75938c

SHA512
86a609defaa46f045697d38f2ddfd734857efb4f77fd8ef51ba7218521284eafc572f4a8faeca6f6b28abddfa463f9c0a6d746c090503334129b399dd8247fea

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\settings.xml

Filesize
373B

MD5
b6af1da05c1a00991f04f8b898cea532

SHA1
24c48b062d8d864eefd32f2d84a36e1a7282e911

SHA256
f2ef0d8f29904a65ce6dbe29baf9379fb4659afb6930a5af5d9fb88f73b73f41

SHA512
2ab2de469911c3fee5b9bbfdbb373e5eb15023bf25b9e1835ebbf5890c66cfd7a06d7d5911e2fb630afadf9b30489e589634cefe52ca4c4156ae24b24c00c8aa

Download Submit
C:\Users\Admin\Downloads\Quasar.v1.4.1\Quasar v1.4.1\settings.xml

Filesize
372B

MD5
1817f52c2c01e3d564e25f986bfe55cc

SHA1
bf7ae88e235c063aa38c9d2ae29c88ee0b4a2859

SHA256
a1a4e3312292197002d76ce976e9ea860f70cb003b9f31f45d6acd32af011b33

SHA512
d8f47313c5d3cd4562d77ca32f676ce1e9e83af21b33bb902365d0c6240babb909554e361a4b5b75175b09950971aa02f740717d424a44e1cbfd23d815014dae

Download Submit
memory/1324-4553-0x0000023C204C0000-0x0000023C204E2000-memory.dmp

Filesize
136KB

Download
memory/1324-4557-0x0000023C20A60000-0x0000023C20AA6000-memory.dmp

Filesize
280KB

Download
memory/1324-4561-0x0000023C20530000-0x0000023C2067F000-memory.dmp

Filesize
1.3MB

Download
memory/1324-4566-0x0000023C20530000-0x0000023C2067F000-memory.dmp

Filesize
1.3MB

Download
memory/1744-925-0x000000001C8B0000-0x000000001CDD8000-memory.dmp

Filesize
5.2MB

Download
memory/1892-886-0x0000000000240000-0x0000000000564000-memory.dmp

Filesize
3.1MB

Download
memory/3000-4402-0x0000000000D90000-0x00000000010B4000-memory.dmp

Filesize
3.1MB

Download
memory/3284-801-0x000001FFA2090000-0x000001FFA20AA000-memory.dmp

Filesize
104KB

Download
memory/3284-706-0x000001FFA1D90000-0x000001FFA1DDC000-memory.dmp

Filesize
304KB

Download
memory/3284-679-0x00007FFD8F0B3000-0x00007FFD8F0B5000-memory.dmp

Filesize
8KB

Download
memory/3284-800-0x000001FFA59B0000-0x000001FFA5A0E000-memory.dmp

Filesize
376KB

Download
memory/3284-678-0x00007FFD8F0B0000-0x00007FFD8FB72000-memory.dmp

Filesize
10.8MB

Download
memory/3284-681-0x000001FFA1A20000-0x000001FFA1D4E000-memory.dmp

Filesize
3.2MB

Download
memory/3284-705-0x000001FFA1E50000-0x000001FFA1F02000-memory.dmp

Filesize
712KB

Download
memory/3284-682-0x00007FFD8F0B0000-0x00007FFD8FB72000-memory.dmp

Filesize
10.8MB

Download
memory/3284-683-0x00007FFD8F0B0000-0x00007FFD8FB72000-memory.dmp

Filesize
10.8MB

Download
memory/3284-680-0x00007FFD8F0B0000-0x00007FFD8FB72000-memory.dmp

Filesize
10.8MB

Download
memory/3284-677-0x00007FFD8F0B0000-0x00007FFD8FB72000-memory.dmp

Filesize
10.8MB

Download
memory/3284-703-0x000001FFA0060000-0x000001FFA0078000-memory.dmp

Filesize
96KB

Download
memory/3284-4541-0x00007FFD8F0B0000-0x00007FFD8FB72000-memory.dmp

Filesize
10.8MB

Download
memory/3284-672-0x00007FFD8F0B3000-0x00007FFD8F0B5000-memory.dmp

Filesize
8KB

Download
memory/3284-704-0x000001FFA19A0000-0x000001FFA19F0000-memory.dmp

Filesize
320KB

Download
memory/3284-673-0x000001FF84D10000-0x000001FF84E48000-memory.dmp

Filesize
1.2MB

Download
memory/3284-674-0x000001FF85290000-0x000001FF852A6000-memory.dmp

Filesize
88KB

Download
memory/3284-675-0x00007FFD8F0B0000-0x00007FFD8FB72000-memory.dmp

Filesize
10.8MB

Download
memory/3284-676-0x00007FFD8F0B0000-0x00007FFD8FB72000-memory.dmp

Filesize
10.8MB

Download
memory/5844-4503-0x00007FFD73650000-0x00007FFD73660000-memory.dmp

Filesize
64KB

Download
memory/5844-4504-0x00007FFD73650000-0x00007FFD73660000-memory.dmp

Filesize
64KB

Download
memory/5844-4480-0x00007FFD73650000-0x00007FFD73660000-memory.dmp

Filesize
64KB

Download
memory/5844-4479-0x00007FFD73650000-0x00007FFD73660000-memory.dmp

Filesize
64KB

Download
memory/5844-4482-0x00007FFD73650000-0x00007FFD73660000-memory.dmp

Filesize
64KB

Download
memory/5844-4478-0x00007FFD73650000-0x00007FFD73660000-memory.dmp

Filesize
64KB

Download
memory/5844-4481-0x00007FFD73650000-0x00007FFD73660000-memory.dmp

Filesize
64KB

Download
memory/5844-4502-0x00007FFD73650000-0x00007FFD73660000-memory.dmp

Filesize
64KB

Download
memory/5844-4501-0x00007FFD73650000-0x00007FFD73660000-memory.dmp

Filesize
64KB

Download
memory/6548-4477-0x00007FFD73650000-0x00007FFD73660000-memory.dmp

Filesize
64KB

Download
memory/6548-4451-0x00007FFD73650000-0x00007FFD73660000-memory.dmp

Filesize
64KB

Download
memory/6548-4475-0x00007FFD73650000-0x00007FFD73660000-memory.dmp

Filesize
64KB

Download
memory/6548-4476-0x00007FFD73650000-0x00007FFD73660000-memory.dmp

Filesize
64KB

Download
memory/6548-4453-0x00007FFD71180000-0x00007FFD71190000-memory.dmp

Filesize
64KB

Download
memory/6548-4447-0x00007FFD73650000-0x00007FFD73660000-memory.dmp

Filesize
64KB

Download
memory/6548-4449-0x00007FFD73650000-0x00007FFD73660000-memory.dmp

Filesize
64KB

Download
memory/6548-4448-0x00007FFD73650000-0x00007FFD73660000-memory.dmp

Filesize
64KB

Download
memory/6548-4450-0x00007FFD73650000-0x00007FFD73660000-memory.dmp

Filesize
64KB

Download
memory/6548-4452-0x00007FFD71180000-0x00007FFD71190000-memory.dmp

Filesize
64KB

Download
memory/6548-4474-0x00007FFD73650000-0x00007FFD73660000-memory.dmp

Filesize
64KB

Download
memory/7836-4537-0x00007FFD84DF0000-0x00007FFD85EA0000-memory.dmp

Filesize
16.7MB

Download
memory/7836-4536-0x00007FFDA4060000-0x00007FFDA4316000-memory.dmp

Filesize
2.7MB

Download
memory/7836-4534-0x00007FF643B40000-0x00007FF643C38000-memory.dmp

Filesize
992KB

Download
memory/7836-4535-0x00007FFDA86E0000-0x00007FFDA8714000-memory.dmp

Filesize
208KB

Download