quasar | 4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 21:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Quasar v1.4.1/Quasar.exe
Size

1.2MB
MD5

12ebf922aa80d13f8887e4c8c5e7be83
SHA1

7f87a80513e13efd45175e8f2511c2cd17ff51e8
SHA256

43315abb9c8be9a39782bd8694a7ea9f16a867500dc804454d04b8bf2c15c51e
SHA512

fda5071e15cf077d202b08db741bbfb3dbd815acc41deec7b7d44e055cac408e2f2de7233f8f9c5c618afd00ffc2fc4c6e8352cbdf18f9aab55d980dcb58a275
SSDEEP

12288:IwPs012cBBBYiL9l/bFfpBBBBBBBBBBBBcA:jBBBYiLvzFfpBBBBBBBBBBBBcA

Score

10^/10

quasar discovery spyware trojan

Malware Config

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral20/memory/1320-1-0x0000025CB5E80000-0x0000025CB5FB8000-memory.dmp	family_quasar
behavioral20/memory/1320-2-0x0000025CB63A0000-0x0000025CB63B6000-memory.dmp	family_quasar

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Quasar.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 20 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133794615712153160"	chrome.exe

Modifies registry class 39 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 56003100000000004759f14912004170704461746100400009000400efbe4759f1499759bca82e0000006ee10100000001000000000000000000000000000000d06b11004100700070004400610074006100000016000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 50003100000000004759214c10004c6f63616c003c0009000400efbe4759f1499759bca82e00000082e1010000000100000000000000000000000000000043b623014c006f00630061006c00000014000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 = 4e003100000000009759e9a8100054656d7000003a0009000400efbe4759f1499759eba82e00000083e101000000010000000000000000000000000000009402e700540065006d007000000014000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 500031000000000047598a52100041646d696e003c0009000400efbe4759f1499759bca82e00000063e1010000000100000000000000000000000000000066715600410064006d0069006e00000014000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\NodeSlot = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 = 66003100000000009759e9a810005155415341527e312e3100004c0009000400efbe9759bca89759eaa82e000000b63b0200000008000000000000000000000000000000e6eef2005100750061007300610072002000760031002e0034002e00310000001a000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 78003100000000004759f1491100557365727300640009000400efbe874f77489759bca82e000000c70500000000010000000000000000003a00000000009c1a220055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4812	explorer.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4400	chrome.exe
4400	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1320	Quasar.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1320	Quasar.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1320	Quasar.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1320	Quasar.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
4392	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe
5264	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4392	firefox.exe
5264	firefox.exe
4812	explorer.exe
4812	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4400 wrote to memory of 2100	4400	chrome.exe	93
PID 4400 wrote to memory of 2100	4400	chrome.exe	93
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 1504	4400	chrome.exe	94
PID 4400 wrote to memory of 2104	4400	chrome.exe	95
PID 4400 wrote to memory of 2104	4400	chrome.exe	95
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96
PID 4400 wrote to memory of 1584	4400	chrome.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\AppData\Local\Temp\Quasar v1.4.1\Quasar.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1320
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" /select, "C:\Users\Admin\AppData\Local\Temp\Quasar v1.4.1\quasar.p12"
  2⤵
  PID:5996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8251fcc40,0x7ff8251fcc4c,0x7ff8251fcc58
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1860,i,7322693535675199574,16172310406536550473,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,7322693535675199574,16172310406536550473,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,7322693535675199574,16172310406536550473,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,7322693535675199574,16172310406536550473,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,7322693535675199574,16172310406536550473,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,7322693535675199574,16172310406536550473,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,7322693535675199574,16172310406536550473,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4908,i,7322693535675199574,16172310406536550473,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5024,i,7322693535675199574,16172310406536550473,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4348 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5148,i,7322693535675199574,16172310406536550473,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5152,i,7322693535675199574,16172310406536550473,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5112,i,7322693535675199574,16172310406536550473,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5268,i,7322693535675199574,16172310406536550473,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5116 /prefetch:2
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4348,i,7322693535675199574,16172310406536550473,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:3696

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1564

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1992

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3320
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3466b4d-16d8-42c1-83a8-eeee6e21de17} 4392 "\\.\pipe\gecko-crash-server-pipe.4392" gpu
    3⤵
    PID:1488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f9e39d9-0b40-4071-a567-a68c1fb863c5} 4392 "\\.\pipe\gecko-crash-server-pipe.4392" socket
    3⤵
    - Checks processor information in registry
    PID:1364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3268 -childID 1 -isForBrowser -prefsHandle 3064 -prefMapHandle 3220 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {497f20e9-001c-4cc3-a1d7-69deeeab582d} 4392 "\\.\pipe\gecko-crash-server-pipe.4392" tab
    3⤵
    PID:4544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4300 -childID 2 -isForBrowser -prefsHandle 4292 -prefMapHandle 4288 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {896394e3-c619-4d79-aaa7-d842676c0bd6} 4392 "\\.\pipe\gecko-crash-server-pipe.4392" tab
    3⤵
    PID:2644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4876 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4852 -prefMapHandle 4856 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96c0f142-d796-4198-a46d-2693b8334157} 4392 "\\.\pipe\gecko-crash-server-pipe.4392" utility
    3⤵
    - Checks processor information in registry
    PID:5232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5156 -childID 3 -isForBrowser -prefsHandle 5284 -prefMapHandle 5280 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cba4c6fd-96cf-4c8c-8b73-212b2141c663} 4392 "\\.\pipe\gecko-crash-server-pipe.4392" tab
    3⤵
    PID:5660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5448 -childID 4 -isForBrowser -prefsHandle 5300 -prefMapHandle 5052 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b038631-a6cc-4f2d-bdd9-4a1e7874a370} 4392 "\\.\pipe\gecko-crash-server-pipe.4392" tab
    3⤵
    PID:5672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5624 -childID 5 -isForBrowser -prefsHandle 5632 -prefMapHandle 5636 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c5d5a14-5a50-42be-a995-a2d043ce49c2} 4392 "\\.\pipe\gecko-crash-server-pipe.4392" tab
    3⤵
    PID:5684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6056 -childID 6 -isForBrowser -prefsHandle 6024 -prefMapHandle 6048 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97ab59e4-9bf1-4246-b3e6-e4b1af3c1d94} 4392 "\\.\pipe\gecko-crash-server-pipe.4392" tab
    3⤵
    PID:392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    3⤵
    PID:5244
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      4⤵
      Checks processor information in registry
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:5264
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1816 -parentBuildID 20240401114208 -prefsHandle 1744 -prefMapHandle 1736 -prefsLen 20321 -prefMapSize 241207 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c74d5743-cfd0-4853-9316-ab5042cd1e48} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" gpu
        5⤵
        
        PID:5560
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2164 -parentBuildID 20240401114208 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 20321 -prefMapSize 241207 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ad5222c-4d98-42cf-aad5-e01d04764e18} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" socket
        5⤵
        
        PID:5568
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3740 -childID 1 -isForBrowser -prefsHandle 3700 -prefMapHandle 3696 -prefsLen 25677 -prefMapSize 241207 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95cf531e-2058-4862-b9d1-ebb87dcd181f} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
        5⤵
        
        PID:3684
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3196 -childID 2 -isForBrowser -prefsHandle 3228 -prefMapHandle 2976 -prefsLen 26499 -prefMapSize 241207 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9af973c-c3bf-40b8-b08d-2d62128a7b7a} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
        5⤵
        
        PID:5672
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4056 -childID 3 -isForBrowser -prefsHandle 4064 -prefMapHandle 4076 -prefsLen 27842 -prefMapSize 241207 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37a25a86-74aa-4e18-bb7c-e25ad463b823} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
        5⤵
        
        PID:5100
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4796 -parentBuildID 20240401114208 -prefsHandle 4832 -prefMapHandle 4836 -prefsLen 33516 -prefMapSize 241207 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4b4b813-7b5f-43f9-b75c-2314858460be} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" rdd
        5⤵
        
        PID:3012
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4032 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3992 -prefMapHandle 3996 -prefsLen 34793 -prefMapSize 241207 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37ef0caa-ba36-49de-8b15-c887c2385fff} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" utility
        5⤵
        Checks processor information in registry
        
        PID:4484
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3996 -childID 4 -isForBrowser -prefsHandle 3872 -prefMapHandle 5236 -prefsLen 32804 -prefMapSize 241207 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b999de37-2f75-4728-8ec9-b8442491895c} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
        5⤵
        
        PID:2944
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5492 -childID 5 -isForBrowser -prefsHandle 5496 -prefMapHandle 5500 -prefsLen 32804 -prefMapSize 241207 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2703719-bb6a-4f2e-a920-7f16c1f539e0} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
        5⤵
        
        PID:2784
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5732 -childID 6 -isForBrowser -prefsHandle 5688 -prefMapHandle 5760 -prefsLen 32804 -prefMapSize 241207 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00cd404a-21d7-4279-96e9-d60de21abe0f} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
        5⤵
        
        PID:5928

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4812

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json

Filesize
102B

MD5
7d1d7e1db5d8d862de24415d9ec9aca4

SHA1
f4cdc5511c299005e775dc602e611b9c67a97c78

SHA256
ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda

SHA512
1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0c0756dcb44b7d34df801c048d109c49

SHA1
4bca48b78c86262757c2d01cbb62518c393310c0

SHA256
f7513994bb45800a4c472a9af246035c6f9314f6dd4391943d47c79036cf0b2a

SHA512
ca80720ba1353924f81e0833bde16bceda96fac173045db48a09665d2030fe60f21abec05e3bb41f4cc50ac5cad65c78ba06dbd135b9db162332b6e59090f659

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
34e02d59292e26bd9caa3593478258ea

SHA1
e9777cf29d2fc2979f5557881f11b9ccc18db3bf

SHA256
ce2ff7f3a1abc4d2039d476e303e93d785bfb8efc7d3a2ddd470731da122b097

SHA512
cc64dc17fdc1995af148743d20b8a441a0db7bb220963647c4f53b4a81bacde5ced19e45d1422ee77e3e256dc408dde7b19bf73e815e14dda5add3819e19d57f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
053c2846f5685319c6c31048d0fb21e6

SHA1
744b0d8a09d0078e92cad4af289fd15936ce5e9b

SHA256
b84aa9eb6d3a300a48c02b5fff5ffc008593b06d0f4b192e01f608b32134c46c

SHA512
80f28f915535d2c4599d92edbf12c1f8783159d10210667532de416d300dfb3fba0241528c866082c9fb8e5728675751e8e7fa990733a425a4ea2e954f19b91c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
eb396b4bf6aaa29f878b6c9940eefc80

SHA1
9343534cce82fad6fc69bf28a0428744c682d614

SHA256
b5386e7d3be16e13b8cd9ba00f0c54e2077d30a071601457a25f426a488c2abd

SHA512
4c1045b2d42be648462fdd1b6d0f57c3cad43939ca61e55ffa0aa9b0620191e70fe44352b6b292e05ff91c7c6584871406b841a34d906115f150c4ab20cd2172

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
842084f6f0bb44ab4f11ee766f7ebaf9

SHA1
4a6a396c4b32af544dc21cc4cb53473bb49d2bb5

SHA256
61b39e867f659178643d1057ba14779963fe604027d449561a322c7736e3041d

SHA512
cece01b3b1c2b2fdb9d477e54b05af7f12e84a0b2da6d9f145046ec88341def6a7a0b11d3f3d8c84d5196d353c1f465b38281eea0a22853cf9c0badf707f99f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
56d6b4e9aab315bfce342f2852bd0c51

SHA1
90cf14402447486884115f10d8a30b3324d7a050

SHA256
c2ddc1957a3c634a3fab341f6f3699b413be95711495df63646615dcab09caeb

SHA512
10512dfaf303e1a55f461764f6f51cd52a2a8bff0cbf7078b95161d650bac3fa3e1cf6c419b84ea726eca93fd5436ec5e7d6c268bd1a3e4f217df929b472f102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
570a4d0ae0a136e6fb718ab84535251f

SHA1
00801e55a1a9eb5a55b0cac4bee7ddf57d196823

SHA256
635e757f7fdee573789f24b047cf083386b4cd1e2bd49aade8867540fe767a24

SHA512
f87372e47aed0f5a525b9cda498c2d9ce024e961d03f0c798f3d641ddb55351e2ce669f67df63566462ca45ca11f7e0f806531d75a115f189e580ace1351c8e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d93b8b8e66027d5d1880ffe0f80b66f3

SHA1
f9ce1760e79469c6c432bc49c54cac52b01e8c79

SHA256
68b26b126016c2829ebee1975b51b5c8e50d371612c00ed7077322d40045d0be

SHA512
8544f38a89871b452bd9dc4cb6ca64c4d4323674e0519b17df02085fcd0c79345b10babc75be1187db9c631e827b52e4c5c908a7e27489cd08a4141adc04079e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d58e4202a4d0f2ac4c1645fb2d9aa1c1

SHA1
094757d1e46e0f2c75575b049b2b6ae9f24a5f82

SHA256
e6e5432a13c9b5112f4312ce4bf914326f535b4d28c5344cedc5cff5c54e55f8

SHA512
82f8b337ff231653026d97cc5b21736a7f47de4f9bb866f535909d19a14d7810d3f2f57e4cf48f6b08be8af1c78f0a1f3890166fb9ef1c0468934f52e7ac8a16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
72B

MD5
e04d39e1b8142e12c9cdbf6d01f14f84

SHA1
563c565e381728a3e6dbcb5666bacaf279eaf8da

SHA256
012b3be9105803b691129cbad57bb31ba8702bfddb023e430aa322cd21df9f96

SHA512
a4d05e06556ab52b46c2d70ce6103d7ea4d32096b0f1ab0727857f21db30c942c71cb302c8d1e2a09d69a5cbfcfc881ae451d3b2f8d285ec4574f74f457875d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
5289e17f23104c9e66e9caf563c21ddc

SHA1
8c963f87c58505743aec08c8993e971ec54ed3d2

SHA256
935086ff9a3f81e7a149ff73927778d01395ac8810a813cad992f68e22b474a2

SHA512
b8479da2d473a4bc9dfb9c3b17c5d6dc2286e679d9f9d2a67c46f2098d1fe9b2425ccb12bd320dd7ae4968819e977a17060834275132b3b5ead8d49c9b561bc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
35e6015d2a695ef55981fed80cc83414

SHA1
af4e8391f63aef2bf060bad9254de04fcdfc0e31

SHA256
3332d39837d6a1850d3173a202f63966da973128b5464c91a0b1761aa204444c

SHA512
dd1a3585eae627f95db89dcce4d76afbeabc0193ddc22b4d9060886ce8da8a5c1afd55dd074d4d7566a99b11c213c8ed3c7284af453b8649de437c255ab65e74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
c0112ecd6e232cf1cd514b5fdee4ac7b

SHA1
a51ba2c1397ff593af889c76921822cb78b86740

SHA256
bd5f5ad8c631afbce41eab65d29bdcf4577bf119dd440f86eb416e9375a06121

SHA512
bd30b311986512f03c7a8f342ec921b31cd2ac4fe2e9090e9a6b575ae03903fcbd7289c04af421ce62857a54a58b802aa62c08716290b7f752b39dc046675aac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
2c33667dea2ae95f24f5b6ac1e71ad63

SHA1
8e3e127058787c93f3a416b686542ae9bcc686e1

SHA256
f844c9bfdb4fb99b92842fb39d63c3749669a8b7b131a4f605006f36ffb04a4e

SHA512
8114429c206862609b32f1d83e3d7d27694f393e0d53f89e251fdaf170a943cd53831f5a9474a5dff64648da1b94fcc24bc982a2a69476b2c9587da3c6843475

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6mb5e2jl.default-release-1734988033372\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
25b0a16b6362e397897712fcb17d3f1f

SHA1
be5c71181a89fbe8ca8ee9c60233429da7340d56

SHA256
ab08029c1e2bdd67de715a4f8d4d9569a15384729ac02b42965b5eef93cf28d3

SHA512
d90c1a67ad5368f5f7af9285b42f6714315077a900de58ae3ee241bc2fb1ffe3ac2ffbf739e6780f0a1710ed06a23ed481897de5c8cd95f55aee7dc05af8d359

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6mb5e2jl.default-release-1734988033372\startupCache\webext.sc.lz4

Filesize
107KB

MD5
face41651ebed712dd959fd49026adbb

SHA1
9f0b3444ced22cd9953e2f860efbf208028d14fb

SHA256
3e36331af37cf1f06e70ac7aa341ce2c4a85549474df0edf5b350a5f9f255911

SHA512
9cc768fe7d01a6a07ce4d3d0690960fac024aba2e3efdd8564c930873a90ae3c77b90c1f07659d83aa61c2c4fb57f39b4dde57255f9543db7253376565240a56

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
5ff355ceac2314b7dd2eef07f4b03202

SHA1
446f38a368f527d5da6245f28d9b5709a330bacc

SHA256
24be6875856ffa9327796a04e68552dbb04dffca70623b09b1b3258752f64319

SHA512
83e4443e8123d575e100976baff83e4d3dfb9c28cef07967498d5c5cbc1361d51c8bed4e83181aced97858a45399d8df6cb769a3cf08e664117dc08799592336

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
6d73c5787d4f8fcb062f14d71449633b

SHA1
f44b622602e9546554c846bda0f19ff1930ce1cd

SHA256
2682bbe1ca85284320545b616132ee2547f8b399fd4c034fe00f67bef155875f

SHA512
1fe5057f4d559dfb3e883d84281f755047cce927762dc416ceadd0d4e3820fa5da123007ed5c16b513228db88a2121e3783de61b32b86046ab1d9f730425700b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\0496E33B07BB9340090B6FF9A653DA5443DBD403

Filesize
224KB

MD5
0b305a39aaa92bf08eb29ad858b17b9d

SHA1
8a40b425e851d6bab0de344b0548ae0fdeb1b752

SHA256
6118f38ab50d7ecadfcad9507dfd8ff682d873eb103dcf785a6a816561911496

SHA512
df1228555cb7b8d45487575010a50127fb3c6d954ef4847501688f1b3955186cd407c6c06f95efb925f6c3b475702bd2fc4089fc0bc71cac08c4ee751af5a1c3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\04D90DDB46CF1211EB244533569634DACF241DB5

Filesize
9KB

MD5
8c752ab54698eafa344a1f9b9a3131a2

SHA1
b3669b207d8d8f957d865b9bdf96f2d498905457

SHA256
43c60ec98516061e4b4a187c4decde3ed61856923370ae81d2a07e29d927c8f6

SHA512
80b3f29b5e8762bc1f5a35ff23b26ec5f04caf4deb27321d928a01c4ddc6074268f69cdad8299209372ef91422c59330ea5f8b7ca95124148b36f339d2933e46

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\0C0E12ED83B149D6A68D87C705EAEF00394A7588

Filesize
22KB

MD5
c4d85d06f3bcd0054004c917105903df

SHA1
796ceec85747be1b7eb739893014f40328d9f6a8

SHA256
6a941019d3b0c3550abe77eb49451fe84fe0a542d9d9e4c33ed0e105fa07dcb3

SHA512
95b82972bbf9e4982b44ec2419cc2b7825ed4818f45900975a6625c47aa5ef87f729dac7c37e05cbc715d4b5f535eaef76bae5617d86c7580d64aa3e63578da6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\1028C0594A2905A51C9BE4B9198A912DA5F01823

Filesize
49KB

MD5
be6048b4b23678f94563eeb02e02079c

SHA1
10b4bfecd236da840313696d364b04c587a003ec

SHA256
4c1681d1b5eb1f44f97989afefd239b7336d0e53f8074489a991409229e50439

SHA512
7c78f01f54543d11428849e5f79a376c523f00d9019a0f09f6ac8ce5a68d90f3a802cabec4075c2ec2bea6245af9e143c077e52ee02ee7c985a0501c1ee3a995

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
d171145f58969ac108953aba98c966ec

SHA1
41f23b6a6bb23a780b6d2449c379fdc7077d49ed

SHA256
f282b4c668d41027a8bcf9df4b892840ec44cbb9fb0f464935b6f65982efa1ee

SHA512
1aac259b394309a40a77910c4745a9d6dc2fd4a86915ac428ff8bf5dcc281d2c232c627ab24682a7142d9774e0129170582e469f47ed1f67347886263a8ff538

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\37373F56CBD822F5FCF64BA01E1320A0924D8460

Filesize
24KB

MD5
eba4af33c016f191f1120608ff9e08fd

SHA1
1990faeb96822cc7ee02f9919009bfd4b59543a3

SHA256
3dd6eb8e67e761df901e9fd9f582bcb98b9a90085256a717a099c0c6027c3ef3

SHA512
817d0ad37e7c342cde105206a86b62ac65c9a1ee05dd8140e923cfb710178df42eb1906262dbfa12490bf64175a6a5237a0af11a8cb4a7841761c10e6c5bf696

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
14KB

MD5
6b8ed4d58c8f2028abb47b7ceda75923

SHA1
8a18debfad9aea5f6377129e76e4834bc0a923fb

SHA256
ff5046bd1b7a7660fc94ef8ecb87bd83177d55fdc921524de08bb04efd549775

SHA512
29d74faca793466826a88539ce23408a4ea3df6b3787752b747ecc67b8515bad730e45804140321bc14b69479da039ba3883cbeccd94be44bafe861e7fed61f3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\74537EDE6EE5B38E7BECB001EDCF37AB3D767CDB

Filesize
9KB

MD5
4a7a2aedba4077739226074422aebc65

SHA1
aa4c4470f5aaf18f5943b1e743dc9389e151d8bf

SHA256
e5fc6367985d89811021cdba51dffb19e96caf074f25a6d8ed4394accab44b06

SHA512
178e6b7075d47c074fd608276c93a175b258594dbfe73b2f87c7f162e27517f2d644d486d2fa7250ebbbc89d78d57ffab4cd075bb17f0b5b602e2e91def4201c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1F

Filesize
16KB

MD5
9d14378b0c3bfdfa67630992ca38bdc2

SHA1
618f6c1299cac8f4730b943bf23ddd54f9568103

SHA256
67660ec88d0bdc5e616182a9eada7b62d201ff7e7caa38083aaa4ea3ef179faf

SHA512
143146960861bdb84ebb5df9f2d635787723ee30e17fe659f1a63dbca5dfa464d7e91abc7d3da4ece35a40f58c1d932c26f340b055eeb0afcefc00e3cfbc9ed8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\8540EC873F08CBAD5DF5121BD3BABF95624B4A14

Filesize
16KB

MD5
0a1167b557857bfb89c09b3d13fa065b

SHA1
34dad79ec1f50a8d86d52f285a93c937e2849891

SHA256
b54d8a6647c1e8670189c74279262bcef9457af0c27dafdd5644327789c0f882

SHA512
0c06c65b0d00070710a3af6c6cff846e437f0c8cb001dbb44a6a9ffb52355da3a834f244a5bc5facb3d4fda3293e79f2ed346256562c09a897e926610d8facda

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B

Filesize
23KB

MD5
5a91f74fe9f60805e110f51cb8779fd2

SHA1
b87bffcf724ea778a0e5d5b9b9b7ba871d6cb7d6

SHA256
784ac123498205b4bd92a6a5ed8aeb2f8d4e0672b380b76f210bc1734774c371

SHA512
8aa8fae6f9510d80fdb526d7b4302faa8938c97717ad5be9826ed5827b163f8d41fb6a7d55774d9ca8c373dd6fdf6b134efb03a6c8ca848a8148c32eabe3f22d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\B12380E59E366D551CA91542483B50A71D3DB16C

Filesize
224KB

MD5
34197d5a38d8b78034adc44daf81c377

SHA1
899e68c9dd4baf6a3872a3f315e0028d0e6ce463

SHA256
a273fd48729a82e365038b8c199b466010cae1eed0c69a2c2bc04425a26e07f4

SHA512
65bbb8be310980e2e2f1ab402fdb0851129f20ff54b7576ebe20b4347e70dcc4a8494057f314607a5a7b4b7812be04767d996bd0a27bbf526d479bfc5fbb742c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\CBC29A4096AA94E6825DCD53DCE0814E150DB428

Filesize
15KB

MD5
9151dedc8e44497da3fc2848a9012612

SHA1
128983de784598695ce6935fb6accda36810e6fb

SHA256
daa38b3d17a9d42ef7754fd4f79e09a1bd26956a856ee23b925b035b78a1340b

SHA512
9d056550860144fd20e15aab59ad34629a814f6f2dc8dc64a135ef75b35e19740ab06c3051cb937391f47817fd39046600a495c3c351a18bc82b43e6da7f066a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\CE30F9E7CB4E0D8AEB054228E581960CC2812E48

Filesize
15KB

MD5
330042cc8cc5772b51ff8a15827478a4

SHA1
12b50a83af8c3a9fbc24f1de8ad3cea4974ef2c5

SHA256
adf6b40d7bdc463e93cb6c2f218234f4ab80a7795264028bea5e670f3959661c

SHA512
dd64f6cf46e29f8fb29b47bf95721f39c9f2531e2d7a339f960a3c16cfb849662e3bd1127b24c9cedb581676503261aa3e07ecc3b818ef7f800140cb8599fe46

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

Filesize
129KB

MD5
78589329f48bcd333beb08629882d3f6

SHA1
5fb257d77730dfcfc86b9d4d308593d39625de41

SHA256
ce53b387ec8b3ccd2c0d24a7834221d35cb25bb11cb026cb1184660ea01944c7

SHA512
078ca9ff4833adefa0f4a6872bcc0f64cafd0aabd6facea4f8086c77a1ee0c59a4b73845c7addd8df53fe60a72f9477f38fbfc3b2672b3543ba8251cf2e30512

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

Filesize
298B

MD5
10da47bb558ab4a5e50f2730e5a962a6

SHA1
06f832312145b366172c6825a2c2668a839026bf

SHA256
89e24c6a8c24951a8f61b946f05d961fa80ea071f748761767277459dc37b36c

SHA512
689c45d46fb579e7c19613b5911d46acc18f368101988e16a286894a641c55823015d69b33dd2c6d2beea9d479730e73508bb9062c445c310ae1eef197dc8d18

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
9c730c30dd631d53300c4144d8ea7b4b

SHA1
a839cb2e16d3c0ad1f8f7cfe375dbe969de4bfa0

SHA256
aa02f7b5e5b8fa14b8d1a26ebac0c4a461144c63aa06f323e2091e1690e5967f

SHA512
3bee45970b2345fb31089d04a4bb3fb5c7296f77bf3a94b3c1a24772f8dfda278fef4d4d7014d96e18a4811b1583ff2f62c9aaeb5a8c6dff10bd792d2809591f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\FD3C8B7B2C5FC530AE8D3FC8050677579C3D2E17

Filesize
10KB

MD5
0519762833f3d909d536ff5489762b63

SHA1
f38bfbb292e79053c257e0a307d481ada5cf6715

SHA256
adbc4dca440269e817ced41defb07177b7324a154ba419ad3c9b34e01af7d544

SHA512
77c3d63f88f804c20e9853560a56d0fb2581a70840a675d2eeebed0e2d36b449e21d19db981f4722e6651126f0d9ed62d609b240b1af06b732a1115ce6769fdf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\Quasar v1.4.1\quasar.p12

Filesize
4KB

MD5
0cedd50ee90d801baccd2b360582fc88

SHA1
5bd83e19e22b2bba498ba431875862330b41bf5c

SHA256
f4849a7baab0acab76a3eff4ac64a26c753084cc9045851fc0194e2f8b95c8e9

SHA512
6c8eb0753a8e44ea543e3b8fbbe47c23af01402027678d850134ae306eb9cb2d738657393042fa54ce3a2920e53a01a0fafe5030b8d4b61252e462ba93a48327

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4400_498744023\6ea99643-85a5-48c1-8f68-78968f5b9c3d.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4400_498744023\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6mb5e2jl.default-release-1734988033372\AlternateServices.bin

Filesize
7KB

MD5
f1da4f41e2d0754ae4719522a6d5d5a4

SHA1
e989f38ce1373a5e2337ce95af7d8139eb3dea86

SHA256
4d4605ba696745b3f61928008f3fdeb4e1b4eccbc8ab8b718ff00ba3c87f5605

SHA512
83c0e854ec9a9690886fc08cf18a7e6b5efb647e953f17af705ffb49bc0a27a7d5bde43573c816e7cab8d889f5a5575de6b5c123d8f1efb231abb68326e3f5e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6mb5e2jl.default-release-1734988033372\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
2e00a1736bf1149934b28956024541f7

SHA1
bac64b758326c409bff55655e73987563bdbfe42

SHA256
8d8d7c8fdef674bf0e285b15a1d300b5c284ea115b741c07f54affac3de476b4

SHA512
d6d7004c4056b536d26b8aed6e89e87cc211f9036ca2b82d8402a2feb73236e6a02bab28f301b138b964c164b713350ae420009da6272af2aab7017aa8d9cc2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6mb5e2jl.default-release-1734988033372\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
9a98fadaa656af6115705a5ef59f765e

SHA1
395da0f33f225bdd610800534790918fa931a1ad

SHA256
8d66faf82aefd45dc83f704a4dcd78300ff64debac3f5fd70b95e554a8276d31

SHA512
7f43b36e46ecb15cd51c8ba5a949654a8f64020b4db9c8df3edd38dd3ca3088052d417976d1465669ff05ab395ec522b535bd9dfc02f9d68ca5722fe28a4560d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6mb5e2jl.default-release-1734988033372\datareporting\glean\pending_pings\027a0bba-85b1-49a3-8094-a7ccc0daa310

Filesize
655B

MD5
35972ff81cecdf7c93b9d06de3f3e4aa

SHA1
c7abef6ea79f9ccc7bdea0ef83b8228784c5e428

SHA256
55bb6ff2f47550fb947da0b253a6f60fc3a03932aa012647863bb9ebe521c95b

SHA512
a584ff9ac0a31e3cf6c40ef8ff9bf8fa1bd511acf748d869769a7a3ea2b7ac3e1162e7c03124186a6130f7263e26aec335bc5a9afd3a4fa43cdf3bfe417a8a19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6mb5e2jl.default-release-1734988033372\extensions.json

Filesize
34KB

MD5
26ac5d42690f127af1cd7e622ab34878

SHA1
6ad22ebcdd57b3cf667275e042bd29c7675597d3

SHA256
acdf6fbe20a95b02e77ef06992e8db64eda65afa9bf8acd01df8cd758cf2671e

SHA512
367387148c41ba05e28e948f41a260ae8189360b750b541a4d4bde1f260466434a556f73fc454ca6ee3cb94dfc8af9fb6f3fdd61e2948a1208f245ec7e2098e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6mb5e2jl.default-release-1734988033372\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6mb5e2jl.default-release-1734988033372\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6mb5e2jl.default-release-1734988033372\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6mb5e2jl.default-release-1734988033372\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6mb5e2jl.default-release-1734988033372\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6mb5e2jl.default-release-1734988033372\key4.db

Filesize
288KB

MD5
3e7a683f370917c852c19c4008357bbc

SHA1
291248dfee01a283c94e94d9ac18efe2c3e77c16

SHA256
dcf30fc288b7b1492c7bfb884e194c590d262e1020f77dcc626a6884fcd163ad

SHA512
93fd4ef1494719f749d39a951a4e5f6eec39d495cc93335e70507a872e93537508857efbaf287aafe951261f0e56ff39e8aaf2be15570f2626174d52a664b954

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6mb5e2jl.default-release-1734988033372\prefs-1.js

Filesize
12KB

MD5
64e6dd4766aaaa3b804e010db3445044

SHA1
36bd5de3a253e2b36a9a23fc11601c7bb6de41dd

SHA256
068d2b247cff28d84f4c6ba015c8e0e378e0ba93d6438c9b760e964771df34f5

SHA512
13afad707a0927c83c18a731e9f6af2dbd2f53d94cc33b58ab03c5f82f792c88651e23242ef58db1f420b2b580b86f7fb6706910af3ae29339f2f151ba731f6a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6mb5e2jl.default-release-1734988033372\prefs-1.js

Filesize
11KB

MD5
85ff2dd86283f7325b7f4422b7c760a5

SHA1
1e0c6492c6d02fe4d44318067e6cf56e26cbe536

SHA256
a7970b342ece5abaf140d45b7ea5e287e1ff497e1cc04aa491a2fc91a3ad3497

SHA512
170208714242f61808aff46c6cb5a6289d9d35367da784ca84dbecda6d9c0e2fb28409b7a1e08787ea4549d81a31fe6ca7443e947580438cfbbfffd66629b589

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6mb5e2jl.default-release-1734988033372\prefs.js

Filesize
1KB

MD5
b4b2dc2b543401ac0c585bf6e7845065

SHA1
20e009b61778dd9cc210863b01e907aae227da20

SHA256
ffd08eee89a147d26dd4a059d3fe89a9e7a073b0375a99a43d096481195068ef

SHA512
9c043f3d185e868da7d56771424840678c8e2bffda92e3cbcc6b0d6fc8a0730afbdbad01bfcf53525ef5863b6c1a1327c7105aaf390375917eea3e4a06e6bdfd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6mb5e2jl.default-release-1734988033372\prefs.js

Filesize
10KB

MD5
60b20b36c22e5b26ecb9559869561197

SHA1
93953d9c81cf061fd87c31933ce6c41fd0d761d8

SHA256
a6b8f6dab556074b302d77503584b8df7b71043344475418abf0bfdc8aa2fbdd

SHA512
1e0f0a5644c43ab0e59d1f370826296f84d311150658156f3555776e2bf5b03eb6ad2e50afba5b72ec8d6489639dbdde284cc8fc7d51653cdd1fdfbd7697e144

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6mb5e2jl.default-release-1734988033372\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6mb5e2jl.default-release-1734988033372\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6mb5e2jl.default-release-1734988033372\sessionstore-backups\previous.jsonlz4

Filesize
597B

MD5
e4e0cf2fc693e23534e89627d6c2b1c6

SHA1
bcaac300857f711b9dd8a21aaf247904fd5c4534

SHA256
5e1272eed511085c46114d1f07e88534da90ccb925c89c14f791fef4679f5bf3

SHA512
4a9929ba958927a09cedf2c30f8f2f5fa6ecef2c26e0226d629590db3171a8bdc6fee077eda38d6fdc653ca53a58e6f4e8ccda976f0e3e6d0b62471e5069051f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\AlternateServices.bin

Filesize
10KB

MD5
52f6af412566276453e8c97c4627b6ee

SHA1
e912fed20a7435fbec13d67bb841d9ffefd90bc8

SHA256
861530d0c39dc32aadec46da00d1a77f92c69d853f69e6c6b2b9df481d0432e7

SHA512
b5485d28a6f6684cff185c0f9f7ec4d2c9bb8677f56ba39362e1196f21d105f3e8fa48175e33017b72c0f8e40c998294e54f4946a6225be1b7404a350e0ae85f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\AlternateServices.bin

Filesize
6KB

MD5
72d799d9b858e01fb45eddd02e7785c1

SHA1
00c5d12a8d1afaa082d6a06f87323eb936f5f785

SHA256
1c63d02ce407e825799640ca65eb2dc451ab6aca45b57c4ee329bb077f0ca0ae

SHA512
10c67d192299394da9723b2689632a691986335b6a10a3320e242958edbe21330d90922a016da60853590c23451a65c7efccd13ed32fa703d0204bfae28e07f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\AlternateServices.bin

Filesize
6KB

MD5
17c2aaf6669e0eed80755577dd14c768

SHA1
81b9dfd0667ad746cd141d21cf13e6948862d942

SHA256
b2412dd2c54f2a1e999d6d159bdd66ba20c213c4bfa1e4e44abf69109462ab3c

SHA512
2b476383edbeb44743886ad83c57c0d1f34211d7c2d48935d22c2e952217c0a941372186c28b82ff1c46ec254b831bf1fe710a3dd4958cce92d657d7674a4896

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
480776d91912acb64607112b22002ec9

SHA1
db91770ac70f22c3d2a47e8b4b2511380f06571d

SHA256
cbbfd8ddf3a5cbdff6acffed22f681598f8f8152c1a27e828477a1f1d0faea6f

SHA512
99f27c3a82023dc8de30101ffb3e0945e5923c5411e8ba711e33ca0aa88e1bd35a7618cc3465c16128a3664e3a0a16fc9c851fc30a5bdcc582eb275e0065d962

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\cert9.db

Filesize
224KB

MD5
25b2a288028be87247863d030230f54c

SHA1
0fec64c6e57d46c11acdfe89e66fa570452ee287

SHA256
2443313dda3c3b5e604c0259873801e7d7f50729f17995e5ef6cd9b05d78f0e4

SHA512
65841c491d3d435dea69780906e97f2227332c11b691572ab05189a30f31950aa8175f51540e0f978802f3064e7ed1f1d3fac381b2dddd49c8b30faf78b3d45c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b5acd9cf58ba89e643e7b2e839e0707e

SHA1
82c2b9cbea4acb50b446b786818287be7b0b8b61

SHA256
4d4fd87f1cdccc9f826ab7de2b3980db6fe4ed328f079ceb24f680557da9667e

SHA512
1fdaf5173a2fa956e3793b3643b44d928a4c81a1599bdf4b057396bfca5948ce1097194dbb5f528959c8cf4e34d058922828236c6060b41510e9ea2cb9ed424b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\cookies.sqlite

Filesize
512KB

MD5
d45b84c42c7ede97602720f8b9a9149a

SHA1
8321021acf85566f5e03c49c2483df5b314d83eb

SHA256
2654b46bf8c580ab2bb08f22f3a2ddeb7b2e05416bd926beda0e4fecf35f0cd0

SHA512
e8f4fefec1ea7670742f0ff6f779b5a9eca6abef0d8e547e6b1e8cf23698c2515ac45550f5d4992789139ec4806c53a4e0917cf93f62ab19125fd43a7a537dd5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.bin

Filesize
38KB

MD5
ab4d75e5c033986a8b8a3973ce2394a6

SHA1
b6343dc3cbf1285388fc0ee7bcefa48cf96dfee4

SHA256
599f89138b95d4f0516d1e63a79fba0d01f988f834e290a1df1e507fee45ee7f

SHA512
7993ac48a248c20c6826556fc115629287f8a7ce4b7c6e89aaccd16e0f2fa065876db8ff81aa89b346e011cad1d93c4a23839770151b842b08a4c7cb23f2f0c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
f32ed566edd8fb14589e2a63f05e8b43

SHA1
3d877f9bef26cb039e5efd0ce4bb6256ecf3fc6a

SHA256
d0c2ac9f0b45521fc122f34d8b1a0ade5e04da4f88439a7b19e8ee13fdb0617b

SHA512
9c9b10af515569db66543ab4455da60ed62f7f3880c588d2fdc8a88284ba5579347993af4faabb0c969ce3765077eb9851d3fb4b6d7d9b674cbf78fbdb8ad3a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
c440ec590ff9f0d28ba381a48b1ead43

SHA1
4f5224d35854ea5a7a76e2f417eb3bc1b3b1c618

SHA256
22575c0cc9be530108c09911d6569d241ca446d4cdaa3f0fb96eb64aea860e64

SHA512
7feef7bb807759793b0c2bed1309e8850abc6a238bee519fe8ce580b76b9e900934688d81df26e5224453b470117a33c5cc83c2c1e5db7c1693dde651f8af691

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\events\pageload

Filesize
218B

MD5
70b1e81d5f5796728b28b947243fbf4c

SHA1
c75ae47a61f00a4d9b12c40c0ed99e0ca4e3661b

SHA256
8667141771b4d3d476ead2f0f3a6ea68b62be07c12723df1b8f4d2d721bebab8

SHA512
ba3c0c67a61b0225e632c9550fd7a0ddc3906c99dba3d12506382c0ca375ac1c0a32454c259c305d472111e3e163bc3df58536c7869a20b8535517d4fd6a06b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\1809c7d5-84de-41ea-b316-e06c7c47ec10

Filesize
671B

MD5
2cd437b4e3e4ec7a877a1c6d709f86f9

SHA1
a3ff474e543ae66c0b138c03fabfc47df13786a9

SHA256
c6cba15d74eb613bc995402eca2ab33ba1972f7b9baa91a72d5d05ec5484c26d

SHA512
10f79b6c7479a3a81e69bc128e189f5e7d2276c4d679ee8ae5363fa55b921fba7b0a12f2cf538b1f21a64f42c3c4f34236ed2e6ce3ff503f8a8ff98c8df67ec0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\ad69a7ba-5176-4e7f-b79d-545b1c74dace

Filesize
26KB

MD5
104c77b07204c63b69a9486f1ff9bcc8

SHA1
d6ec95dec22e9aff068d59103937b2079cfb9332

SHA256
05185ae5ee996624c3a7b6bb47c05fcfa72bc55e2237c6c9db8e9a7a3ce4f4f5

SHA512
84af7701b5ea7b5cbd560c1941f70ec2ffcb5d8bbd8f484eab7b97d94a12f108a7c44093a36e30090e6fb3af6957dc1a7cb5ccd4552744ce0df6b8744c73934c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\be59ab73-0d97-480e-88c0-cc436281c7cc

Filesize
982B

MD5
5abde150086d6ccfe1ce464ed177a200

SHA1
837dced61d15f8dc75dcd178422bafaa8097f92e

SHA256
d19c1534e7c9368a552dd7f5827cdd9efc8bcf7607daa5eddfac5820d0a69b42

SHA512
8a51da5c09668155a21300e788d6ef36bf9458a9f0e497b4fefba362670219a0ada57136e283ce64de73490086e2de3a95b3a6780faa9ff2f3109a2a41bea72e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\favicons.sqlite

Filesize
5.0MB

MD5
c317b4a9665186e2e5757849d85aa35f

SHA1
e123a2ed82d63ec06016529f9addd0f17eea2fbf

SHA256
b51cd3585c04f919ffce560b8891f3097dc46eae97ce350f5df0c8a3cfe0a05f

SHA512
b193eb320aaa6077bc144671f9bbbdbb09e6ebfd829467fdd6b919cc3ab2157e07ef5e8c1939b25c87468d7acba0212b798141ba6945d3e762a765086062d551

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\formhistory.sqlite

Filesize
256KB

MD5
a7eccad5282bd48a02536808672e481a

SHA1
095c1ce076e33831ab2ef680d82b5a7613ce4794

SHA256
1711a4f96723b45ecba392fcce4d74bad06781ffb822a289c9eeeb7ba10ec876

SHA512
20fdc02b66d0296a4e2991fe40cbf25ff8a9be4895752e2fe23f60e7bf12730f2c083d9bbe9b0b650947efe18ea8b144872d2991dc8f94eb44384c1898dd4845

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\permissions.sqlite

Filesize
96KB

MD5
a5e6054a956bf0a878003386c27e62ae

SHA1
ca8f76d07a0a91039c93d08c5fb705de683328a6

SHA256
3af4a2aa6df41ee6ecaed47667ae95a613d9bf447b2048d758789c3008160d0b

SHA512
fc53d9262e37a7ca733b2143803086d9c93cf3633089cc0fb1ab0b09e9370010988282e57608ee04316b80f5b3651b66c7fba4067b716d46aa0fd6a17458d13c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\places.sqlite

Filesize
5.0MB

MD5
14af7ac26b45ed66a2fe964bbda24928

SHA1
28423014acc6ce8bc24440f7c5e82e819d10587b

SHA256
595f59fba329bb765baf0c411934d7381cc9799f9413e5b55f71596dc5c2406f

SHA512
0470e0fc7359d855249e47e4915be7e43f1371c442d73780145372840a97f0608867b1c7f7a801861cbf3d5bcb70bb81f2afeb0a16b4fca0eb127eab24f618dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs-1.js

Filesize
10KB

MD5
4a69b35e4df4b1defcf23e6c94c6819b

SHA1
8888e5e495220e95b91f17f4c5eb2ffeb3a6f228

SHA256
234965a1956d4c7ed3c1b8d207f96f3ddd332989982471c2bb41413dd093995e

SHA512
df17fed94583286270e0fca58c14c3baedcea94112dbfa5198535d9ce2d7da99fee7f22c592fd952befff8bec944d49222c1dcdd5b2b5c8063fb1f8a7dcfc40e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs.js

Filesize
10KB

MD5
4322e7d7b189329202537eb5613ffbe9

SHA1
a16448592aaeeef973ee2a80260d09131ec78ae8

SHA256
44b80cfef73e163cd67a5c168799a6d078b6b9ccc5884c4323000e9d944caaa4

SHA512
ddb33e3715d125fd90f7ac0d15a48c87c3022a9234f24208da8d6640529882eda836ce12618286ad9e859704c5838f53015c1a23111c3114876d72f5972792ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs.js

Filesize
10KB

MD5
ee5c2fac413f63cfbbbffef0d0e6059f

SHA1
62b8c9421b31f03f9bd309e18ebcec7bcf7d9867

SHA256
8f51971b1de1763a95d002339a4ac7b9be330d755a66735cbcf57cba4eadc648

SHA512
4dbfb0f44c3a7ab5a5d5019f857a255f98e950d1975173e0c49baa469a27060e67db92cc1678e726b037e20f54d9cc7ea57858cbccddd7c04aa9966265a53934

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\protections.sqlite

Filesize
64KB

MD5
d7e5433a87ae3a30de4ab9adc47023bf

SHA1
4edaec48083abd90bc532ba8dd015fe209b0e439

SHA256
c2da29c9c40900e9ae211f9083849b86355850faa503062d14ced549563f273e

SHA512
9b28c36dbe02dff99519fac684c8cb88b8a40b06454524ebf79e576bd22cd94ae0eabb2655aba32bc118767f645d4e12da06764ca5d73c4e42fc2c2e0c343961

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
97878433dda82196f15661d350822777

SHA1
ec2aea19539573995104aa1fd840d47bde6648a8

SHA256
548f1d316c4604032682bb43f5d789b7f930c1162410bf57393ab85b961f6d19

SHA512
9306277fb09f02c700e162f829fcd7c0a0cbb2fbeb809fa8954fc4b649df20c19841f2f8863ce7d85975443e287fad4e84c28e203c511e7933c8ce73be1b4db4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\storage.sqlite

Filesize
4KB

MD5
bffeb2f5110c4db315a6cf1ddfdb5294

SHA1
4c5ee7e46606a3137c7fe25bdc1600295c4e015e

SHA256
65917440ca1fb10867f356ae82798764c9300b76b5d973a33ae4ea86c3fc53b4

SHA512
f3b59581660b93e8da93c222ec980d7ecbade73cfe57d397ab25b045a16bc4bafdc3c7aa94d0bf1ad34d40c47e936c2feb8cb53659fec844ad126b1f715e7dc6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\storage\default\https+++www.google.com\.metadata-v2

Filesize
52B

MD5
ca102196899e59aa2a0270de387eb9fb

SHA1
a0cc86b38637d93dccd59b3c9105ffa9f3f58c79

SHA256
52b60d35b7c5509a8e480d40148a386baf753033309694f6ccab5c9e56523ca5

SHA512
3188848acb5584a6a64deb75f1e1674e8eaa6d4b120ecaaec4d170752f02e9134641e1dd32b4b43b095cfdf525c0b42b4801d2eb18ad2819a9e701c57bec4d51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\storage\default\https+++www.google.com\ls\data.sqlite

Filesize
6KB

MD5
83944ce177cc3fe3a287c907affcbb27

SHA1
a1b282ef9cac86dc58f1fbaf88dadfd4ffc94409

SHA256
9f73cb261b9e225bf019a4cb09e5cc35a2a8c17c0c0b34cdef967fda5506baec

SHA512
26b48ce1d9b9c4d894af1d612f7187c7a88eab90a7fdeedf84b595dc14e53c2bb9141c243af3c338b55ce589fdd3b72a825c484c95fe8945bda53f41816aa67e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\storage\default\https+++www.google.com\ls\usage

Filesize
12B

MD5
cd4a95a318587ce800fff845aa75b8ac

SHA1
613272b60c3a91a9b5fd7b2931bd295a95de30f6

SHA256
bb7fc74d8df01e39a792fbf2da0ac59f40379afdfb83485a235890a50d218c14

SHA512
6a08063d1381425f57ade714614d316fe0eb054e170c1771b36bfdbfc326a173ae61863b7769935b456d0f5a81425ef9f2c706915ed621bd867d5eb783a0e7af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
312471f89d3fb1a46233684e938fc8d6

SHA1
7be9880823205313072d25b5573e124a165be525

SHA256
1e180399c4bc184d5b4f5087e1d0e5a89ab35b9fcb0b4d47222cafa3071939eb

SHA512
48852189fb166fe07b310a6990146612022063f943527aa52ed16fe0f0cea47046c484db64e15013508cd119140a9c1dffb8b2afc2ad73cde1f262d9dff532cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
584KB

MD5
e63a64d3291e78c3f865fa2a835988e6

SHA1
1f29fb82e2ddcb0d3d4aa7d6948f2ca84cc466ff

SHA256
177eaee758f98e8d17585bba098de3ace051461202b290fe250b995e28a2f969

SHA512
399690f035974022b5b856a29d2f182015952e6eec48baac9ed612d158cad777988aeb8950e1e84d61623c34e2a287630b7c9057ad4cd98efe9b5640aa91458d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
675d6c9cb92ce9840509c6093a18075c

SHA1
446d1b6b91e62d9716b7338dfa3d04b774f96f6f

SHA256
76e610059b160e05dd81b770c62264830aeee7912c23bdc024253d042a0faa08

SHA512
7ce18a6bd2054b406740130ad330803c6d6de16ce9cd4591e297ed690dd60a1528a1b0f756b87ab4ae780ccc372ca665b174343b916e73251e78a76018b53688

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\targeting.snapshot.json

Filesize
4KB

MD5
ca214cf1f49c49f993c8a485791d656a

SHA1
f0dacf472881fb1c8fedf083a9f1bbdb67513d3f

SHA256
a2e2b001bbe4bde0912a4b55af71907d49dc113ee3b0b62e08ed60ef3bef2188

SHA512
c2cce3a8ba8d362cf783cbefdd79e5eeb7ce77b04c4970ce4f416383412ee7fadc3775700385b521f55ef57b5feea83c01f5028f0dc625e28cffe64c9bfd497a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\xulstore.json

Filesize
120B

MD5
8d689c06cb844185099c0398a280537e

SHA1
57073c7526ec37e94bb9db44fedc6d50276f7a6b

SHA256
96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

SHA512
3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\g9per00b.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite

Filesize
48KB

MD5
c5e912b1313b5c69d80a6a3f0e431b39

SHA1
7ba0dae12655b6c555db8d9fac49fbcf0719546f

SHA256
b2ce83cee19366c963821bea8183cee58574f38930b4155a455480fb1cd01ac6

SHA512
194b5f2ed680eef6b5b70c3632ae52cedb26b50e9c9b39137841ddb12baeb7477c0afd0dc4a5193ef56d90912f7043b3e4f7e2b8c2ef2d47d76e54bddb0571b8

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\g9per00b.default-release\webappsstore.sqlite-shm

Filesize
32KB

MD5
b7c14ec6110fa820ca6b65f5aec85911

SHA1
608eeb7488042453c9ca40f7e1398fc1a270f3f4

SHA256
fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb

SHA512
d8d75760f29b1e27ac9430bc4f4ffcec39f1590be5aef2bfb5a535850302e067c288ef59cf3b2c5751009a22a6957733f9f80fa18f2b0d33d90c068a3f08f3b0

Download Submit
memory/1320-1800-0x0000025CD0790000-0x0000025CD0939000-memory.dmp

Filesize
1.7MB

Download
memory/1320-6-0x00007FF8244B3000-0x00007FF8244B5000-memory.dmp

Filesize
8KB

Download
memory/1320-1720-0x0000025CD3520000-0x0000025CD3570000-memory.dmp

Filesize
320KB

Download
memory/1320-1721-0x0000025CD39A0000-0x0000025CD3A52000-memory.dmp

Filesize
712KB

Download
memory/1320-1722-0x0000025CD38E0000-0x0000025CD392C000-memory.dmp

Filesize
304KB

Download
memory/1320-1-0x0000025CB5E80000-0x0000025CB5FB8000-memory.dmp

Filesize
1.2MB

Download
memory/1320-1768-0x0000025CD0790000-0x0000025CD0939000-memory.dmp

Filesize
1.7MB

Download
memory/1320-438-0x0000025CD0790000-0x0000025CD0939000-memory.dmp

Filesize
1.7MB

Download
memory/1320-3-0x00007FF8244B0000-0x00007FF824F71000-memory.dmp

Filesize
10.8MB

Download
memory/1320-4-0x00007FF8244B0000-0x00007FF824F71000-memory.dmp

Filesize
10.8MB

Download
memory/1320-5-0x0000025CD35B0000-0x0000025CD38DE000-memory.dmp

Filesize
3.2MB

Download
memory/1320-1719-0x0000025CD13B0000-0x0000025CD13C8000-memory.dmp

Filesize
96KB

Download
memory/1320-7-0x00007FF8244B0000-0x00007FF824F71000-memory.dmp

Filesize
10.8MB

Download
memory/1320-2-0x0000025CB63A0000-0x0000025CB63B6000-memory.dmp

Filesize
88KB

Download
memory/1320-960-0x0000025CD0790000-0x0000025CD0939000-memory.dmp

Filesize
1.7MB

Download
memory/1320-8-0x0000025CD0790000-0x0000025CD0939000-memory.dmp

Filesize
1.7MB

Download
memory/1320-9-0x00007FF8244B0000-0x00007FF824F71000-memory.dmp

Filesize
10.8MB

Download
memory/1320-1144-0x0000025CD0790000-0x0000025CD0939000-memory.dmp

Filesize
1.7MB

Download
memory/1320-0-0x00007FF8244B3000-0x00007FF8244B5000-memory.dmp

Filesize
8KB

Download
memory/1320-1915-0x0000025CD0790000-0x0000025CD0939000-memory.dmp

Filesize
1.7MB

Download
memory/1320-1920-0x0000025CD0790000-0x0000025CD0939000-memory.dmp

Filesize
1.7MB

Download
memory/1320-1921-0x0000025CD0790000-0x0000025CD0939000-memory.dmp

Filesize
1.7MB

Download