quasar | bb5398474b2aa16ce6c29b681fcb98f4b19bb152413076b7b1748e41efa6dc6d

Analysis

max time kernel
149s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-01-2025 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

im not verysmart.exe
Size

3.1MB
MD5

45e2aa5fff9ef27dbe69e171d2827ee1
SHA1

75344a650dc891b86060124c855ec26e5c4dfbbe
SHA256

bb5398474b2aa16ce6c29b681fcb98f4b19bb152413076b7b1748e41efa6dc6d
SHA512

c0d9824e1a8fa72ac29cd151f4331268df9839ba7a071888f08f2bbd73ab45b3f0dd61d4789839f30ebfce208d8409162abe17d316d2ac06470fee5648fbac39
SSDEEP

49152:xv+lL26AaNeWgPhlmVqvMQ7XSKtCL1JHLoGdbtTHHB72eh2NT:xvuL26AaNeWgPhlmVqkQ7XSKtC/

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

meming-28826.portmap.host:28826

Mutex

0d852c3a-6700-4e42-85af-0da8a2a2fd2a

Attributes

encryption_key
B323B6B4414256836290414EF6F85AFA580A2B68
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
System Notification Tray
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/memory/2456-1-0x0000000000490000-0x00000000007B6000-memory.dmp	family_quasar
behavioral1/files/0x0007000000023ca0-6.dat	family_quasar

Executes dropped EXE 1 IoCs

pid	Process
1080	Client.exe

System Time Discovery 1 TTPs 1 IoCs

Adversary may gather the system time and/or time zone settings from a local or remote system.

discovery

System Time Discovery

T1124

pid	Process
5344	svchost.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
4656	schtasks.exe
2484	schtasks.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1080	Client.exe
1080	Client.exe
1080	Client.exe
1080	Client.exe
1080	Client.exe
1080	Client.exe
1080	Client.exe
1080	Client.exe
1080	Client.exe
1080	Client.exe
1080	Client.exe
1080	Client.exe
1080	Client.exe
1080	Client.exe
1080	Client.exe
1080	Client.exe
1080	Client.exe
1080	Client.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	2456	im not verysmart.exe
Token: SeDebugPrivilege	1080	Client.exe
Token: SeDebugPrivilege	4236	firefox.exe
Token: SeDebugPrivilege	4236	firefox.exe
Token: SeDebugPrivilege	4236	firefox.exe
Token: SeDebugPrivilege	4236	firefox.exe
Token: SeDebugPrivilege	4236	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe
4236	firefox.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1080	Client.exe
4236	firefox.exe
5392	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 4656	2456	im not verysmart.exe	83
PID 2456 wrote to memory of 4656	2456	im not verysmart.exe	83
PID 2456 wrote to memory of 1080	2456	im not verysmart.exe	85
PID 2456 wrote to memory of 1080	2456	im not verysmart.exe	85
PID 1080 wrote to memory of 2484	1080	Client.exe	86
PID 1080 wrote to memory of 2484	1080	Client.exe	86
PID 3928 wrote to memory of 4236	3928	firefox.exe	107
PID 3928 wrote to memory of 4236	3928	firefox.exe	107
PID 3928 wrote to memory of 4236	3928	firefox.exe	107
PID 3928 wrote to memory of 4236	3928	firefox.exe	107
PID 3928 wrote to memory of 4236	3928	firefox.exe	107
PID 3928 wrote to memory of 4236	3928	firefox.exe	107
PID 3928 wrote to memory of 4236	3928	firefox.exe	107
PID 3928 wrote to memory of 4236	3928	firefox.exe	107
PID 3928 wrote to memory of 4236	3928	firefox.exe	107
PID 3928 wrote to memory of 4236	3928	firefox.exe	107
PID 3928 wrote to memory of 4236	3928	firefox.exe	107
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 3632	4236	firefox.exe	108
PID 4236 wrote to memory of 1340	4236	firefox.exe	109
PID 4236 wrote to memory of 1340	4236	firefox.exe	109

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\im not verysmart.exe
"C:\Users\Admin\AppData\Local\Temp\im not verysmart.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "System Notification Tray" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:4656
- C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1080
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "System Notification Tray" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:2484

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3928
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f8b3e21-6a3b-4760-808e-4faa9d488e34} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" gpu
    3⤵
    PID:3632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {500097d4-6626-48ad-834b-6880a092f6a3} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" socket
    3⤵
    PID:1340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2960 -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2940 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f854f2d-b144-436e-8eb3-4b6d08278ac8} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" tab
    3⤵
    PID:1512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4296 -childID 2 -isForBrowser -prefsHandle 4288 -prefMapHandle 4284 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c53be24-181f-45b9-ab56-958e176f3fe0} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" tab
    3⤵
    PID:2160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4940 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5004 -prefMapHandle 5000 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ff6143b-20d0-47b7-9cd1-3e19fbb1868a} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" utility
    3⤵
    - Checks processor information in registry
    PID:5216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5244 -childID 3 -isForBrowser -prefsHandle 5236 -prefMapHandle 5232 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3cdba7d-b435-4271-b4cb-2798a678fb78} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" tab
    3⤵
    PID:5468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5288 -childID 4 -isForBrowser -prefsHandle 2680 -prefMapHandle 2732 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39e14eb3-d579-4201-b0b0-df162fceb855} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" tab
    3⤵
    PID:5496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 5 -isForBrowser -prefsHandle 5604 -prefMapHandle 5608 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d70ffb5c-e952-4cc8-98e9-779f42a70b9d} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" tab
    3⤵
    PID:5508

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
1⤵
PID:5232

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
1⤵
- System Time Discovery
PID:5344

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Time Discovery

T1124

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
c973210d2ef84ca51fae09de4c59db6b

SHA1
e482da577f4063a50cd5f84f716a9fa7a7f8de55

SHA256
2ac9628a931ca11c69aa2c5fe7cc5cedf457ec659147926577eb97d1efaf4591

SHA512
6b32b02e3213d003f7ebb22c6eb62154eb982cd53ec22db6b8325b18ffccea3652d82d164c8aaa7ac3d3f3f43a114a784ad11125737e0b4e0463a6fe83feb834

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\AlternateServices.bin

Filesize
6KB

MD5
f3b3ff0174683087c3726ffb0c8bc1cb

SHA1
c2ec6632259abe22dfe05d9e90b7e7b984413ba6

SHA256
9c5b9470c9f2ce6726e5b4925e0d82851e57e896beced314b1060b3e57cb860d

SHA512
103593b1a003ff1860c5d82c5aa03c21e5a112fcc36f9b63381f47b92ecf6caa035f0d321473a4239b8339886375876301a271afd99e1074c3400916dfcc8de1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\AlternateServices.bin

Filesize
8KB

MD5
16fc632ecda7dd11178f7829a2c18053

SHA1
2580b7af92627ae34e6068201aa3b189f9acb929

SHA256
5e29a9b2d7f7eda4304637dae79877b599ccf3611f24c5356a4cae4ce442f458

SHA512
f76aaa109b17fde531b3e15ef16d75310a37628b2c47d9865b990dd0dc13fc519cbae5b26c93588592c39e1976da826fe57471e47954dec78cd5e484da8b2b9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
0f37ea209c31f7c5cfc7f6ac2f48825c

SHA1
1317a0b9d3db69e0decfba24e0c507751be914e9

SHA256
3265e6c655928b816de3e048ceae80abc1c391a16f29cef1acb673cd2f6922d7

SHA512
f24f3c332d68a77ae4023257463d8242f53181f22b84f387db360c6a61785a510fdb4263f50c4fc5906fb2e3628dcf34093692e1233055a494bc45027470b74e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
ae106bbff0c27a9a601ab5315cc30d50

SHA1
431db6e6e3b1a1f876e32f526b47af5592f3047f

SHA256
25c5cc8242a2f2ea7ae7f37f56edf22fa767d59112dac1e2ddca2dcd800cfc3c

SHA512
815f7ce05bf044216f474e9dcfcc78cd78dc365ba486e5b26d69dce663410c285b2cf5719f225298ba6ce8a96e32f0ec2b903a8fa76f9d0bfe0e7d7d35f51522

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
5b018450cb076cd6a8509b7ded272978

SHA1
16195b44fa035ac55272c528b68f30972cbcd7a4

SHA256
16e46bd445ccefb08f7869c5811cafbdf7b5c9ac6d6cb0dfcdbe750c0eceab16

SHA512
71a8dc136814537d9535cfdf44d62374ee923d1b7c796f709a5ab85bb5779b586ce478fe0070e764f7637a81fe71e667c12b8ad04d68d85c75d35b2757409de0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\15a1f446-c9f4-495b-8a57-524914f4dc02

Filesize
671B

MD5
3c563ea8382a2bbcfa84b065012638e0

SHA1
a2b6b38c91e0ff62be49529dd73c042db6b9240d

SHA256
fadd7e58469a77b38251abe1e7cb04afb112e790fb00cf9fc01f0a593789cfeb

SHA512
00c00f7dddcf195cf440b8c3934346060f0e1c086c6373515a9363176a23513cb8eb9113d19598f3e0a8079c24f213e5a71afd4a48d12cbfcc19c456d8408571

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\183d6179-5651-4654-aeb5-77f723875a8f

Filesize
982B

MD5
0fdc7ccf9d9a1b9cb75b6d797a8b403a

SHA1
d30285d5e502a1f84df181b1a61d0cabaafe2b23

SHA256
436a4d0ce305e5759f235e0813ac983649489cbe43d6c9e3cbfea393830431b5

SHA512
aa9fb02f2567dab857902103651b854610d08f263423ad886805ed91503b1f622f6ff5b95694a585ca22869c7ff96a55317000787328ca033a8cbbfa4df2e323

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\90c89cde-2e2f-467b-b030-4f9c94c4f073

Filesize
27KB

MD5
4f2d0b417487951741353561893a5374

SHA1
4bcfcaec9f6bbc28042f92e229d10b69ab3453e6

SHA256
f0aa72b4bf51bd243496d05136164910f02f0ad8b69973153207cad468202d53

SHA512
8b9c2806e430da0506db5fcd41c386e7b0e1369811cb125a758377d56009e46b3c56a6f37017320f93fe9a25be0e0a726ebf2d2822e81e31842535f6f4f3ad0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs-1.js

Filesize
9KB

MD5
d95376978a5dfb583688e89a144057aa

SHA1
613b8de516428c1d600ba327c894027ae416a109

SHA256
a3531cacfcfa149889b46e8d793eade91a6f35f396db69063bc7ba7a34bf14e6

SHA512
d54d60f2f0c1e333f8c698a3f26fadee9f6957d2ee68f4d24a6cacf88a2ec0c2d1b8a9eed6322a1c435d1966c55b7bea5f3aa08449af3663ddcc15c2f5c86f3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs.js

Filesize
10KB

MD5
0fbebd11fe91da25c33163e6b6e32d8d

SHA1
1b17d75fa4003bc867aded7329883bdc736d0bb4

SHA256
db967e0641a98cbca13a1cb4c3101371de2569d34855e13218be9b30aa638958

SHA512
72534a4d5a191299b7f2e8a0b75996c92210e355ee7484b5db6482d0565373383fd82176b3e162ef350c5ddf0672a37b6d9905345ae231df31c1a077c2c0b02b

Download Submit
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

Filesize
3.1MB

MD5
45e2aa5fff9ef27dbe69e171d2827ee1

SHA1
75344a650dc891b86060124c855ec26e5c4dfbbe

SHA256
bb5398474b2aa16ce6c29b681fcb98f4b19bb152413076b7b1748e41efa6dc6d

SHA512
c0d9824e1a8fa72ac29cd151f4331268df9839ba7a071888f08f2bbd73ab45b3f0dd61d4789839f30ebfce208d8409162abe17d316d2ac06470fee5648fbac39

Download Submit
memory/1080-16-0x000000001C330000-0x000000001C342000-memory.dmp

Filesize
72KB

Download
memory/1080-11-0x00007FFE54FA0000-0x00007FFE55A61000-memory.dmp

Filesize
10.8MB

Download
memory/1080-10-0x00007FFE54FA0000-0x00007FFE55A61000-memory.dmp

Filesize
10.8MB

Download
memory/1080-12-0x000000001C2A0000-0x000000001C2F0000-memory.dmp

Filesize
320KB

Download
memory/1080-13-0x000000001C3B0000-0x000000001C462000-memory.dmp

Filesize
712KB

Download
memory/1080-19-0x00007FFE54FA0000-0x00007FFE55A61000-memory.dmp

Filesize
10.8MB

Download
memory/1080-17-0x000000001CAB0000-0x000000001CAEC000-memory.dmp

Filesize
240KB

Download
memory/1080-18-0x00007FFE54FA0000-0x00007FFE55A61000-memory.dmp

Filesize
10.8MB

Download
memory/2456-9-0x00007FFE54FA0000-0x00007FFE55A61000-memory.dmp

Filesize
10.8MB

Download
memory/2456-2-0x00007FFE54FA0000-0x00007FFE55A61000-memory.dmp

Filesize
10.8MB

Download
memory/2456-1-0x0000000000490000-0x00000000007B6000-memory.dmp

Filesize
3.1MB

Download
memory/2456-0-0x00007FFE54FA3000-0x00007FFE54FA5000-memory.dmp

Filesize
8KB

Download