hxxp://etsc[.]com

Analysis

max time kernel
292s
max time network
210s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://etsc.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2236	firefox.exe
Token: SeDebugPrivilege	2236	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2236	firefox.exe
2236	firefox.exe
2236	firefox.exe
2236	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2236	firefox.exe
2236	firefox.exe
2236	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 2236	1300	firefox.exe	22
PID 1300 wrote to memory of 2236	1300	firefox.exe	22
PID 1300 wrote to memory of 2236	1300	firefox.exe	22
PID 1300 wrote to memory of 2236	1300	firefox.exe	22
PID 1300 wrote to memory of 2236	1300	firefox.exe	22
PID 1300 wrote to memory of 2236	1300	firefox.exe	22
PID 1300 wrote to memory of 2236	1300	firefox.exe	22
PID 1300 wrote to memory of 2236	1300	firefox.exe	22
PID 1300 wrote to memory of 2236	1300	firefox.exe	22
PID 1300 wrote to memory of 2236	1300	firefox.exe	22
PID 1300 wrote to memory of 2236	1300	firefox.exe	22
PID 1300 wrote to memory of 2236	1300	firefox.exe	22
PID 2236 wrote to memory of 2700	2236	firefox.exe	29
PID 2236 wrote to memory of 2700	2236	firefox.exe	29
PID 2236 wrote to memory of 2700	2236	firefox.exe	29
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 2996	2236	firefox.exe	30
PID 2236 wrote to memory of 1628	2236	firefox.exe	31
PID 2236 wrote to memory of 1628	2236	firefox.exe	31
PID 2236 wrote to memory of 1628	2236	firefox.exe	31
PID 2236 wrote to memory of 1628	2236	firefox.exe	31
PID 2236 wrote to memory of 1628	2236	firefox.exe	31

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://etsc.com"
1⤵
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://etsc.com
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.0.44812782\1707247073" -parentBuildID 20221007134813 -prefsHandle 1252 -prefMapHandle 1244 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {542cdf01-f71a-4062-a235-76e3893434a0} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 1344 46e7e58 gpu
    3⤵
    PID:2700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.1.1778137329\798704395" -parentBuildID 20221007134813 -prefsHandle 1520 -prefMapHandle 1516 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e70b60c-0c88-4471-b8ec-c16848dd77ae} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 1532 43eeb58 socket
    3⤵
    PID:2996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.2.2119234022\165404786" -childID 1 -isForBrowser -prefsHandle 2188 -prefMapHandle 2184 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 792 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9635768c-88ec-45c2-8e6c-7d8f17f638ca} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 2172 1a071858 tab
    3⤵
    PID:1628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.3.1031449190\408620844" -childID 2 -isForBrowser -prefsHandle 736 -prefMapHandle 528 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 792 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {62a3f224-f9f4-4185-a40e-32975cc02db2} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 1844 e61f58 tab
    3⤵
    PID:1724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.4.1452812508\1026137171" -childID 3 -isForBrowser -prefsHandle 3596 -prefMapHandle 3584 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 792 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34332c04-cfa5-470c-a49c-5d1d34c7ba02} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 3656 1bc20158 tab
    3⤵
    PID:1924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.5.1034427649\1365094652" -childID 4 -isForBrowser -prefsHandle 3752 -prefMapHandle 3756 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 792 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04c4162e-7b96-46c0-ae2c-26d4ddcdb24f} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 3740 1f87f758 tab
    3⤵
    PID:1328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.6.1215184419\962847216" -childID 5 -isForBrowser -prefsHandle 3920 -prefMapHandle 3924 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 792 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57280553-c580-41fa-a007-753fedf3ad20} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 3872 1ec84558 tab
    3⤵
    PID:2312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\cache2\entries\77FB5EE92C576E2505C8C9FF2EC417D7727F401E

Filesize
13KB

MD5
603d2ff4dca6eca0a6b638ed7a5edafe

SHA1
bd4a76f70b26d342d81a8179c3309b4a4111ab99

SHA256
843aa3dd6aa0ba0f65f7a2c79e1d9889d7287abf1b62edecdfdb219beef8ceb1

SHA512
4604751226fbfaf1e3a71cb670a98fd763f3a38fe760e2b5405eb32a52323232cb97f5c932816a54eb7c0154ab9b0396879a9ad6da9df660333e1f13e3304c75

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
477KB

MD5
8188e0679c96a16779825c8f06f57a55

SHA1
c206b7ded4da1d511975633643052006389e28a9

SHA256
bc79f24d6da6ec958f24337c41c4185ea02a4df4ba977afd2173854cfb528d9e

SHA512
fb60fdabdcdbc6a826509cadb69f939fb08e668952a6f0ba14ddaeaa7ee5feaadc353ee1b57d346fea676ca6802ef360a0524715af88f6e51c55cf4603259149

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
997c3fda66af12efeda5c2c4427452e0

SHA1
59f221f864300d72da9160b74ca14fa458f4e7f4

SHA256
8ad7390f91bdda5578093c606b2cf1038f17c390b0506ed605ccfe51c5a5ecd4

SHA512
24a67b9f74313730acf2637c500644afd2fdda57e87f5cd25e30271a49599e889156f47c6c8fb9c83c9010207ab1298024d087b1224327e0964acef35cab1a17

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
0608ae940e346d41306a0d6c7e974b00

SHA1
c4da4d29d707940ef2eb52014e3d72f622b325f4

SHA256
a1a3f4ec31e5672ebe4fc0493f24b208874b6b7e445fd145f5c85471d18f9263

SHA512
2c41d6dbc74f57302ba40e235a09e5ec0e2ade06d93d1157fec5b61332fc24a5450afae0feede8c82034753b8bf919ec171eb7a32f5acedcd6960e0ea916cf98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\bookmarkbackups\bookmarks-2024-01-29_11_CXbhPZu7Ih-VXWTNB4W6yg==.jsonlz4

Filesize
944B

MD5
d4cb47f2151c27eaf6ec37c304e8330c

SHA1
b511b1dbb1a73c06906bd90acc5ed0c952300923

SHA256
832a9985b890c9b910bcd0de3ef406e5ba68612e99d5e92be76a2c73490e5482

SHA512
1f538082825dedaa5d0b7ae60a925241b2ae08cf1afe7e9bebc3b03688fe254647e9930ed318471b4afc834c54e1c2c68883c12f73f6a0026f0efd95cb3066e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\broadcast-listeners.json

Filesize
216B

MD5
a6483f6f9fb29a11aefde72dee23c096

SHA1
2e8d65ddd3b4d5d3be56365d5acb232637f59845

SHA256
96ca4ca26c2a378315ba9ee97476f142c220983c4374598fbb64894964100bbf

SHA512
0a77bd55e3dab29c681d47ef1bd51062e58cfd78791f7a282e2aab8984ed55bfedfdc45f2626fb462ee15a42e3fdc8cf2fa9a777994a3d0c6024d3bd17e33582

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
b396d7d8ad55df2e6d0e8cc92f560aaf

SHA1
4c5ffe075f309b37a307dea7986ba624808541d4

SHA256
0014675d4d30a75c92cf74f06c1c0e65224e353e7f9b393e0c8e1be3d0332fee

SHA512
a1320a43f0ab4a179ec445655636e61ae801b30b0aae2536c73ef9c380c40aaf8ba5582d3a8b6963c8793ed4e711679f3cf5a0d45bb521b2cf3941e6f4ac5c4a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
6b695a8fb1c4483e282b94e973cc5629

SHA1
741af3547f44d8433a39a19661e0c8f31ce78e6b

SHA256
15fb293f2d2166f537e73fa605c2fedbb4bbc6e1b16771287098006162b9214e

SHA512
bdc76d99084dbcad06ee803b814ad6aa22412ac287d8a1be693da230ad352a66e73cc59d1a2bb88e82ce0601040a7609d0733798bc7c75f9ff647db0905993a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\datareporting\glean\pending_pings\1fd523b9-6db1-440e-9b07-f66aa7d3c839

Filesize
733B

MD5
64c7423430a1fb5acd9f440b04985cf8

SHA1
297bf25fca8c807cb254020ae56751d01e4b675e

SHA256
937a9e568db21923383440cc9758e92b91bf40c46599c3dbe9709b3fc51e5b29

SHA512
e222a80042d2c171e53097fc9e1453daeaebfce9bc36b72926365ddbc9aab003f6973a7b1ab34b7042b0a79dc9a10697c372ecfb7e813589e15bccf7d841d7b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs-1.js

Filesize
7KB

MD5
11acc7b70de9668576217d4bd36698b5

SHA1
92ee75b4478a86aa3aef6fe0b4eb85955196cffd

SHA256
03ed4c7cda96ef803b177a63f4455d1c7978945ae019b8684383e7c2bc455f71

SHA512
1e758c7e4f6e7b0a01af966ca8c7844a316f442b87060d3928761d33eabaefa20159d39ccc2d32106462f81c1fe2634e95e96360474a481024f60b9a49f03621

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs-1.js

Filesize
10KB

MD5
078c7ce6fae256e98f7d21e98d10e414

SHA1
7032ba5ca1d96cc02f6509a2976af24e491a9540

SHA256
b733e401e0300db4158977c3542d997b816929c88e0254232b906989e516d5d9

SHA512
5b58be21263a5cb92f2dbd616cf96db6883e5426da25ac3491ccbc65b3c6272a4559500429e8057f8555f0e1c60d1fa5837171a8390aeab5d1da8bbdfdbed62f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\prefs-1.js

Filesize
9KB

MD5
6602e5859ae7379c9f122e9860cd93f7

SHA1
3601cbba221dc9c7676c811999c74cd1e0ea0097

SHA256
a2dc51a805bcff885990ee9b98a9a11d9b51294a1384cdad0e901d813cc2d027

SHA512
95a645d33df90de74b0d362f27fc690cd01176cc1749a027997f88694ba5012014a504162b6a0643fcfde72a2bed7bf4867f852c29937d5f869cfd558d954e24

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
387aa1228208903e079cc44023a54bdb

SHA1
9a83ffa9b8996f8846ed2f5cfb1fb7f9c1e514c6

SHA256
7c31af45b0ea2fd915dd38f89a8cdab3f5ff26a14033fa2291e9de12d75e80ee

SHA512
ca68ea5e72f0f1d405e275009c8ebb6b81d76d0acd181853aa86520fe56d873cc5c4bb59eff515a1332c9f6223ff68313cd9958d45b94cd30d793f895c8862a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
935B

MD5
d5dc2580cd19da7c610d3fb0f3bf54e8

SHA1
90c8a845c07d242e6d421c450aba998a8df3ea36

SHA256
bc6fe4c91bd19e6dfe0ad56fe7569e0eb868d806cc2f28038f4ae8d47068ffd1

SHA512
cc3debfe45277c4f3ee2f69bfadfd9de4c3c18d6a828846e2af96c5693f421e6168611f20c66371848c954e514d8f2b42778f59f68eebb3552829612e8d44ca1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
1a3730d2c03dc5dd6ca328fd31ffae25

SHA1
ea5ee0830758e5e374b9b6f4ea53c70e988fd1df

SHA256
012dd7b1a2c6393f6d04e1dc1a0785c8bf243fc9afe8f36c1ed5915f164e6579

SHA512
2643624c1f3dd3f16cff9dba22b70f926e2aa24478d90bb8392cb563d401ec20cf7377a2d8bbd2f04f662abb7271d1167a064a5813fb58175ec2cb352d6ec5fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v0rbzz8n.default-release\targeting.snapshot.json

Filesize
3KB

MD5
d455a4c6f538e39b706738dd2dd8bdbb

SHA1
509da5a7530cf1b3afb6db8aeff7c18c72cfe825

SHA256
bbaf9aaf3c259847ad67ff0ca7e1f4d5f9ce7749fc863166ae262cc6ff8737c2

SHA512
ee5e8321581c3685e6c322acadc9acc18705da258d67836097a9618a0dbd94f39d2cf9d225f28932c7c54f649164b8ca3adb90a362e60518310ae36adc45968b

Download Submit