hxxps://github[.]com/vipmodz13/Bot13/blob/main/project_2[.]py

Resubmissions

18/02/2024, 06:32

240218-ha4swsfd29 6

18/02/2024, 06:31

240218-hakd9afd24 1

Analysis

max time kernel
98s
max time network
98s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/02/2024, 06:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/vipmodz13/Bot13/blob/main/project_2.py

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
70	raw.githubusercontent.com
71	raw.githubusercontent.com
72	raw.githubusercontent.com
73	raw.githubusercontent.com
74	raw.githubusercontent.com
67	raw.githubusercontent.com
68	raw.githubusercontent.com
69	raw.githubusercontent.com

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\project_2.py:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1884	firefox.exe
Token: SeDebugPrivilege	1884	firefox.exe
Token: SeDebugPrivilege	1884	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1884	firefox.exe
1884	firefox.exe
1884	firefox.exe
1884	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1884	firefox.exe
1884	firefox.exe
1884	firefox.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
1884	firefox.exe
1884	firefox.exe
1884	firefox.exe
1884	firefox.exe
1884	firefox.exe
1884	firefox.exe
1884	firefox.exe
1884	firefox.exe
1884	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 1884	1940	firefox.exe	20
PID 1940 wrote to memory of 1884	1940	firefox.exe	20
PID 1940 wrote to memory of 1884	1940	firefox.exe	20
PID 1940 wrote to memory of 1884	1940	firefox.exe	20
PID 1940 wrote to memory of 1884	1940	firefox.exe	20
PID 1940 wrote to memory of 1884	1940	firefox.exe	20
PID 1940 wrote to memory of 1884	1940	firefox.exe	20
PID 1940 wrote to memory of 1884	1940	firefox.exe	20
PID 1940 wrote to memory of 1884	1940	firefox.exe	20
PID 1940 wrote to memory of 1884	1940	firefox.exe	20
PID 1940 wrote to memory of 1884	1940	firefox.exe	20
PID 1940 wrote to memory of 1884	1940	firefox.exe	20
PID 1884 wrote to memory of 2684	1884	firefox.exe	29
PID 1884 wrote to memory of 2684	1884	firefox.exe	29
PID 1884 wrote to memory of 2684	1884	firefox.exe	29
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 2588	1884	firefox.exe	30
PID 1884 wrote to memory of 1444	1884	firefox.exe	31
PID 1884 wrote to memory of 1444	1884	firefox.exe	31
PID 1884 wrote to memory of 1444	1884	firefox.exe	31
PID 1884 wrote to memory of 1444	1884	firefox.exe	31
PID 1884 wrote to memory of 1444	1884	firefox.exe	31

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/vipmodz13/Bot13/blob/main/project_2.py"
1⤵
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/vipmodz13/Bot13/blob/main/project_2.py
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1884.0.787122134\1330012186" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97eb9cfe-5238-4ccb-b240-9e342efc6272} 1884 "\\.\pipe\gecko-crash-server-pipe.1884" 1280 108d9d58 gpu
    3⤵
    PID:2684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1884.1.1123880259\1028814843" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ba42ee8-0144-4155-9e3c-838b596e94c6} 1884 "\\.\pipe\gecko-crash-server-pipe.1884" 1500 e70158 socket
    3⤵
    PID:2588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1884.2.2041489512\1520038082" -childID 1 -isForBrowser -prefsHandle 2116 -prefMapHandle 2112 -prefsLen 21713 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6064f86-0473-45d0-ae00-2f49f2f96e18} 1884 "\\.\pipe\gecko-crash-server-pipe.1884" 2128 1a6b2f58 tab
    3⤵
    PID:1444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1884.3.962943781\1931018804" -childID 2 -isForBrowser -prefsHandle 2876 -prefMapHandle 2872 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {569cb226-64a8-425f-aa46-5101a3881daa} 1884 "\\.\pipe\gecko-crash-server-pipe.1884" 2888 e61f58 tab
    3⤵
    PID:1788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1884.4.701973468\644197792" -childID 3 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34f6bf85-e47c-48e4-bb72-05c7ab1ef5ec} 1884 "\\.\pipe\gecko-crash-server-pipe.1884" 3636 1fc42858 tab
    3⤵
    PID:1332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1884.5.2127955454\1823510074" -childID 4 -isForBrowser -prefsHandle 3648 -prefMapHandle 3576 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bfb82e6-4951-4056-a30b-7d90044059bb} 1884 "\\.\pipe\gecko-crash-server-pipe.1884" 3668 1fc45858 tab
    3⤵
    PID:780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1884.6.1486029284\412251249" -childID 5 -isForBrowser -prefsHandle 3672 -prefMapHandle 3756 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a9d2013-8851-4745-a289-309e763a16ab} 1884 "\\.\pipe\gecko-crash-server-pipe.1884" 3828 1fc44658 tab
    3⤵
    PID:2316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1884.7.1238677629\1350370335" -childID 6 -isForBrowser -prefsHandle 2740 -prefMapHandle 2736 -prefsLen 27382 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ec2376d-5567-4e5a-91b8-6b7a0e39fe71} 1884 "\\.\pipe\gecko-crash-server-pipe.1884" 2776 1f81bb58 tab
    3⤵
    PID:2656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1884.8.484488720\413468274" -childID 7 -isForBrowser -prefsHandle 4576 -prefMapHandle 4552 -prefsLen 27422 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7993283-8368-46d6-97e9-b8f454f18e3d} 1884 "\\.\pipe\gecko-crash-server-pipe.1884" 4588 1e109458 tab
    3⤵
    PID:1960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1884.9.1130896837\129185888" -childID 8 -isForBrowser -prefsHandle 3504 -prefMapHandle 4808 -prefsLen 27422 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bf27d46-9d40-434d-bf40-5e13cde358a8} 1884 "\\.\pipe\gecko-crash-server-pipe.1884" 4832 22697358 tab
    3⤵
    PID:356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1884.10.954400088\1643288830" -childID 9 -isForBrowser -prefsHandle 7240 -prefMapHandle 7200 -prefsLen 27422 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb57c877-dc0e-4656-926e-946b1baa53e6} 1884 "\\.\pipe\gecko-crash-server-pipe.1884" 8872 252dc658 tab
    3⤵
    PID:3396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1884.11.412929418\1884021813" -childID 10 -isForBrowser -prefsHandle 8780 -prefMapHandle 8772 -prefsLen 27478 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07bdc407-d06b-4ebf-941e-45e6990b52a2} 1884 "\\.\pipe\gecko-crash-server-pipe.1884" 8676 256d0c58 tab
    3⤵
    PID:3716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1884.12.2136084583\1030309411" -childID 11 -isForBrowser -prefsHandle 8560 -prefMapHandle 8556 -prefsLen 27478 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d072faa-3442-407d-8e95-4f1f2cef7835} 1884 "\\.\pipe\gecko-crash-server-pipe.1884" 8572 256d1558 tab
    3⤵
    PID:3724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\doomed\17302

Filesize
13KB

MD5
dd869ac4880523bf63514aa7a1c78ea0

SHA1
be92810f8276ed314cf0e87b58b77474b553ed70

SHA256
7ed11a0a70eb4403682067e4de80be543d5eb9375c74d8f0b634d48476d19cbf

SHA512
9562c8857749a2f0ce553c6c3c0519081a8763bbb1c65fbd5360ca292ee1b8159f608248530f2b1050307de3b52a35bbbc2b70df20ad60da17d870ad74b888f8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\doomed\25287

Filesize
11KB

MD5
4bc0eae354627f08a3a26de7467d014c

SHA1
596a3707a68161ecd32a35fd5f3f478f366471e5

SHA256
51ac401bd2dddb001d2ca75f64311463fa8881a65f867da7d22d8d5dc35723c8

SHA512
9464d7ec481f2fb38a9180d74c197d0fe8a9959885b5452810fffc95d86e14bdbd6ff1e6937dc659394c1cd7b5bbe820e673a54e354fb098fa765a799d4de6a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\entries\694C968E6AA9E408DCF29F1FC82221DF09166CAF

Filesize
203KB

MD5
41e96ed4cfd29b77154cf02602b40739

SHA1
036148e9a9753226e8a88489fa8d1fcf092681c5

SHA256
23772c5f119bd7968fd780692cb27d4d69bd6bb5987a9a834fd615aecaa93158

SHA512
5fd7afc872a8768a3808468030d03903681ce3c30a7714a379745c187575031f1dcbc7e10dbdd25d490864628188f6d1d013d9820b64d2717440d9f56425036d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\entries\8CD7244C679009C74FAB9D50126323464A3305AF

Filesize
78KB

MD5
aa9a16e5c9334d5036d648b51d504381

SHA1
245ea23ca275d7c57ce951b6c9e732f3d7498d3d

SHA256
fb3d36b27cfce98f9a21128151d8ccf19b8cc02cc1b7db1c10f50052e4c76c81

SHA512
b81ea8ca1f7cd6836f7c58afcd0a17d86ef53f7e6e5361a36d461cc2697cd09b89d1a2aae8a241de64ac444b336dae800f4d54ed8340a20747126e172e4d364f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
697KB

MD5
a538f368efdbeab8d5bdf020604ce226

SHA1
e9ca8c80118bdf36635602860139d4320d49eced

SHA256
58af0f6d04c9ac5d20ab7304a47b8d3a9691f18cb7c397d6fa09cc65664ffd91

SHA512
487b3dc72b2dbad72b02fd84822c9e1ad3c64ae460ce4488b258e66f44bc6e37f1c4931d4449cc60e80c9c9bd20d215d4b0ef5d26f7664bdd7f34790a14c9635

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
3b2432c784ca889d948bcf5e7595999d

SHA1
1b0dff0463bd6c18c5a7d4749cb491796d1db3eb

SHA256
c54931ccd9d0dc8d55183c5baf0936d513042185a40239a19546daffa30e0377

SHA512
79a06d9dd68dbeff6ccb1514eb6dcae627404b0708bf4b025f0ff41d59ad6d1239732768205a9b108fe127ea576281660211bb0e4452f3c13ab71d889f57059f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\87aba541-9aa2-4364-830d-863747be7591

Filesize
745B

MD5
cd0c40abcc2a02cb6dcf68cc5b4197bf

SHA1
b5f3c497405b2f0d2ddce701f2eca27dac00a441

SHA256
993c21415c4536365a334a44e70fb8a9e44f0c65bdbbe4a4159543957249e2b8

SHA512
5480027edfded06a55031370a08d42c2cbcc07dd448e0647fc63471d466fc8203c18d70ed2f9748cb2e9f27187dda3907953ae00098015596763ad36684df1c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\ea59920b-4e01-4e1a-ae4a-27b3e260983d

Filesize
12KB

MD5
85cea5f664c7c035726ea51ddaeeed07

SHA1
d785cd0aef3f91a782061445290209dd2298657f

SHA256
c0c7698ec10e4f60e1115a9563e3aa84160cd24e0d124fae0e0899d4507434f7

SHA512
d6f878ed90fada17b96db8c823d796f97998e85c2df88a7d1c5389e3717051bc0941b5a7a17235fbc9c5776556eced8376cfd7ff0d9b43478679f7f27d8c92b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
493KB

MD5
c756cb621c9c821ace0b67c3ec040785

SHA1
0ef7f0d0f51f4a494d6622ca682ce9c3a4350c72

SHA256
42a0f70c03c6430039429cfc353709d0daf7de45cca98de9dc8a00365a248cd4

SHA512
0cb710bf7a027a3b0527d4d050b9d4f42f048899f1267e0396dfc0b63157994faf2b29925175f7f6b00e6a4a3c2856384423df2beac26b8104c4abc2b53a0a76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
488KB

MD5
ee6b20cd7bd12a2bd963099173f4acae

SHA1
46923ae1a96d44cf0ca5a9dca04dc1ce75bbf240

SHA256
69d3c5beb32f86eb6c7d95e02127ff2aeb4fb6704bbf8bbc82897e0f82e5e3d1

SHA512
cecca6016cbb982c7d6d4c1de991ca990b1cd33222f2aa2639eec7994a8d726b169c08f6637805cf2e151de0f7829c52ba8fe765b202d2ecb408913b9f629849

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

Filesize
6KB

MD5
3ebbc916d714d9c93f70bd46b704dc5a

SHA1
28e2489949c45b998d7d813ebc7d1dfdaf577320

SHA256
4c3c73fdc243e1d7e44b65eefb3fdf2da866363fe07a54a995a513043c0daaa8

SHA512
f93307936f26695066875c6ca755545dba488f43f4ba075d994c5021ec67b3039f8cdf5d3530bbe89eac26270334e516d426720458b50d2e35f62ebc635fa7b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

Filesize
6KB

MD5
3eedbc1f9260883fe62f1b3c1dcb1535

SHA1
37f9fea408f311259bdb1edce58d0e1a5d7a3d6d

SHA256
96682c469c64b3bfa5f1365e53acf52227490b9a6d6b6cc466007f3dc5a61023

SHA512
a0bf0d1a4d4f33ab95254220ada79871d6e65e0e8c1111c9d98f3a4be72b0f0d17021681215c1d6b68d70e435f2e27e92c33597afb33f021f730daaedb0f4343

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js

Filesize
7KB

MD5
96be7db9bb605a33ca3dc942ea798cc0

SHA1
e04747fddfbaf3b155c2f16202a795fbd6ee5ef8

SHA256
b685e6fa00a72da22f3768a23e8ebd1128a5c0b54446d5a56ababd63ab533973

SHA512
f5e102ecc9ac660c8f11d0ffa8f62c517f3c137fa30b3927575103f54229a08b035e8ee5b2ad753ed8b7274edf12a77024931cd1de0420b5246d3632709bb3a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
03eabeb52f8715d9b8f7aeac75c3e865

SHA1
5c66020a681b594187c823f0cce4764b42d3dfdf

SHA256
3239dcaa3dc68b7c263c9aeb5172d94031d87db26d3b476fb35e047b30f6b744

SHA512
57039194a72b1a1e283e6fd0ce174d918dd5f54c3167947ef80f7cb4fc3dd79e493886a0743dc6e06f59d8f75e91c666be831a829920cd408f2db399ffad15e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
51c28abab2eb020212bdab22ab969a12

SHA1
9e0394bc8823493c900753a99f1b14e7c799f051

SHA256
6c78ba03a9168dae61c26938e703ab197780e1f545138f08534c8b49c106d05b

SHA512
c88309a5a7566fa733bfb9fa5cf41665cf0028045b09760a9e2909afd5b703960ee345ad7e94276c877fc1f619e1a9d9d5a15bd6ac33ff42ea3cd6d34712b79e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
05668dcbd6cbc49844db7cf62ed96f97

SHA1
daeb2fe15766f4f1f23d130a3c3d0e63cf313883

SHA256
9bcfaa9a05342b33d537306c6b5e5a25689f390bc5308022b6c7eef7a951e0b8

SHA512
12adca4ad2e9329a883b046d15474e409224fe3400a7ef873a7fc2177b119c93a84527f603409785ca2ab8a05ccb8c97fd831b76a7f09dcd891cbd1bc7b69ad7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
e202fb036f9e53f9c0e1dbe9f415f36e

SHA1
b083377c1cb0a701a4708ad3ef4e787168b73ee3

SHA256
e6cef57f200ebc6087184366970a0c36353000b3ccda40bae46c0454d80f4861

SHA512
7319bfca3f24039528eead3cc23779d1d2c4987c1ed4cea355de6b2f25c071a6287abdde226fe27242ab0db48cdea3d3d7f39c5afbef1249a10d8c2763cc1d1b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
66f10c2fb5f85b37b65748d05a18720d

SHA1
71ccd9019828634635476fb6a9abd300ce9dad87

SHA256
ad9b7ceb830c7b7e72062f989b78fa15f3bbfd9e31d443bfae1cfdc9c209c219

SHA512
502e9f25d884a19d61ae988d22d4bfc00d18d211032a1085e3c49fce21f57737b94b0414c6c6a1413f133f6132048edf316bc4d110ddc9ebaed51fc0f9aac016

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\default\https+++www.virustotal.com\cache\morgue\236\{6a8505a7-6cbf-4070-8ab8-c15d5d7e3dec}.final

Filesize
45KB

MD5
cf6e49369b68d24b9f4e565a0e20de63

SHA1
f86b514a6369326b4f914057ab322528ff510ec8

SHA256
355cb026266bd0372abf29cb8d9fb7c6c3145bf844a4c399cc6fff58c8f46254

SHA512
32400710c411e21249e12105cd9b27bce321df176f23d7c3500051bce948d287693f2c0cbd1676b249eb6d7ee2285f0d41192864776baff41520ee32550822cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
e51eda7108584002236f977eb9bd8f19

SHA1
178acf6e9a55c32a2330762c22f1d69c9980355d

SHA256
4039b24854badf5b8cd769f2bd7d0a9926e900885fde5e0c4b02755920e8e73b

SHA512
cfa8af9456cf336ef635f2a85b067842cead74c55ec474e76ffd21b81a2cf5ab018ae811e74f47edf55ca3afc3cdca2a114adb39cc9b3ceb9c31e31f21be24ac

Download Submit
C:\Users\Admin\Downloads\5K8V8wxY.txt.part

Filesize
34KB

MD5
058b6093709ea4ce4eba6db3141b3f67

SHA1
5e0555569d91d2bb7a870001563c52cfbeb7c4cb

SHA256
574905f74edebe7596065e3c1311d3ad8ad03967631fe93a91674319a50b6815

SHA512
cb4db3b6852671e5b6a6febd97b8f00b155d7a1ca8f67fd5390f0997e689df7f18cdca49b88d52c5f08a7222433ef02581cdd2f58578458066dad253c1c88c7d

Download Submit