hxxps://github[.]com/simalei/njRAT/releases/download/v0[.]7D/NjRat[.]0[.]7D[.]Danger[.]Edition[.]zip

Resubmissions

20/02/2024, 19:40

240220-ydqnfaea51 1

20/02/2024, 19:37

240220-yb4ghsed85 1

Analysis

max time kernel
1514s
max time network
1508s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/simalei/njRAT/releases/download/v0.7D/NjRat.0.7D.Danger.Edition.zip

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\NjRat.0.7D.Danger.Edition.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	2236	firefox.exe
Token: SeDebugPrivilege	2236	firefox.exe
Token: SeDebugPrivilege	2236	firefox.exe
Token: SeDebugPrivilege	2236	firefox.exe
Token: SeDebugPrivilege	2236	firefox.exe
Token: SeDebugPrivilege	2236	firefox.exe
Token: SeDebugPrivilege	2236	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2236	firefox.exe
2236	firefox.exe
2236	firefox.exe
2236	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2236	firefox.exe
2236	firefox.exe
2236	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2236	firefox.exe
2236	firefox.exe
2236	firefox.exe
2236	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 2236	540	firefox.exe	52
PID 540 wrote to memory of 2236	540	firefox.exe	52
PID 540 wrote to memory of 2236	540	firefox.exe	52
PID 540 wrote to memory of 2236	540	firefox.exe	52
PID 540 wrote to memory of 2236	540	firefox.exe	52
PID 540 wrote to memory of 2236	540	firefox.exe	52
PID 540 wrote to memory of 2236	540	firefox.exe	52
PID 540 wrote to memory of 2236	540	firefox.exe	52
PID 540 wrote to memory of 2236	540	firefox.exe	52
PID 540 wrote to memory of 2236	540	firefox.exe	52
PID 540 wrote to memory of 2236	540	firefox.exe	52
PID 2236 wrote to memory of 1040	2236	firefox.exe	84
PID 2236 wrote to memory of 1040	2236	firefox.exe	84
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4292	2236	firefox.exe	85
PID 2236 wrote to memory of 4376	2236	firefox.exe	86
PID 2236 wrote to memory of 4376	2236	firefox.exe	86
PID 2236 wrote to memory of 4376	2236	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/simalei/njRAT/releases/download/v0.7D/NjRat.0.7D.Danger.Edition.zip"
1⤵
- Suspicious use of WriteProcessMemory
PID:540
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/simalei/njRAT/releases/download/v0.7D/NjRat.0.7D.Danger.Edition.zip
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.0.692643181\199610829" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1917af4a-49ed-45f9-8b25-0c2ab1f7383b} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 1976 14fa83bf158 gpu
    3⤵
    PID:1040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.1.1415601729\848182700" -parentBuildID 20221007134813 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcf41098-4911-4bef-afa6-729398a92040} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 2404 14f9b975e58 socket
    3⤵
    PID:4292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.2.1080223122\1912613206" -childID 1 -isForBrowser -prefsHandle 3032 -prefMapHandle 3048 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e43cc7d9-fac6-45a2-8714-51137d906f50} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 2940 14fac3de658 tab
    3⤵
    PID:4376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.3.1707816185\622500578" -childID 2 -isForBrowser -prefsHandle 3684 -prefMapHandle 3680 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47444fe7-b1b6-411b-903e-c6fbec866c59} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 3696 14fad4c1f58 tab
    3⤵
    PID:3640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.4.413825519\830370459" -childID 3 -isForBrowser -prefsHandle 5160 -prefMapHandle 5148 -prefsLen 26421 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ee71c93-2557-4d40-847d-62d97d4e29bb} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 5188 14faf2e3d58 tab
    3⤵
    PID:3092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.5.2060032936\1640184287" -childID 4 -isForBrowser -prefsHandle 5396 -prefMapHandle 5392 -prefsLen 26421 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fcaeab1-ff64-4ece-8aff-05d58836e0f0} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 5404 14faf2e5558 tab
    3⤵
    PID:4228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.6.130022050\63811267" -childID 5 -isForBrowser -prefsHandle 5304 -prefMapHandle 5536 -prefsLen 26421 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb1b498a-7843-42ac-b445-58ccc0b6ac78} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 4616 14faf2e5b58 tab
    3⤵
    PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\cache2\doomed\22873

Filesize
9KB

MD5
b3009281e88414c271e08c6c9f15034f

SHA1
b448bc7c6f5209c2c870824c7a11a7d832893fbe

SHA256
79b953b0ffdf4acb1b88b2fd4314b03d72380c7f761892b00b063e87469b0905

SHA512
4b45338a4fc770e591f5f293f1003559871e990fe86f3577182740bb3f495949384c0f5fa0929fa61028673560557a42bdda0f77a8433bdfd1f857bcf5328533

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

Filesize
13KB

MD5
848402321aaabc73701a44585b827c0d

SHA1
182dd2f99528180387418fe1e09a1541bf636982

SHA256
d27db3e5a55175859587f1f719800648e0bc81f67e5fd0c4656d14bbbe98e8d4

SHA512
1024ccc6c306c4aa282ffd8a1c2cbdd030b8d2fe756f475f90a565533d801ea0aebc87cc949f36d1c378d823ac8bf31e7ce7e02e8af192064b21ca557bde3330

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
8KB

MD5
78fb48fd89743a3fda1b3bbd8a77f2b1

SHA1
2605dacee4b2c3d648994a844258f42cc8b4c40f

SHA256
1fc91d8ed24ce4f1d5b1ac0659887c76c56de13e667790a780b706abf95fd5a8

SHA512
42b5d4b8ead0de10364c4c7da911bd71809da7a92e3fa8424158e9bb64f8639b9d494031099651459dbc9377f6d133d190629adebb0ea0726f6b68187374a4da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\bookmarkbackups\bookmarks-2024-02-20_11_WJsgnGze+smyG0IyeXPCeg==.jsonlz4

Filesize
942B

MD5
990a779e41ef21495a18baa1cd6c9d59

SHA1
7a627193f490947a0c201138915126c325d4b997

SHA256
63fb4e23fcd9028d79aa2ff0e2dadb6754e459b8272275686da3a6c323370de8

SHA512
309c98a8b8fed798edbe48cb2cb039a182e86c8e70ad658a6feee43cba3544d850c925564c089795959f6f3fa166ef80b2d1744aeba776a30fc4523502461edb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\broadcast-listeners.json

Filesize
216B

MD5
c4799a2c30bfb5e39e39bcfc3812599f

SHA1
2aa3ef47e0f9325736714e0a035ea8f74cb9b2ec

SHA256
a11ece3975cd457c5a3825b56ef3c25b1fb64dea52a07abed9a1ecd050bf2f8a

SHA512
898cd28a0b8d43b2bed3cfc43fca64fd26cb2f003d2460878c1e087d964d99e94ac6d427349cd34ae670dcb6de8ba75e3863b0fbda0fd438759c41d8e789d76a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
cc45003ebebc473a3a64cf8b0c8116d3

SHA1
aaf8d508f91b08b3947ee33b0b8404d82bfe56dd

SHA256
1b35b13d67de97b69aef0abac5553d206f7d28060402315e13d8f0b15232d658

SHA512
31a688322518595c022f69ce18712d22b6231f50fa419e94ac232d2ae1bc7cbef53b4a64dc658d00cefdbcc5c5a68349e81f9fba3fddc166f3fa650f829294c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\datareporting\glean\pending_pings\86db1c2a-f0c7-4a3e-a2bf-5d8e84ef6b17

Filesize
746B

MD5
ff595cf2e293286ea2d714a313756383

SHA1
29fc994f938719f4adfd012732a966044b66ff75

SHA256
93eb047430cb9a86b80034e9e78a1b8400fa340d728db32678c63cba9be5694c

SHA512
b3d43781bb964ed56eb9991c03185bc2ee79e30efd2c406b2f288bd3bb4cee6a45aaec5e4df0a74150337fbfada28041876706ac0b2dee073e4eddbaf8f7fa94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\datareporting\glean\pending_pings\c73e3d7d-9554-410e-a933-ab21690bec92

Filesize
11KB

MD5
43d432bb041d6b343528a9271792200e

SHA1
956f485886eeb9137d1e406e085609907e8f6783

SHA256
75728387cd5e04771b804d79f325c6d609cb623760c4c02141b6050be1b4942e

SHA512
39d4e61aaf4a614e0685263ba4238e421d0e5e3342f1fb8de65f1a33e45e2fd1bb51cd448a72234229d1daf5158bf02979643c68986408a89ddbe3a68aeab63f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\extensions.json.tmp

Filesize
34KB

MD5
58e56c330c4990571ff9863e96e49cb6

SHA1
44c6267af7195f2270dd0d8f4a32a53fb0cdc084

SHA256
27dfffc8a96990750ee62b14a3b704faf7994c36353a9e5c397ae48bc7bdeb89

SHA512
2fc2247c7107c5b531796997196476a13143bfbde88611b8d1ba72c096d70f567c71eab432fa520bf501f83dfac0bc7c16997fed4cf78296cd76e9d749370dbf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\prefs-1.js

Filesize
9KB

MD5
93210cee3056eab503efb289a41f23d6

SHA1
fc4c1654b578ddf726224a7a9ee69acb2aeeee27

SHA256
e0a0ce2cfaf15d6cd2c18e38a1aef8db4303032c1886bb6702ec3c6b2c640f5c

SHA512
5305ae0871fa7d511587c4fe419ba240a64607a3187853a148d8b6c575da9bbb6f51f264457946962fa6a61a858aaaac831d3e731e49aa9dcaf837afe68ef6f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\prefs-1.js

Filesize
10KB

MD5
d753a61be91aea4bae8c1789b0797747

SHA1
3a92046ffd3ea2a9d658ece6f240f16bb6311897

SHA256
24bd6074084fc5db7da4b547eaffc6f5d8b0d7073b2a8ca4d859149f6c481c52

SHA512
fbe832358096c847ac2abaef4360b9d8086f0da52c4bd2ae9b321313fc6235e8c3e0f8afc6395609f66cd7d430b2f80e152ec492690867dd1a74ab2d801b6bcb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\prefs-1.js

Filesize
10KB

MD5
ba3415c3119e1988c00aa8816e86a134

SHA1
c42bce687d0174d0937b1ed9326524060ddf69bd

SHA256
afc0de241e47b05afc00c7a14eacc6d81025ffec143fc84bf1e8353dfd60902e

SHA512
0218438b7b40f615986561c1aaf1032f5bc7ac6b4cabeaefaffa544fbc1701c527e320b19eb69c49d036c3b2a613be4cff1831420a6d37c8e3fd6cf23275de5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\prefs-1.js

Filesize
10KB

MD5
54b5070e0f924ea175ebccbea225ed91

SHA1
ce09582a8313bff00ece400b3a20e63f4338eaae

SHA256
aec7f8dc7183ccbd74bd5fe9559f5d3866f0441a42abe401cef27b33396e99ac

SHA512
5ee548de61502444c71e02b5c54575fe69b2a1e95f3233d7d88de46ed25d34908d33e5e0b27ccc367e72a11c5d031444d9104b425deea4fa0859a84fd5e7a9d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\prefs-1.js

Filesize
6KB

MD5
723ec5b17c812c0801cd37daf52ba482

SHA1
22c9eab2819a035e800e88a965af764ebd08b3c5

SHA256
3c3439c040a9fe1dd9f600611a9c2511bb472ee35a12ddaf743255150831fbe7

SHA512
b2296eb32f353dceb96dba1fab7eefd7051cfb75305c905d073d969a116074ba4007a882802c3a663dede65b433244e0361cd2157a4144b51a10d5f069d7d36a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\prefs-1.js

Filesize
6KB

MD5
6650b4c90e0b73b13f06c33df5d1a275

SHA1
db5bf79e2d8ffee0b8557fb5035b4cd008e3852c

SHA256
e40ae61d9cb4ffe15fe160be33cf8be08e1b8f40534b4c3a118f511f512731c4

SHA512
56326fc3fffff2ea2506b36499dc3d7d32d04eeb06b9e4a492ac89187a17ffc6d0a0ab1e717249b5d5c86026817ffff9206cd56bd0ab05b49815c1f754c5f993

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
996B

MD5
1454a572a787b87785b3ccc3c1f2fa3e

SHA1
28af09adf058efccb0fcac1ff5238869f1664132

SHA256
89cc6510a3b7237d7af9d7252d650608ce9f1f3fd1e9a10385cd40575ad9c2b3

SHA512
819c60464e7e4b3e9ecadf60b24879bbbbd13d49d59392b76dfdc66078ed4aec9dc40486d0042dbcf207d8273fc5a4b8223705cf17f150b3b266b0180672e3f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.3MB

MD5
8a5c4eb2add6ba6b39b5eb6eb84661f8

SHA1
89749d53d68047848036e909091d2463089e0db8

SHA256
3f1a99806a867ebb3e88287416c035886e3b844edd8dbaba8132ebd2f512d5f9

SHA512
f75f1dd097e8774c1f3d944d557b44db53a2fb2e8e359284d0152c37aeb6efb06ab230ebc0547c817244482887f605c110d28920f6cc41f9bd239dbef0716bb7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
1bd251010f40d2f9a5248de5ec953dab

SHA1
2dff8cfcfdf1f8e14436d997340b1616740f0550

SHA256
7f51459d68c89983c9b5327a3cb9e45fc003f403f9696eb8d0e0eba62114f3af

SHA512
9cabef3298a8c9226534025a2be52fa935e69d5320deb0b1a9f8ed509b19ecbe2272f32e0ec539fc50f8bf7f6d40ae5daf6c37a2cf38ce6bdf46cf5bfb94c28d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\targeting.snapshot.json

Filesize
3KB

MD5
653395106f1d01b2327f9f8799418816

SHA1
d7dd40321e2eaafe9dafc1f853caeb5edb3c3b37

SHA256
a00ac37eceaf8d588ffa207f47e568398eedbb7016cfc169dcc10fe4d7da073b

SHA512
7d2945b02ca6dbd09d57559d1a67df10868ecea85dd672664fa47ffbe5083914f51451fc3147fa67266d09759cd66e6dcf935cffe908732a64aabfef5e6c9cf8

Download Submit
C:\Users\Admin\Downloads\NjRat.xjJTeBEu.0.7D.Danger.Edition.zip.part

Filesize
50KB

MD5
c9b2d2b4bfb44a737f09923c85359582

SHA1
df7777b5f6829c4841dc3ebcc181284d32f701eb

SHA256
8cff2975868af7f561abcd076c67fce0a7b4ccb38d912ae1df16e2d822cc90ab

SHA512
68415c852e4bd21ee5d55f9014f162a73db8cd1f5b731be0fe8a05214d9cbbf913e9c651993ab482a622840c3204fd249a3e848f3666d7d7dd54869f0995ab76

Download Submit