Overview

overview

10

Static

static

3

nJrat.exe

windows7-x64

10

nJrat.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-11-2024 07:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nJrat.exe

  • Size

    33KB

  • MD5

    9ad8bb137f921a286d36e30c1d23d208

  • SHA1

    a42fd2f68ffe8bc9b74ffae4b3a860f2ad84feba

  • SHA256

    3f0fea74bd93e7e438d8047a44cae4cca888b4495d46675edcbef5db4f1f520b

  • SHA512

    4e15a33e3817b433d1991d26f5d5bf70460aebde05678efe23e78d5d37173dcf85957c5797e9fd23d34ea113113d62b61feafe30374c9bab2ea9b94da5d48d68

  • SSDEEP

    768:VvTQspjbMaYvF9xdRdDqaws0RFfvJebgXrSw5G:tQs6vFDdXV0vfvJYQrSL

Score
10/10
njrathacked discoverytrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |'|'|

Signatures

  • Njrat family
    njrat
  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 50 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\nJrat.exe
    "C:\Users\Admin\AppData\Local\Temp\nJrat.exe"
    1⤵
    • Modifies registry class
    PID:2032
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4532
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\aaa"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3492
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\aaa
        3⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:100
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1832 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41873aaa-8db9-4b25-93c9-d59c12e79c93} 100 "\\.\pipe\gecko-crash-server-pipe.100" gpu
          4⤵
            PID:2136
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a8733d4-7555-491e-b5a1-cf6b101206d2} 100 "\\.\pipe\gecko-crash-server-pipe.100" socket
            4⤵
              PID:660
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2952 -childID 1 -isForBrowser -prefsHandle 1448 -prefMapHandle 3124 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec280b7a-e22d-4904-95b1-1cef6ff83add} 100 "\\.\pipe\gecko-crash-server-pipe.100" tab
              4⤵
                PID:2780
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3608 -childID 2 -isForBrowser -prefsHandle 3540 -prefMapHandle 2784 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7df7c67e-a628-49e4-a437-2f8e5858c91e} 100 "\\.\pipe\gecko-crash-server-pipe.100" tab
                4⤵
                  PID:4456
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4944 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4976 -prefMapHandle 4972 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cfc2b92-39ae-4af5-a5b0-427d77fa3a1f} 100 "\\.\pipe\gecko-crash-server-pipe.100" utility
                  4⤵
                  • Checks processor information in registry
                  PID:940
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5284 -childID 3 -isForBrowser -prefsHandle 5324 -prefMapHandle 5320 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bd57de5-eda4-4e35-8e1e-9a464193fed2} 100 "\\.\pipe\gecko-crash-server-pipe.100" tab
                  4⤵
                    PID:5316
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5472 -childID 4 -isForBrowser -prefsHandle 5476 -prefMapHandle 5484 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6566efee-4096-4962-a6b7-d0edd9811d6e} 100 "\\.\pipe\gecko-crash-server-pipe.100" tab
                    4⤵
                      PID:5328
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5652 -childID 5 -isForBrowser -prefsHandle 5732 -prefMapHandle 5728 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b86b542-ab25-41b3-9514-cde4a4b03165} 100 "\\.\pipe\gecko-crash-server-pipe.100" tab
                      4⤵
                        PID:5340
                • C:\Windows\System32\rundll32.exe
                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                  1⤵
                    PID:5836
                  • C:\Windows\system32\OpenWith.exe
                    C:\Windows\system32\OpenWith.exe -Embedding
                    1⤵
                    • Modifies registry class
                    • Suspicious use of SetWindowsHookEx
                    PID:5940
                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\aaa"
                      2⤵
                      • System Location Discovery: System Language Discovery
                      • Checks processor information in registry
                      • Modifies Internet Explorer settings
                      • Suspicious use of SetWindowsHookEx
                      PID:6024
                      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
                        3⤵
                        • System Location Discovery: System Language Discovery
                        PID:6088
                        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8EE6B7FA01B5F11412A6B809788B5AA6 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                          4⤵
                          • System Location Discovery: System Language Discovery
                          PID:2712
                        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=57C0F52D3952CEE43FEAA1DE0ACD4CB0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=57C0F52D3952CEE43FEAA1DE0ACD4CB0 --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:1
                          4⤵
                          • System Location Discovery: System Language Discovery
                          PID:2348
                        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=29C745E059183803DFD5259B0BAE399F --mojo-platform-channel-handle=2348 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                          4⤵
                          • System Location Discovery: System Language Discovery
                          PID:4860
                        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=585E50A85B1066C68242859466D4A0C7 --mojo-platform-channel-handle=1932 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                          4⤵
                          • System Location Discovery: System Language Discovery
                          PID:4652
                        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C17EE0A60666CB50D8769FB14D9AC25C --mojo-platform-channel-handle=2452 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                          4⤵
                          • System Location Discovery: System Language Discovery
                          PID:1344
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:1632

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                      Filesize

                      36KB

                      MD5

                      b30d3becc8731792523d599d949e63f5

                      SHA1

                      19350257e42d7aee17fb3bf139a9d3adb330fad4

                      SHA256

                      b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                      SHA512

                      523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\activity-stream.discovery_stream.json
                      Filesize

                      25KB

                      MD5

                      ce1223225e304cc178c6380fe7bb08a6

                      SHA1

                      8bdb6ae5a45876236b797b68ba3ac679288af1be

                      SHA256

                      5de6e283a495af50e4595fdebcdd665f7685fd1620c8f2fd5c1bf8f41d9e2371

                      SHA512

                      a1fa7363486e90d745c8a3be80c1b5cf4e3382ed7620b1782be4b52d392ef2948960b87292bd5f220daaa7c22d7c41115265b49d01b91e0b2ea7062dbc36107c

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\aaa
                      Filesize

                      33KB

                      MD5

                      9ad8bb137f921a286d36e30c1d23d208

                      SHA1

                      a42fd2f68ffe8bc9b74ffae4b3a860f2ad84feba

                      SHA256

                      3f0fea74bd93e7e438d8047a44cae4cca888b4495d46675edcbef5db4f1f520b

                      SHA512

                      4e15a33e3817b433d1991d26f5d5bf70460aebde05678efe23e78d5d37173dcf85957c5797e9fd23d34ea113113d62b61feafe30374c9bab2ea9b94da5d48d68

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin
                      Filesize

                      6KB

                      MD5

                      36fd42c0cc64a16c2e3b34543d26547c

                      SHA1

                      a092cf30bc5329a0cdbb43eb96d00bcd0ceafd54

                      SHA256

                      4cbefee318407f418c5d4f10609eef03ef9cf8cd2543d8e3ab11cb17274431f7

                      SHA512

                      c3e589652c3e388f5d0f90de02530b2f9b054b3f0c7033f0c6ac6ad104005bb157ae4b250c23d2c7caad127293e75d22763cba87da6edf4a09430f0d307583ef

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp
                      Filesize

                      5KB

                      MD5

                      cd76e09ba56e8b0efddfc511e13e0d4a

                      SHA1

                      4dbddc2706596536b95c419f4e48b5c579faf18d

                      SHA256

                      450571ff056afba00700ed54080286b5c2a6407b7233337960aa2805eafe3ca8

                      SHA512

                      87f0fea15ef5f1d70a4cdeafcdf633395fad4ec4e25f2503a887b96dfff68197f14dcba5c9fefb58139e85f78420a63744dd1781ac815cc5a710d08185f8ae3d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp
                      Filesize

                      6KB

                      MD5

                      94b4e32e9349fce9f68c77f1f102cbed

                      SHA1

                      f82976957f603477058b624e42212bb1b6883b1a

                      SHA256

                      7e158d071f60ae37e82b5a41ee5336687544a78f47604a8aa377c2b2f91e301e

                      SHA512

                      3328dab8b3c5dcff382635ee3b1d0c47a4687c62fa10839efce6633d2c30c94104b254c480ba6ec9d8c779e6b9118a445a6dde4ed15413b5f2b789538bf865c9

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\59070182-456e-4b5c-9880-635815fb69fb
                      Filesize

                      671B

                      MD5

                      9ba3f424d26a26b60a2291912a3432c7

                      SHA1

                      0b563b4a95c107e20fca3e9ef71fdc3143a84a95

                      SHA256

                      cb2db0155b54f53aae224047d53475f2dd898077c0f23fd8b711fd092fb57cfd

                      SHA512

                      d71eb8fcd2bd6ea08202e9b67de8097340bff5ac328313e8bdd25c3df269c6a6dca08dc5f2cd3b900ac0ebb1a4d16f10a8fb51c8eb63a17eb8b24dd836eabab3

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\8ca98a35-2c04-4dde-810d-e5dacf58ca5d
                      Filesize

                      27KB

                      MD5

                      f9281b27c97529ab4a6ab00f40644398

                      SHA1

                      d13085934dd8556839d6cf18c1d68aff775c5a54

                      SHA256

                      752651a91ffd5ec26a3335922f71a4cc239b20d3c1687349ff887775e24986c7

                      SHA512

                      adba0415e29157579378660d5bd5204c835315af245c83fb45fa600faa56d77e024fdf89cf7a47bf6b4f1429852455fa7e6ed4bdeca26222d9784c1d7aa14863

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\a1cdc649-757e-4ab0-a6e7-78728ba4b8a3
                      Filesize

                      982B

                      MD5

                      f0e3c60984448ae3e2ffb81b8f865214

                      SHA1

                      f3128dc96792ae10b72ad19c6c26d7c37ccaa6d7

                      SHA256

                      2d15a466680eb73d7033566e24b56f98059f7ed34c07c2057bca379c85ad5d3e

                      SHA512

                      f8a3a7402f91ebefd9d29549a9e8d7e4aa140e1d2475791c316a7e99725262a58d300637a37c9f4fc198f7c24772965741eff6fc88a6d2635c21bcb5cdce00da

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js
                      Filesize

                      10KB

                      MD5

                      e83ce4a442015fe405ce38cbd92aeef4

                      SHA1

                      a1c3fc12def7c92890e5144cffce95dce912c40a

                      SHA256

                      6ff381cfd4bbd9684d5d5841d844a9b4c7c2e8df2f7773cfd71e2ccfc0204f1c

                      SHA512

                      239669695010b9485f3fea3e0ffc404eaaec1a90769223ac2372a6dfe89ae6b5c21b6cf64f689b1c4249afe5388f54d2fb6d0450f88bf9458614cd846fb3e567

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js
                      Filesize

                      10KB

                      MD5

                      7a7b203a877dfb43616445ed1966ce10

                      SHA1

                      446c6ebc6398f0c6c11b3ad58df26eba1dcd3b2a

                      SHA256

                      f8ba6b16e04354fbe55966279f80cb00930046942c8bbc77a42e06df573fbd38

                      SHA512

                      8ec707495b699d57995b316b8135afeeaa163b67ca685a878f17edb4e71069fb85309cefa9887bc192b22ec184528ec26213cb27308ae47151d60c115fb2d60c

                      Download Submit

                    • memory/2032-0-0x00007FFB5EAA5000-0x00007FFB5EAA6000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2032-9-0x00007FFB5E7F0000-0x00007FFB5F191000-memory.dmp

                      Filesize

                      9.6MB

                      Download

                    • memory/2032-4-0x0000000000E10000-0x0000000000E26000-memory.dmp

                      Filesize

                      88KB

                      Download

                    • memory/2032-5-0x000000001BCB0000-0x000000001BD56000-memory.dmp

                      Filesize

                      664KB

                      Download

                    • memory/2032-3-0x00007FFB5E7F0000-0x00007FFB5F191000-memory.dmp

                      Filesize

                      9.6MB

                      Download

                    • memory/2032-1-0x00007FFB5E7F0000-0x00007FFB5F191000-memory.dmp

                      Filesize

                      9.6MB

                      Download

                    • memory/2032-2-0x000000001B6D0000-0x000000001BB9E000-memory.dmp

                      Filesize

                      4.8MB

                      Download