njrat | hxxps://github[.]com/JumperYT-official/njRAT-Platinum-Edition-RuS

max time kernel
14s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
03/08/2023, 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/JumperYT-official/njRAT-Platinum-Edition-RuS

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

HacKed

127.0.0.1:6522

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
|Ghost|

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
744	schtasks.exe

Kills process with taskkill 6 IoCs

evasion

pid	Process
2768	TASKKILL.exe
2676	TASKKILL.exe
1808	TASKKILL.exe
3020	TASKKILL.exe
1424	TASKKILL.exe
2876	TASKKILL.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2312	chrome.exe
2312	chrome.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2468	2312	chrome.exe	28
PID 2312 wrote to memory of 2468	2312	chrome.exe	28
PID 2312 wrote to memory of 2468	2312	chrome.exe	28
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2500	2312	chrome.exe	30
PID 2312 wrote to memory of 2464	2312	chrome.exe	31
PID 2312 wrote to memory of 2464	2312	chrome.exe	31
PID 2312 wrote to memory of 2464	2312	chrome.exe	31
PID 2312 wrote to memory of 2868	2312	chrome.exe	32
PID 2312 wrote to memory of 2868	2312	chrome.exe	32
PID 2312 wrote to memory of 2868	2312	chrome.exe	32
PID 2312 wrote to memory of 2868	2312	chrome.exe	32
PID 2312 wrote to memory of 2868	2312	chrome.exe	32
PID 2312 wrote to memory of 2868	2312	chrome.exe	32
PID 2312 wrote to memory of 2868	2312	chrome.exe	32
PID 2312 wrote to memory of 2868	2312	chrome.exe	32
PID 2312 wrote to memory of 2868	2312	chrome.exe	32
PID 2312 wrote to memory of 2868	2312	chrome.exe	32
PID 2312 wrote to memory of 2868	2312	chrome.exe	32
PID 2312 wrote to memory of 2868	2312	chrome.exe	32
PID 2312 wrote to memory of 2868	2312	chrome.exe	32
PID 2312 wrote to memory of 2868	2312	chrome.exe	32
PID 2312 wrote to memory of 2868	2312	chrome.exe	32
PID 2312 wrote to memory of 2868	2312	chrome.exe	32
PID 2312 wrote to memory of 2868	2312	chrome.exe	32
PID 2312 wrote to memory of 2868	2312	chrome.exe	32
PID 2312 wrote to memory of 2868	2312	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/JumperYT-official/njRAT-Platinum-Edition-RuS
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef71e9758,0x7fef71e9768,0x7fef71e9778
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1300,i,11160661883367285512,893471971413079139,131072 /prefetch:2
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1300,i,11160661883367285512,893471971413079139,131072 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1300,i,11160661883367285512,893471971413079139,131072 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1300,i,11160661883367285512,893471971413079139,131072 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1300,i,11160661883367285512,893471971413079139,131072 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1292 --field-trial-handle=1300,i,11160661883367285512,893471971413079139,131072 /prefetch:2
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 --field-trial-handle=1300,i,11160661883367285512,893471971413079139,131072 /prefetch:8
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 --field-trial-handle=1300,i,11160661883367285512,893471971413079139,131072 /prefetch:8
  2⤵
  PID:1800

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3016

C:\Users\Admin\Desktop\NjRat Platinum Edition.exe
"C:\Users\Admin\Desktop\NjRat Platinum Edition.exe"
1⤵
PID:2500
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /alignment=512 /QUIET "C:\Users\Admin\AppData\Local\Temp\stub.il" /output:"C:\Users\Admin\Desktop\New Client.exe"
  2⤵
  PID:1600
- C:\Windows\system32\cmd.exe
  cmd.exe /C dotNET_Reactor.exe -file "C:\Users\Admin\Desktop\New Client.exe" -admin 0 -shownagscreen 0 -showloadingscreen 0 -targetfile "C:\Users\Admin\Desktop\New Client.exe" -antitamp 1 -compression 1 -control_flow_obfuscation 1 -flow_level 9 -nativeexe 0 -necrobit 1 -necrobit_comp 1 -prejit 0 -incremental_obfuscation 1 -obfuscate_public_types 1 -resourceencryption 1 -stringencryption 1 -antistrong 1
  2⤵
  PID:2652
- - C:\Users\Admin\Desktop\dotNET_Reactor.exe
    dotNET_Reactor.exe -file "C:\Users\Admin\Desktop\New Client.exe" -admin 0 -shownagscreen 0 -showloadingscreen 0 -targetfile "C:\Users\Admin\Desktop\New Client.exe" -antitamp 1 -compression 1 -control_flow_obfuscation 1 -flow_level 9 -nativeexe 0 -necrobit 1 -necrobit_comp 1 -prejit 0 -incremental_obfuscation 1 -obfuscate_public_types 1 -resourceencryption 1 -stringencryption 1 -antistrong 1
    3⤵
    PID:2860
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xc3xg11b\xc3xg11b.cmdline"
      4⤵
      PID:1960
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES29A0.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCBC8B59ED59734ED5973D8AE91DF74D2B.TMP"
        5⤵
        
        PID:1644

C:\Users\Admin\Desktop\New Client.exe
"C:\Users\Admin\Desktop\New Client.exe"
1⤵
PID:3024
- C:\Windows\SysWOW64\TASKKILL.exe
  TASKKILL /F /IM wscript.exe
  2⤵
  - Kills process with taskkill
  PID:3020
- C:\Windows\SysWOW64\TASKKILL.exe
  TASKKILL /F /IM cmd.exe
  2⤵
  - Kills process with taskkill
  PID:1424
- C:\Users\Admin\AppData\Local\Temp\Client.exe
  "C:\Users\Admin\AppData\Local\Temp\Client.exe"
  2⤵
  PID:276
- - C:\Windows\SysWOW64\TASKKILL.exe
    TASKKILL /F /IM wscript.exe
    3⤵
    - Kills process with taskkill
    PID:2876
- - C:\Windows\SysWOW64\TASKKILL.exe
    TASKKILL /F /IM cmd.exe
    3⤵
    - Kills process with taskkill
    PID:2768
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /delete /tn "MicrosoftEdgeUpdateTaskMachine" /f
    3⤵
    PID:616
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /create /sc minute /mo 1 /tn "MicrosoftEdgeUpdateTaskMachine" /tr C:\Users\Admin\AppData\Local\Temp\Client.exe
    3⤵
    - Creates scheduled task(s)
    PID:744
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 5 & Del "C:\Users\Admin\Desktop\New Client.exe"
  2⤵
  PID:2732
- - C:\Windows\SysWOW64\choice.exe
    choice /C Y /N /D Y /T 5
    3⤵
    PID:848

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:1692

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:2536

C:\Windows\system32\taskeng.exe
taskeng.exe {D62875A0-8E59-4A31-B986-2A7BF96C60AA} S-1-5-21-1024678951-1535676557-2778719785-1000:KDGGTDCU\Admin:Interactive:[1]
1⤵
PID:2772
- C:\Users\Admin\AppData\Local\Temp\Client.exe
  C:\Users\Admin\AppData\Local\Temp\Client.exe
  2⤵
  PID:1592
- - C:\Windows\SysWOW64\TASKKILL.exe
    TASKKILL /F /IM wscript.exe
    3⤵
    - Kills process with taskkill
    PID:2676
- - C:\Windows\SysWOW64\TASKKILL.exe
    TASKKILL /F /IM cmd.exe
    3⤵
    - Kills process with taskkill
    PID:1808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0bbf3cc2bb5dad8d31a696b13987643d

SHA1
bdcc1522529e49082c4b1785edfbe40abdba82c2

SHA256
19f96765e720802b65cf9001477119aa49de3789a6087b076ca61e73c64ad1ae

SHA512
432a141210d0cbabf1530ed7d6ac87c96838d959b8ff9b25bf17a236aeb5dacbe876c3b4b9e40e051b2505f8435d98300de1f8cf694fc9ed70c07c84180d004b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9d5b59e193457bd682ab4b6bfcea7db5

SHA1
d0f29407d25fab11ce6934f4ac1cf82ba9ccb517

SHA256
ef6ba774cabef0298ba16e1a891a40a16dcda577ffc442d4ff218095b2ecdaf9

SHA512
26ecae6fc98a604011408d639cd99c6ca39250f8f1f4381257f654a8d212ed25754c43cd72b66b0d79b01b3207aa89faf01e1a44a01daa8c3bbe9ba2d0336dd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
4aba253e986fb1ae94d3eab7dc59d09b

SHA1
3985d44a24869091e8cada54f247793fd2fb5d36

SHA256
6e155205c8b58f93946ebd41437a4972d2410a789a891e72c6e4cf4d7e5b047e

SHA512
ba11c4d69f530754021097f6fc4ed3bdb93e2a48d4119d34e346b6e45fac53d43a88838b3522b83b2071be7e2e0e4a054ed9e4de30e039d94106d5f1a9965995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
7b43b98389a2e2b4d0754b03e5c57d55

SHA1
a73ce2890ec832828ed92fb78aa266776b7262fc

SHA256
2a85221bcf6b29704f5625c5fcfb2017a74413111b7916c79245f6f49cd7f53e

SHA512
e2784e9a1624eebb4fd825e4b5aa60edb1fb3fac9a6b8ca0c1b174e4857a7f475d06a4337eb8644a82fdc08f8d206b9c684a4d450f144d7b0bfb5c71e7ed1c8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
60ca9931ebbe2d69285c40e0807b49a3

SHA1
8b4a72bf431e5ab90191b9e6e9a660b46f091d19

SHA256
ac68ac2f132931b416d71836e33599e35ea4db853cfdd974227b8796d863b166

SHA512
eb477f7ed768c787b553971a8606cec6ceaf3e3f1e17d8c183d90ac1fafe7d8986809616c10924214d7a36ed78e1d06cee612f5a5b4910c9331ccb1e3231872b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\abc11364-c77e-479a-bd51-bf08ac53aa5e.tmp

Filesize
89KB

MD5
2c2eabc2b3d270f0ce2e890d39751ab8

SHA1
1c97fe4b95f0b77e8e27f4e814843cea3c6fb054

SHA256
42096e1b04649927954c9d2bf50a6398294e1eec31fc972f9385ce6bcdd914e0

SHA512
e46868980cdccbbb241492d3327c667b838edf8e8234f6f9155f1463cdb432f9ef20baa86d540064a0b69892c2b7096beef8b8c33d081db0804e0a52545b7706

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDB73.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Client.exe

Filesize
246KB

MD5
c6e83450efddebd2607513df35d73138

SHA1
fedc4e0c5c2ad784498513df4044a8e176807cb2

SHA256
4978b5821b64b905f1d7eb39d3d8849b408d2b79e42bfdfe41c5dccb5f9d466e

SHA512
93fea7690466838f9baa5fe59009c9234521cd3f6a815ed9e083810d6102b5efd2301d0dc364b4c3ef27e843f4b2b56ad6a55617776a32a91bf93f42f6ef2733

Download Submit
C:\Users\Admin\AppData\Local\Temp\Client.exe

Filesize
246KB

MD5
c6e83450efddebd2607513df35d73138

SHA1
fedc4e0c5c2ad784498513df4044a8e176807cb2

SHA256
4978b5821b64b905f1d7eb39d3d8849b408d2b79e42bfdfe41c5dccb5f9d466e

SHA512
93fea7690466838f9baa5fe59009c9234521cd3f6a815ed9e083810d6102b5efd2301d0dc364b4c3ef27e843f4b2b56ad6a55617776a32a91bf93f42f6ef2733

Download Submit
C:\Users\Admin\AppData\Local\Temp\Client.exe

Filesize
246KB

MD5
c6e83450efddebd2607513df35d73138

SHA1
fedc4e0c5c2ad784498513df4044a8e176807cb2

SHA256
4978b5821b64b905f1d7eb39d3d8849b408d2b79e42bfdfe41c5dccb5f9d466e

SHA512
93fea7690466838f9baa5fe59009c9234521cd3f6a815ed9e083810d6102b5efd2301d0dc364b4c3ef27e843f4b2b56ad6a55617776a32a91bf93f42f6ef2733

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES29A0.tmp

Filesize
1KB

MD5
ca1c6340de490bfd08c7048447e1c007

SHA1
3b5c757ecaaf9ea5bb143d21a718df3db6f57e56

SHA256
6ed4a0f61dfbcbff9a8584645adbf8142422a3f613382e5c93f1943c048cc75e

SHA512
6a4a73ad5c3a86334fa8e625cc445d7c9581ebd1e8ec085b4fdae3e9dc0926318aeb56edf47dd1395cc025466f18e75ad9688a1a9b032d5be3f1f870e9a42d9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDC02.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\iRdWHBMDxQUsTUAEWQym.tmp

Filesize
3KB

MD5
d484a985b6cfce698ac98cb091f2c599

SHA1
e8f6fc736c5a4d2eb1537c0f184ecd902edc270e

SHA256
826f3867aeab34dcc46ef2d5da61c5cef68f35880b987a637c19288d6b5bf0db

SHA512
26eb2499a72a28584dcd97e981f8f7b116dc9232572a3e49d8c30a5196aabdeb12ea186dd6b8ac8ac2e4fcbe738a81526ac8056c0e02aacef98ef158a8d66b55

Download Submit
C:\Users\Admin\AppData\Local\Temp\stub.il

Filesize
659KB

MD5
b48a82d91ce9dbfbfc608a642651c64f

SHA1
fa30c6a408ab29d15ce482c8c271a2a0b1db76aa

SHA256
810c13538f75fc051409f6a9eb6fcde938590ee7b526bfa330a136dee8f34705

SHA512
824e81c78794b4dd34cc403852423cc4e613a3e9dab2fdfb7c9de0339e428201fe9c2fcc2cda5f4704ed1f56db5b37113bf20aec3ab77b4ee3a8160434bfce6c

Download Submit
C:\Users\Admin\Desktop\New Client.exe

Filesize
64KB

MD5
2b6f612f88e8a6319a8f3e2f069ddba7

SHA1
c1f99f85acb29d2af920dff335d663c190f41334

SHA256
62c16bb3e9bfcd61d9dc1654cf64112fcb02330f81217f39bd4a4f409bb7cedc

SHA512
e24e4d372066e4dc7e6e036764891c5fb0b996f8a739cd673909509a3e28c653bd3ad87848b402d1356f84a1d2b56bdfd4de89a49b75edb3ac8f21ef7dc1f52d

Download Submit
C:\Users\Admin\Desktop\New Client.exe

Filesize
246KB

MD5
c6e83450efddebd2607513df35d73138

SHA1
fedc4e0c5c2ad784498513df4044a8e176807cb2

SHA256
4978b5821b64b905f1d7eb39d3d8849b408d2b79e42bfdfe41c5dccb5f9d466e

SHA512
93fea7690466838f9baa5fe59009c9234521cd3f6a815ed9e083810d6102b5efd2301d0dc364b4c3ef27e843f4b2b56ad6a55617776a32a91bf93f42f6ef2733

Download Submit
C:\Users\Admin\Desktop\New Client.exe

Filesize
246KB

MD5
c6e83450efddebd2607513df35d73138

SHA1
fedc4e0c5c2ad784498513df4044a8e176807cb2

SHA256
4978b5821b64b905f1d7eb39d3d8849b408d2b79e42bfdfe41c5dccb5f9d466e

SHA512
93fea7690466838f9baa5fe59009c9234521cd3f6a815ed9e083810d6102b5efd2301d0dc364b4c3ef27e843f4b2b56ad6a55617776a32a91bf93f42f6ef2733

Download Submit
C:\Users\Admin\Desktop\dotNET_Reactor.exe

Filesize
2.9MB

MD5
b6ee9eeeccd7243c2f3c32b2106d8c43

SHA1
2935801f46f946acbf4bbd48420b38bcc7839f09

SHA256
02b045d6bf03675ad142d95562752dea47b5f78061e6ec6617674424a5e01b67

SHA512
f24e95e2179e66507f101502bd5029c42807d98be72d37290962332ebe0f7d3bd534a26f8e98df956993b18aef3cf5112cb97f63cd4e43b09e9c444b2468aad8

Download Submit
C:\Users\Admin\Desktop\dotNET_Reactor.exe

Filesize
2.9MB

MD5
b6ee9eeeccd7243c2f3c32b2106d8c43

SHA1
2935801f46f946acbf4bbd48420b38bcc7839f09

SHA256
02b045d6bf03675ad142d95562752dea47b5f78061e6ec6617674424a5e01b67

SHA512
f24e95e2179e66507f101502bd5029c42807d98be72d37290962332ebe0f7d3bd534a26f8e98df956993b18aef3cf5112cb97f63cd4e43b09e9c444b2468aad8

Download Submit
C:\Users\Admin\Downloads\njRAT-Platinum-Edition-RuS-main.zip.crdownload

Filesize
9.4MB

MD5
77b83a87828704868df93a4c15c6fbb7

SHA1
69955655c90b8fc5778ff165b2417933560f2772

SHA256
2f2eed1731f3addbd1c192ab1c82631caba60e6cba3b32aaacde4c1d75effb0b

SHA512
10a3818520d774d21779dc101c9d81830841ccc8f1ceb3837e3202df3f761790ee2a8c134163062d247b7451c749446a4e6947716e470a3ab101093ed2ae662b

Download Submit
F:\Client.exe

Filesize
246KB

MD5
c6e83450efddebd2607513df35d73138

SHA1
fedc4e0c5c2ad784498513df4044a8e176807cb2

SHA256
4978b5821b64b905f1d7eb39d3d8849b408d2b79e42bfdfe41c5dccb5f9d466e

SHA512
93fea7690466838f9baa5fe59009c9234521cd3f6a815ed9e083810d6102b5efd2301d0dc364b4c3ef27e843f4b2b56ad6a55617776a32a91bf93f42f6ef2733

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCBC8B59ED59734ED5973D8AE91DF74D2B.TMP

Filesize
700B

MD5
f3cc3197c2c993b30a8d7572a18551fa

SHA1
f5d204e38e8ece3254aa5715fb8625d104172a62

SHA256
7f154ce248104db468d83e6bae06eccf96d19fcaca0261e4bf55d7b5a263d59f

SHA512
81ab5bef0654a6916cf2af80c6bff6adb6b98b27b85cb18c303fd7f34443b17088218d504691de9272cd24b7092b2bc7d08ace02fd33ce66dbb6639d6bbe8762

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\xc3xg11b\xc3xg11b.0.cs

Filesize
690B

MD5
48d3fa784f1088755683ee419791127f

SHA1
13b10d36c3addb2a2bddec77323f1d9447655683

SHA256
fe1bb630a5d00a53a37882b38aba4e36046d069d918e7a4cd699218b9c950de0

SHA512
1429e8321cc1f8dd739b4abd874d212e2cb442a14f04ffc46a0c17dfdae98593d9cfba806e6992015a83ec67bc27f180dc98bf20e2f64d8f7cee5b9b0b43ed8f

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\xc3xg11b\xc3xg11b.cmdline

Filesize
170B

MD5
b47ca2b06cf6d0eae5abaaaf0a0f7e94

SHA1
1b403575a6b8b2f491e91600207f6aaca91e0f28

SHA256
e7129860f72fad3cca3256b8d3fc512c6c1ba5994c6d913e08a845b4a774bdf7

SHA512
59878d958a0cf7c9f863605c8f073dc8232ba336a7b4bf56b67bfa8afa0cd692658afc450bdf8c5f334b82fa49b01442235aa277b88b856a3c6a303caea14362

Download Submit
\Users\Admin\AppData\Local\Temp\Client.exe

Filesize
246KB

MD5
c6e83450efddebd2607513df35d73138

SHA1
fedc4e0c5c2ad784498513df4044a8e176807cb2

SHA256
4978b5821b64b905f1d7eb39d3d8849b408d2b79e42bfdfe41c5dccb5f9d466e

SHA512
93fea7690466838f9baa5fe59009c9234521cd3f6a815ed9e083810d6102b5efd2301d0dc364b4c3ef27e843f4b2b56ad6a55617776a32a91bf93f42f6ef2733

Download Submit
\Users\Admin\AppData\Local\Temp\Client.exe

Filesize
246KB

MD5
c6e83450efddebd2607513df35d73138

SHA1
fedc4e0c5c2ad784498513df4044a8e176807cb2

SHA256
4978b5821b64b905f1d7eb39d3d8849b408d2b79e42bfdfe41c5dccb5f9d466e

SHA512
93fea7690466838f9baa5fe59009c9234521cd3f6a815ed9e083810d6102b5efd2301d0dc364b4c3ef27e843f4b2b56ad6a55617776a32a91bf93f42f6ef2733

Download Submit
memory/276-453-0x0000000074B10000-0x00000000750BB000-memory.dmp

Filesize
5.7MB

Download
memory/276-447-0x00000000000F0000-0x0000000000130000-memory.dmp

Filesize
256KB

Download
memory/276-455-0x00000000000F0000-0x0000000000130000-memory.dmp

Filesize
256KB

Download
memory/276-454-0x00000000000F0000-0x0000000000130000-memory.dmp

Filesize
256KB

Download
memory/276-446-0x0000000074B10000-0x00000000750BB000-memory.dmp

Filesize
5.7MB

Download
memory/276-448-0x0000000074B10000-0x00000000750BB000-memory.dmp

Filesize
5.7MB

Download
memory/1600-388-0x0000000002590000-0x00000000025D0000-memory.dmp

Filesize
256KB

Download
memory/1692-456-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2500-355-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-363-0x00000000212E0000-0x00000000212F0000-memory.dmp

Filesize
64KB

Download
memory/2500-371-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-372-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-373-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-374-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-375-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-376-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-377-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-378-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-379-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-380-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-381-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-382-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-383-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-384-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-385-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-387-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-369-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-368-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-367-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-366-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-365-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-344-0x0000000000E40000-0x0000000001634000-memory.dmp

Filesize
8.0MB

Download
memory/2500-346-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-345-0x000007FEF5800000-0x000007FEF619D000-memory.dmp

Filesize
9.6MB

Download
memory/2500-347-0x000007FEF5800000-0x000007FEF619D000-memory.dmp

Filesize
9.6MB

Download
memory/2500-348-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-349-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-364-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-370-0x0000000021150000-0x0000000021151000-memory.dmp

Filesize
4KB

Download
memory/2500-362-0x0000000021150000-0x0000000021151000-memory.dmp

Filesize
4KB

Download
memory/2500-361-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-360-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-350-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-351-0x0000000000E20000-0x0000000000E32000-memory.dmp

Filesize
72KB

Download
memory/2500-359-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-358-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-352-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-353-0x000007FEF5800000-0x000007FEF619D000-memory.dmp

Filesize
9.6MB

Download
memory/2500-354-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2500-356-0x000007FEF5800000-0x000007FEF619D000-memory.dmp

Filesize
9.6MB

Download
memory/2500-357-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2860-405-0x000000001BC50000-0x000000001BCD0000-memory.dmp

Filesize
512KB

Download
memory/2860-404-0x000000001BC50000-0x000000001BCD0000-memory.dmp

Filesize
512KB

Download
memory/2860-401-0x0000000000C80000-0x0000000000C90000-memory.dmp

Filesize
64KB

Download
memory/2860-406-0x000000001BC50000-0x000000001BCD0000-memory.dmp

Filesize
512KB

Download
memory/2860-403-0x000000001AF50000-0x000000001B548000-memory.dmp

Filesize
6.0MB

Download
memory/2860-426-0x000007FEEE7B0000-0x000007FEEF19C000-memory.dmp

Filesize
9.9MB

Download
memory/2860-420-0x00000000006D0000-0x00000000006D8000-memory.dmp

Filesize
32KB

Download
memory/2860-402-0x000007FEEE7B0000-0x000007FEEF19C000-memory.dmp

Filesize
9.9MB

Download
memory/3024-434-0x0000000074B10000-0x00000000750BB000-memory.dmp

Filesize
5.7MB

Download
memory/3024-435-0x0000000074B10000-0x00000000750BB000-memory.dmp

Filesize
5.7MB

Download
memory/3024-449-0x0000000074B10000-0x00000000750BB000-memory.dmp

Filesize
5.7MB

Download
memory/3024-429-0x0000000074B10000-0x00000000750BB000-memory.dmp

Filesize
5.7MB

Download
memory/3024-430-0x0000000074B10000-0x00000000750BB000-memory.dmp

Filesize
5.7MB

Download
memory/3024-431-0x00000000021A0000-0x00000000021E0000-memory.dmp

Filesize
256KB

Download