Analysis Overview
Threat Level: Known bad
The file https://google.com was found to be: Known bad.
Malicious Activity Summary
njRAT/Bladabindi
Executes dropped EXE
Checks computer location settings
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Checks SCSI registry key(s)
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2023-09-12 19:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-12 19:03
Reported
2023-09-12 19:10
Platform
win10v2004-20230831-en
Max time kernel
363s
Max time network
362s
Command Line
Signatures
njRAT/Bladabindi
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\New Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\MRUListEx = ffffffff | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 78003100000000001f57b2961100557365727300640009000400efbe874f77482c57ea982e000000c70500000000010000000000000000003a00000000004a40a60055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0 = 8c00310000000000e9569d3d10004e4a5241542d7e312e37442d0000700009000400efbe1f578c9e1f578c9e2e00000065330200000007000000000000000000000000000000a216c8006e006a005200410054002d0030002e00370064002d0050006c006100740069006e0075006d002d00450064006900740069006f006e002d0052007500530000001c000000 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 000000000200000001000000ffffffff | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0 = 7e003100000000001f578c9e11004465736b746f7000680009000400efbe1f57b2961f578d9e2e00000087e101000000010000000000000000003e0000000000852d91004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000000000001000000ffffffff | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe1100000004fdca713cdcd9011add6aa644dcd9011add6aa644dcd90114000000 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 = 50003100000000001f57099e100041646d696e003c0009000400efbe1f57b2962c57ea982e0000007de1010000000100000000000000000000000000000058640700410064006d0069006e00000014000000 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\NodeSlot = "6" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1980726966-773384374-2129981223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8a41a46f8,0x7ff8a41a4708,0x7ff8a41a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,17696801930883532875,557274888238507489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,17696801930883532875,557274888238507489,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,17696801930883532875,557274888238507489,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17696801930883532875,557274888238507489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17696801930883532875,557274888238507489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17696801930883532875,557274888238507489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2900 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff8a4049758,0x7ff8a4049768,0x7ff8a4049778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1884,i,9096923219180315596,13172887173143456724,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1884,i,9096923219180315596,13172887173143456724,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1884,i,9096923219180315596,13172887173143456724,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3260 --field-trial-handle=1884,i,9096923219180315596,13172887173143456724,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3288 --field-trial-handle=1884,i,9096923219180315596,13172887173143456724,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4532 --field-trial-handle=1884,i,9096923219180315596,13172887173143456724,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1884,i,9096923219180315596,13172887173143456724,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1884,i,9096923219180315596,13172887173143456724,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1884,i,9096923219180315596,13172887173143456724,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 --field-trial-handle=1884,i,9096923219180315596,13172887173143456724,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5624 --field-trial-handle=1884,i,9096923219180315596,13172887173143456724,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3876 --field-trial-handle=1884,i,9096923219180315596,13172887173143456724,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6124 --field-trial-handle=1884,i,9096923219180315596,13172887173143456724,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2248 --field-trial-handle=1884,i,9096923219180315596,13172887173143456724,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3520 --field-trial-handle=1884,i,9096923219180315596,13172887173143456724,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 --field-trial-handle=1884,i,9096923219180315596,13172887173143456724,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap6194:120:7zEvent28506
C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe
"C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3dc 0x3d4
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6100 --field-trial-handle=1884,i,9096923219180315596,13172887173143456724,131072 /prefetch:2
C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe
"C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /alignment=512 /QUIET "C:\Users\Admin\AppData\Local\Temp\stub.il" /output:"C:\Users\Admin\Desktop\New Client.exe"
C:\Users\Admin\Desktop\New Client.exe
"C:\Users\Admin\Desktop\New Client.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\4ead683a5f8c4cf7b0907ddc0857fdec /t 1352 /p 1180
C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe
"C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\ab17eb0fd27447d7b18c27ac574016cf /t 2904 /p 2824
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.209.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 142.250.179.142:443 | google.com | tcp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| DE | 172.217.23.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.21.238.8.in-addr.arpa | udp |
| DE | 172.217.23.206:443 | apis.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 140.82.113.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | 3.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| NL | 172.217.168.227:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 227.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 172.217.168.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.6:443 | api.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 234.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.114.82.140.in-addr.arpa | udp |
| NL | 172.217.168.227:443 | id.google.com | udp |
| NL | 172.217.168.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.48.227:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 227.48.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
| US | 192.178.48.227:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.210.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.148.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:6522 | tcp | |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 29e414757ec5f96753331ee050189d4e |
| SHA1 | 1e77a6b0e6d4a9236ff7bf4d70cd5bc3552716dd |
| SHA256 | ad7db569f6f5cd84623a76c82eb816e86b4cf01753f353a5746a4907fff326cf |
| SHA512 | 4be7a1fdf2440637d9230c389d475af184e6f5599f0bb5547fce31f3a23a1c439746d433402243574a83f25ad9b8e4e1152578a37bdfce80a840baf7a2d68ea5 |
\??\pipe\LOCAL\crashpad_2560_PSMSFILFBNIROKHE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 636e5109f372d2d0066236b164a4181a |
| SHA1 | c3be2a6702c3f051208fc614229bb909be40faf7 |
| SHA256 | 06df14c3723b8526c975a0fd56b5da99459cdcf1ed192c6513e31745c9c19f80 |
| SHA512 | 6dcb72af108e3082cfb688552828bc702bdcd4e212bde8aacdd986dac2985ec651bce4bff03529c98d8387124fe593bad306b3292c2f1cfa6d1ae35ea2bf6a3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a20ae47125741856f19a0b3f6d4fbf96 |
| SHA1 | d14de12a04b6709f18163133449b58e5dc3ef50f |
| SHA256 | ef9524812c09abb0ebb2be74a34f1d14fd18d26d843930921f20c4f0fbded05f |
| SHA512 | 5c309b75732b7d646927b18f6da26cb020ef440ab25e13cebe588ce1cf88264e9b65bbef1edd935050ad60066d877ecff16b42b07be978804762e341e574f880 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b3b3e42be72f896d2bc2977ea7e62225 |
| SHA1 | 437b32bdfffb77de4068ea6b90ba4f30bf45d017 |
| SHA256 | 97f26d9707a9c4aeb30e7a6d2ae8c86cf63dd6a80923d32539447d702bd06660 |
| SHA512 | 66721a913520a0ee92fc3606be075fabd575fc077b4ff3401c3b1bd70953df603f0d2f6a624cf8f352193a0f22908dbfa243dc30ea88c35284a36862e473805a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 00ccde2abfa350da86ceaf6ed384e19b |
| SHA1 | 43bc0354c3799a7a287eb2d5c1a3227f849a7948 |
| SHA256 | 35fb77fb63d237b3e7f84ea0b261e576469bf69dd373d9d03b1bd17726255bf8 |
| SHA512 | 56ea8977b2c1eca7caae59945a636deafba0dc479783a16b763fe9e45d81d8fc44c497ef85ec2516c0e71fd2d28517c469d1484a61c79b45094004810126b240 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | efa609a903cd37e55614304fdc73d91f |
| SHA1 | ae4bf3a0349d9a9066ad712e23e0f0e8f697bbdb |
| SHA256 | 44f35a22771a4adb33be8f62cdaf2c8698da2b55550f0071c082d55ba1b59d67 |
| SHA512 | 1e85ebabcfea40a810bdca0165b2b3448c236260d5612b1009b0c34678849379353f1dafb1379526ed610a327595163e52a6ff01fa913a5c9b32b848a40beab6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6c85de844098fb22b8d5af2e53b523d0 |
| SHA1 | a9efa130c32b6d7c5cd8f71674e79eed9d740c13 |
| SHA256 | 0e52d69ae5f43173c365c2f9b3c88baacd22e28e238112302581f213d614a02f |
| SHA512 | cd433cd2b449dafc9769985b6423d29b9e217beb6da2f03a5a908b8b961a09d955c3fbe32a04cfd14d8f1c458020a4a830b919e3190a0ad1613915af76d9947c |
memory/4928-145-0x000002DA15040000-0x000002DA15041000-memory.dmp
memory/4928-146-0x000002DA15040000-0x000002DA15041000-memory.dmp
memory/4928-147-0x000002DA15040000-0x000002DA15041000-memory.dmp
memory/4928-152-0x000002DA15040000-0x000002DA15041000-memory.dmp
memory/4928-151-0x000002DA15040000-0x000002DA15041000-memory.dmp
memory/4928-153-0x000002DA15040000-0x000002DA15041000-memory.dmp
memory/4928-154-0x000002DA15040000-0x000002DA15041000-memory.dmp
memory/4928-156-0x000002DA15040000-0x000002DA15041000-memory.dmp
memory/4928-155-0x000002DA15040000-0x000002DA15041000-memory.dmp
memory/4928-157-0x000002DA15040000-0x000002DA15041000-memory.dmp
\??\pipe\crashpad_3628_OEPHCYDZDSWLDYDQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\184f2c40-fbb0-43c8-a525-ac360611b146.tmp
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 88458d8ca93c36584dce803cec925dca |
| SHA1 | bf7b565f9b2ffdd2c04e02454f99dce25719cfe5 |
| SHA256 | d23c21fd19a4829381a7cd149cd9dee73aee2f49ff491656e708e1e093f2f337 |
| SHA512 | 5cccfa7aa4fdae2cba64e50d88ad83a0f3807baa2397b046d1c09bf3ea938c2b6f829dc6b864db66fc0e971adc56d0b1dd45533705e28c50195836c949d42c40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aa612c274fe15c2e83dbd28525f4f44c |
| SHA1 | 7967c4ed4fbcee6bc413ea319beed2ae988169f2 |
| SHA256 | 5cde7a5c18771af7379b875086293cc1f1b9e80cdd2a56227f7192056fa94c63 |
| SHA512 | b481c2998f0841e8b38b23232ff7fd29732c2504ceb2bc5e77279744eeca83f4cdf855337f311b9f75e1b483d0b75e0b6c4fe2c9059dbac435928bc92bc0511f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | d574939016c1b0511053c934958d9a25 |
| SHA1 | 1ebb35cd6af10fce71dcd4778c9bbcd9822ef999 |
| SHA256 | ad0ad0fb63aff674e004faa8c826d6523a79532133fc07eb9a2ee5a1d367ec66 |
| SHA512 | 48758079cd42e05da63126f5119d15a4f79520095d062b67490b637df8fc12d567eaa2ec9c083d747093fbefedc651fbb3a2bc4f2fbbab9b5a09379626a40ceb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9474d937e876d9ed7072e62d69045415 |
| SHA1 | 7909328756b9a1a89dab2d6647b88a40bf790066 |
| SHA256 | c5d381006d6fef09beab632629e91048ec9a2100061511e334f2cc5eb9334d85 |
| SHA512 | e900f448aa94b1ded387000d5e358d8dfad129c628992925edeb9cbb70e71e1516476b17832bc3aee45cb0be2442a5a5e1d80956e85da915a924cb8835f4b9be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ea34a67cac077bf0a70cc9205cbe5612 |
| SHA1 | 689af33c19fedf1b6b5050dcc1a84dc7c1bce3e3 |
| SHA256 | ee5eeb0d045719b04b6f40891dbf65d838e78f46cf3071e1e600ed58fd51e056 |
| SHA512 | 9b600fb17b424504ac2a4837b705c2fcae93f7ae96e52d5bb762abc100eb92577f5f1b6d8734eacf9e0e2bd44ccf8d9df075af8520564015d565d6e9e7ca5d1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c5311ab283fea323c5e31a1a3536114d |
| SHA1 | 50bdce95cf790d39b23ed91a151545a244af89db |
| SHA256 | aa6524481608573513493850c477717930597e3e493ffa738a360c0092df91c5 |
| SHA512 | dc44d3b600f5f3f52500636cfcfb00829fef25314855dfa515157201b87c9ee2516ff686c3b308baea4e03a234c27cb935fc19faf3be1a17bd620195a2f63271 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9cf33423fb73f4ba53579664235ba588 |
| SHA1 | 553b078bbfebed033ce345fd9a5fa4ad4f8a4c51 |
| SHA256 | e9908bb55e768446acbc50efe1ab6fdfb07d67af7e4e56f6d32ae599bb8fdef7 |
| SHA512 | 4d1d2b2fd6bfd985dbd8ce87cd88b6f1e2430ba470633b1aed51239ca6601df4ce02421410d3fd1f12f49dacc83edbf26b25d93bbbac2dbcf950db0918d28470 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | 2056424df06c59b02dd0129d8fb46591 |
| SHA1 | 09c155e4ee514aa7cda24cd562e2866407a72ff6 |
| SHA256 | 7d0e70820bacf9f32391518b4fc96a1b949dbf7ce7e2497743f673ddcb1a735a |
| SHA512 | 9d99a665b9eda0fee0c465164154c1ebc21dcb59e5155d0adff2515952fd36ebb1c7e4f593f449d082a0bac567fb7b2fc953e19ab30136b08dad5c43d2733393 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | 810804025a5d73195159f941b65cf6c6 |
| SHA1 | 072fabd98fa156970a42f575e9e1eee8077ea2dc |
| SHA256 | 2cb4b05f91fe206e787405fec49118a79bd114ae7096609592516221db1085a8 |
| SHA512 | 12f7e8eb198190f11195ac5d327c2c47504c2a971eae480de057f8aba7bb371698a66a621c11a73bb04ce9971cc8868c17d61abdcd401e25d10531d66dd6d4e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | 035ef6eaf7accadce25b54de51a58b43 |
| SHA1 | 6622e6858ee1349437d58c29fe821390c27cef41 |
| SHA256 | c29fd8d1af7a65a8ee253f331922fe84445b275926596fcefd3d2fcc02bf842a |
| SHA512 | d6a21d79e3f10a9c4ad0b1d0294922a90a8485170e514129b71eb0c287925d6a80b8c4d5e246faaf86964ffe4841aee78a8fb7a3b6c5d4f6fb0a82a73dfb69ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6002e1a7fb3d0cb5843dbadee1ca0e77 |
| SHA1 | 8bd4d4004122f9a239c41d9fade1eba897c82740 |
| SHA256 | d87e74fb2d48c1f7203758b1a96c81e7f27b4daad14e401f5b8924b13cc1d898 |
| SHA512 | e68860d209a103cd4e2a365c5514cf7ceb96aea0b418761b97659f1dd4b31a93be99f4fa09916be7f666dd039eeb96904ce328b4b3f48b20ce71fa5fbe6bcfbe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b8d5548eb1fb91027b4a6dcbe81250d2 |
| SHA1 | a648b0a422cee5e9532f0ceb7e4980a793ce8a23 |
| SHA256 | 670a14796e66153693f5ccacdd97de33521a8d4192167d831093139dfb411b48 |
| SHA512 | 8b422bbc744ba077cac49c68f385b5adbad849ae477ec56f2d3e3b04fd05a16821224f490d30a3148473740b487a4adb7969abefd0d6d5b3c7d75a719fc6822d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c86363ae687ce41e1bf67c175611c426 |
| SHA1 | 66b52d6e75fe512e9ef4e07ac37b0d347c45af0d |
| SHA256 | 4ce673ad5d3893a249d3697a2d20b93737cca71324228fb6d7e5eab25b7acf3f |
| SHA512 | 946fb6c64f332b8f0b59877dd8ed1fc769eb9ed4ddfeb1d68eb21b8bbf5bd6f2b649be914176a0bd3f98ce22278296ffe428d450d961509107239fddf8a8dbbb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8d2c64b51bee00ba01f6d61e2ca3ab8d |
| SHA1 | 2911509c390671e6f4b561068baf256a215306e6 |
| SHA256 | 3ab9ffb4d1732cd1b7cd6cc922550571f90d83af434523dc62ae47f99d147f7c |
| SHA512 | a3ee473528734ec8719421ac3515c34102900a6ef1f64c71326f518cbbe6c48935f31d13438236e7fd69c95a594802703ef31cdd701f1381842dac7cd14e4a85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3d98155eebf762c8cf8119ca278450ed |
| SHA1 | c649e29541dc78918f397783944e96bb102cd7ea |
| SHA256 | 75c80d60682a8a285a3165e19feb91ca5db15445c9224a74519603a37b8366a2 |
| SHA512 | aac05e8995449f92d4ebc272a9582c23ef2f77951aeeb4f27e1da07a429e47fa2d6d12dadb2a0a306e92633d838dc6ab65266586faf13294ef74bd5722e077a6 |
C:\Users\Admin\Downloads\njRAT-0.7d-Platinum-Edition-RuS.rar.crdownload
| MD5 | f4555fd1a0125ddf8ac8de8eec673e2b |
| SHA1 | 178f12eb0fbf29bb7dd7ab8ab659eca5b2984774 |
| SHA256 | 4c2f94c77738275e7c4370557f19e402b48f8c82771cca538a5a95ca99f41e3a |
| SHA512 | 3a43821884758df7b57861dc381d452cf03f15635aa936564d1dba24cda66b1f21042159672c6ba913e11ed209f21fb670d88c3df48d529bbd592e9e4a5d1a7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 273396c30e453a3226a9250189f7b78e |
| SHA1 | acd14cd0dd9d4cd6fd438daceba2614ffab70a7f |
| SHA256 | e8d852e2ca37d614912d843efaaed54c3e610b0d68e315647d155969cdc2eed1 |
| SHA512 | d81b9244152aa17c729450cb2cfaa630b63b42f9e5bddc29edde6d7bacab812c0883c22765d3bd019737919036a1533b9f2d39c1d41a8aeffc5d14ff1b464f89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 2258d1b55d0ba9902c1b7324f51683e8 |
| SHA1 | 5284ab40621902e6bf4613ffe7d5ff835945a3be |
| SHA256 | 5a25e94dcf52a6b0fd2ebfa07a969441af7c68a44336615a87a650c999bc9247 |
| SHA512 | 6fb940a068e6931fc77266f9f85cd5d64ea694d13a3f9285c056bcfa592d951b8de645bb44556a10f0cde8609f9b6d56fab0cf0d2c26ef775f06979a6d6d3cc2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5943c6.TMP
| MD5 | a1b64598089d20ceb65315626281ac66 |
| SHA1 | 561e3b1890951a2cbdfd239c560f9f5362e8a817 |
| SHA256 | c38ab02686bb4edd9e42dbbda30086f80e4f201aee64916acdd4dabc7176d1ab |
| SHA512 | 62b6086957b8c6684aa0a2960a89b80f1485f421793012e81d8154fb4b3735836f22ceb56c501c5c63836baca77609dfd39d1f9a5eb9f3345ee37a050d01447b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fa123f0e9a7c97404a6a1d5549d9f366 |
| SHA1 | 1219116a1ded548282d026de96296780bb3e0b42 |
| SHA256 | b14c1e2f6912e8e43b51e486c2b91d5786b59fdb243abcd975b450a43805c496 |
| SHA512 | 3e1d195e78eca563f5105b8c9666d91e43e0fa1b8593661672744ae3659c38cd64de4dffc6976d55c0767363984fc07e1d7e13b916e9d707b24580a0a619b923 |
C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS.rar
| MD5 | f4555fd1a0125ddf8ac8de8eec673e2b |
| SHA1 | 178f12eb0fbf29bb7dd7ab8ab659eca5b2984774 |
| SHA256 | 4c2f94c77738275e7c4370557f19e402b48f8c82771cca538a5a95ca99f41e3a |
| SHA512 | 3a43821884758df7b57861dc381d452cf03f15635aa936564d1dba24cda66b1f21042159672c6ba913e11ed209f21fb670d88c3df48d529bbd592e9e4a5d1a7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 489d3171f2c6130e188796fc0282ddb1 |
| SHA1 | 713a0753aab6ba87516f7f19412c807027851683 |
| SHA256 | ff1a6cfe3c5bc6173b83421c598c07e221476c03b9b5ed28b1fcad4808af82f9 |
| SHA512 | 050dfaec8bbffc558bc1ce902e5521f62d09c0d01aea31a30f0cad665a85160d8f288324a43404242620add1388b5c8c9d06d0b320cc7bd199a37b3ccff208d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3b14c3473ef603ecd44346ebf4f6d581 |
| SHA1 | 6f4136eeab65037ffc38b348c59ec02cdff008e1 |
| SHA256 | cbfba7c11937a6a6a41d6c5df8950dad777887c73b5a257ecf463ac06d5d7356 |
| SHA512 | 0b96f3e6915f9e892ebbb98ccc0370f9f83bfb782241839d1189645d3c8b0921295493f81f028616b0abbf72a8116a57f69edcd2584b758ef732246ad01a6e2e |
C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe
| MD5 | 9ea34bd96a5e4c536787107a532e1bf2 |
| SHA1 | 66941b6165076379114b4216ff4f60d9623c407a |
| SHA256 | 989114eac06b024e0fd631d7d7b6e5435f86ea349cdb59c9b7c4407d1527ae38 |
| SHA512 | e80b6ccd07e4187331085a23fea83acc6fbee611e0af2b4f1c724f2ae5b50688692c8aa917852dca400c705d25b83b95c4201e70c12cf68b35a276ee3a23cabf |
C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe
| MD5 | 9ea34bd96a5e4c536787107a532e1bf2 |
| SHA1 | 66941b6165076379114b4216ff4f60d9623c407a |
| SHA256 | 989114eac06b024e0fd631d7d7b6e5435f86ea349cdb59c9b7c4407d1527ae38 |
| SHA512 | e80b6ccd07e4187331085a23fea83acc6fbee611e0af2b4f1c724f2ae5b50688692c8aa917852dca400c705d25b83b95c4201e70c12cf68b35a276ee3a23cabf |
C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe.config
| MD5 | da15a1d8d770b57356ddd384342b3034 |
| SHA1 | b03d6cb907c139492c7b914147a498b31ef839fd |
| SHA256 | c45c9d1d30f940289498be2af978d74178a5c24ceb7755c2648f6c7a89353813 |
| SHA512 | 3cf7dd0d14244c543e3442873ce7e495ade87ad906a42d53f3b38180ffc453bd74ae022b91306445d359475dbee4caa1514c4e913e823d174b8470b45fed7cfc |
memory/3096-838-0x00007FF89F420000-0x00007FF89FDC1000-memory.dmp
memory/3096-839-0x0000000000130000-0x0000000000924000-memory.dmp
memory/3096-840-0x00007FF89F420000-0x00007FF89FDC1000-memory.dmp
memory/3096-850-0x00000000013D0000-0x00000000013E0000-memory.dmp
memory/3096-851-0x000000001B8A0000-0x000000001B946000-memory.dmp
memory/3096-852-0x000000001BE20000-0x000000001C2EE000-memory.dmp
memory/3096-853-0x000000001C3A0000-0x000000001C43C000-memory.dmp
memory/3096-854-0x0000000001130000-0x0000000001138000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0872afb6b28f6c94b28ab05b4962873f |
| SHA1 | 59326986b39f5b8a425498c999751e8684b2dfcb |
| SHA256 | 8373abc4f50ef0139ad73c748cf49149e59d2fce3d8a8cfb85387b142700a675 |
| SHA512 | d7ad1c10bc827a36307cb7a188a6b211c816e103072859ff4a1129af600be181d42827442c2db59eb011c6455758e3f52e79d8d9044a16702058e5b470a6eb73 |
memory/3096-860-0x000000001C600000-0x000000001C64C000-memory.dmp
memory/3096-861-0x00000000013D0000-0x00000000013E0000-memory.dmp
C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\WinMM.Net.dll
| MD5 | d4b80052c7b4093e10ce1f40ce74f707 |
| SHA1 | 2494a38f1c0d3a0aa9b31cf0650337cacc655697 |
| SHA256 | 59e2ac1b79840274bdfcef412a10058654e42f4285d732d1487e65e60ffbfb46 |
| SHA512 | 3813b81f741ae3adb07ae370e817597ed2803680841ccc7549babb727910c7bff4f8450670d0ca19a0d09e06f133a1aaefecf5b5620e1b0bdb6bcd409982c450 |
memory/3096-863-0x000000001D730000-0x000000001D742000-memory.dmp
memory/3096-864-0x00007FF89F420000-0x00007FF89FDC1000-memory.dmp
C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\GeoIP.dat
| MD5 | a0a228c187329ad148f33c81ddb430bb |
| SHA1 | d70ec83d1b15b3156df73802dd1bec024b1b9346 |
| SHA256 | b4bfd1ebc50f0eaab3d3f4c2152feae7aa8efad380b85064153a6bfd006c6210 |
| SHA512 | 0fe0a62c07f7ade0e6bfac8843c13c055369177935d801488a993bc4bcdb9da220ba1b37df2027dab8af7c15e5cf00b3e8f223b12165d8a1b0b9c30dc9939332 |
C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\plugin\cam.dll
| MD5 | b0f1130c6da19dbdb8556f910f168420 |
| SHA1 | e09ffdb725dc2ca0bc28a58a4615c0f3bcf08adb |
| SHA256 | 8aeec9c0a673f2043bec795d8430c280392913ac275fbaa3380524ad2148eaf8 |
| SHA512 | 4d97ac1ec120120c22d2fa39c3bcdafbaf6796da4742154323860ede74a56fffadfd3734b2fcd37e60ea0334e951e3c2d7b05c52235db89bde3fa2a1424224fa |
C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\plugin\pw.dll
| MD5 | db87daf76c15f3808cec149f639aa64f |
| SHA1 | d67f84a44ddc25432ce179aeba9cff778af746ee |
| SHA256 | a3e4bee1b6944aa9266bd58de3f534a4c1896df621881a5252a0d355a6e67c70 |
| SHA512 | ad7dc75254180ff7c988b7f394ad76b696384002457d558469d2c6401dd97cba54c532245bb555ab28d2beda3ab504736bb2b89040a21ba6598929392daab473 |
C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\plugin\plg.dll
| MD5 | 4643db3dbf75200efa97e80cfcf2da1d |
| SHA1 | cd65423fbeb54a82f1312ad96c848a261047ccba |
| SHA256 | bd5a390efa75b9a47077fa1e7558713842563ec5822eb7f1dbf35ad9020012dc |
| SHA512 | ccacfcf1e9325ee3dba0556cc527eae2b856531a7d963072181549e3e76395d42be27206f0312a5fa30d8d35df75a64382a399fb61c26cef703671fe21fb25e9 |
C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\plugin\mic.dll
| MD5 | e9214452435d0e6f782b545ec0123331 |
| SHA1 | 1705609d15c0c7cab4ebcb28f082cfcb8e1f80ac |
| SHA256 | 7bae6ec2613874287c20ddcbdf75e7cca0ac65132485dfcfd632d0e5f97c1719 |
| SHA512 | 05cbe650b1ed26193128cba8d58fbe4c96ccb5931d877a6937e4a442f74412fd3cdda46b5cff4390a71133cba4c10c778377988c657eebfe5e631ae4f445ebce |
C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\plugin\ch.dll
| MD5 | 9000a99ee61e1c87fb811a77df2e7b91 |
| SHA1 | 61a026acdbeea3c8e68a55bce7c4803aa678adbb |
| SHA256 | 47f7c69c4cc4c0feb6a6f1730d697ca95e24d5cedd490c31d8e30cd1fa3b3859 |
| SHA512 | d45a1e2530143dab919b892b7e21657a2e6e62533046d75aa787da9ad012b73245aa033de5c169aed08a66fb117be1df1f87253cb4e49cf9b47b89e58d799c15 |
C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\plugin\sc2.dll
| MD5 | 801a5d1e272399ca14ff7d6da60315ef |
| SHA1 | e546ef8f00d96404823a1ed242ed7b56167da2f7 |
| SHA256 | 8e816523110bb2ab5e7611c0322cc4aa2d6c8d2a899b3a03731965ed1644549b |
| SHA512 | 32eeb2302cfe06e996f2d729d440fc2796d16e33fd9d793c5eaf379e8450d67e177d5c254721c6fd5636c92e55439054b982e0820a757ebd5e65584d3f0c739a |
memory/3096-872-0x00007FF89F420000-0x00007FF89FDC1000-memory.dmp
memory/3096-873-0x00000000013D0000-0x00000000013E0000-memory.dmp
memory/3096-883-0x00000000013D0000-0x00000000013E0000-memory.dmp
memory/3096-884-0x00000000013D0000-0x00000000013E0000-memory.dmp
memory/3096-885-0x00000000013D0000-0x00000000013E0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2a96296147c3145ccb3fa71e0d99cd92 |
| SHA1 | b2e24d37a1f690df6b89b161302dd24809384422 |
| SHA256 | 779df5a364e73b518e6817185df3d02e42f7c9607c09cbecdfbb5fcdf4e4cfeb |
| SHA512 | a61fdb4fc2ce172fb05a7ffa4d77f8602a007d28ef3c06a9d10c7673296fbd3d77cf0a6018a73b510015e3c2a7f11a56c8ccf7608c15e244a4fd3738b8da00c8 |
memory/3096-895-0x00000000013D0000-0x00000000013E0000-memory.dmp
memory/3096-897-0x00007FF89F420000-0x00007FF89FDC1000-memory.dmp
memory/1592-899-0x000002538AE20000-0x000002538AE21000-memory.dmp
memory/1592-898-0x000002538AE20000-0x000002538AE21000-memory.dmp
memory/1592-900-0x000002538AE20000-0x000002538AE21000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | d2fb266b97caff2086bf0fa74eddb6b2 |
| SHA1 | 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d |
| SHA256 | b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a |
| SHA512 | c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | 6bd369f7c74a28194c991ed1404da30f |
| SHA1 | 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643 |
| SHA256 | 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d |
| SHA512 | 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
memory/1592-906-0x000002538AE20000-0x000002538AE21000-memory.dmp
memory/1592-905-0x000002538AE20000-0x000002538AE21000-memory.dmp
memory/1592-907-0x000002538AE20000-0x000002538AE21000-memory.dmp
memory/1592-908-0x000002538AE20000-0x000002538AE21000-memory.dmp
memory/1592-909-0x000002538AE20000-0x000002538AE21000-memory.dmp
memory/1592-910-0x000002538AE20000-0x000002538AE21000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f4df0a30e08a9af75c87d91cf2effcec |
| SHA1 | 754cdb737d943ba857b305e0769abaa2ab4b1e0f |
| SHA256 | 592434f1d7f30d165fed01f5549426803a7c02c8dc8e8c909b858f8717e6fb05 |
| SHA512 | 89e11cd69f88f106ab2e0919c205026ded09b012c58d1667d5be4ede527ec90906be2f1a78ae45d6338bbef13b9a7404fcc8f0d5e95f9f8d037356ca2bd0db9d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 78f026fa7d6c458ac7833af6fab3640e |
| SHA1 | cbfe7975313eff97f5c681cf97722812efadeeda |
| SHA256 | 8fbdfe2218fe014d6a463633a2f5e6b5c40ffd646b83af1415955f4722b5fa13 |
| SHA512 | 4fcc875778b62799ffe07ed23610c1b74ff222f8c23e49e4b918751d2016d7090d86e30a6418354cbdebaba6416ab6734a66383960821b974aea80dd9449da4d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 108bcc3183a7055837036f402ba8aa21 |
| SHA1 | ef2ef04ed02b82c9522329958846b06f83e54057 |
| SHA256 | 976fe2c8922b36692022e55b8c87d87990f87b16e45f9eb3599a433e15a540b0 |
| SHA512 | 68730fd16f504e005b5a17b769123ca78eda4a097bbb42f28ef112c22b0f8c886c379e22c777078592610602523b434afc520062e8cf28c27e502c08da629a86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b400409e91f8ae87ba2df96dd04f1d37 |
| SHA1 | f0ebad2cfe5ad2d83d00bf32f265ce21afd88795 |
| SHA256 | c585e68c597c7d02f1697b729d702d6b315b4c7d895cb2694f17ffedcf71537f |
| SHA512 | 0d596b00b57686cca5bd48cc85acf203bebf4f9fb976569d9533df51c984428c9ac23e6fce84438aede60b18b951fba72afcc324f7f773d76c598760cbcdf4de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8badbf97b9f918ff2d75cb257c56d3dc |
| SHA1 | e9fcde6815762e1943877810afe85784913e0ff6 |
| SHA256 | d8f93148a0a553e9e18c1c5c5bc42566988821fcb1face3caca54f3309437abc |
| SHA512 | ea2c7e0c4f2f8d75e5d16e122cf809b71c73a201844bfe3af0c99bae18efec9eccffcc9d4e4ff8a1e4e9943bfd8d322f295f86c36c0e019b9bb56ff7ff619a6e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b6665e57ed4299e37a285264555d2c37 |
| SHA1 | c5a6c800bfebcf6f4ca2756eb22fe9ca66279b84 |
| SHA256 | e8fb7439be2b3b24f54a74b6482fb0747905ce4c3675f5e4969108f979856811 |
| SHA512 | 9b0f8b7ab542b9343d7e60918f0e1a66a29977dff61c07fed117adae5fbab4f3869b03978dc7ad548573b1794645e4fdfc400f2b0155634732fad7d63ca4134a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | cbd4cb8a9ab46ec437258efda6a22ba9 |
| SHA1 | d9c2693b318cfd2d01be3c873965f30bea3040e4 |
| SHA256 | 0932f9a452be0d6b2a503bad573343e6fc0ff72acd83a6714cfc0d85cbe7c29c |
| SHA512 | 54f1c12cec349c69e1707f880b9c71614536189cb2b8b2b1c18191475e213ed7f9e9ae4d64a55f3fd153cdcf5feb46a18a6f55528bc364ae37c8e4abd5496a5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 54979538c1f1819bdfa1f443df020ab8 |
| SHA1 | 2326c5cf649689db8f64920bb5c1ff71ef507b2b |
| SHA256 | db3f71f9250a78e02e81fd6a32839b7aee0d34a68460660f4f60289165f4e736 |
| SHA512 | f99cc4ff451449328dd3dba79ad3fc12febd8203d07be048f76ca4f4e0e7f3cd3709a336b6f84f8378fae70c9c8a7b9c1e47e165fde3bb0e701a80c8818921bd |
C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe
| MD5 | 9ea34bd96a5e4c536787107a532e1bf2 |
| SHA1 | 66941b6165076379114b4216ff4f60d9623c407a |
| SHA256 | 989114eac06b024e0fd631d7d7b6e5435f86ea349cdb59c9b7c4407d1527ae38 |
| SHA512 | e80b6ccd07e4187331085a23fea83acc6fbee611e0af2b4f1c724f2ae5b50688692c8aa917852dca400c705d25b83b95c4201e70c12cf68b35a276ee3a23cabf |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\NjRat Platinum Edition.exe.log
| MD5 | 1b2f0c7407b8bbbaaf86739abe069e81 |
| SHA1 | 372380724c49f74a66176054790917f31134ec63 |
| SHA256 | 3dd2fd61d338cf98cb575bd6efe579a67debb9e3b4535fd6c2dba57a120ffbfd |
| SHA512 | ea3343f655b6ab1181174db403590199049340f3bf2fb51e44f6be8949102d83952d1e7c69d92066573187e56199827abd3c90defab86b05072b0896ab458ae9 |
memory/1180-1071-0x00007FF8A28B0000-0x00007FF8A3251000-memory.dmp
memory/1180-1072-0x00007FF8A28B0000-0x00007FF8A3251000-memory.dmp
memory/1180-1073-0x0000000001B00000-0x0000000001B10000-memory.dmp
memory/1180-1074-0x0000000001B00000-0x0000000001B10000-memory.dmp
memory/1180-1075-0x0000000001B00000-0x0000000001B10000-memory.dmp
memory/1180-1076-0x0000000001B00000-0x0000000001B10000-memory.dmp
memory/3728-1078-0x00000238E7820000-0x00000238E7821000-memory.dmp
memory/3728-1079-0x00000238E7820000-0x00000238E7821000-memory.dmp
memory/3728-1077-0x00000238E7820000-0x00000238E7821000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
memory/3728-1082-0x00000238E7820000-0x00000238E7821000-memory.dmp
memory/3728-1083-0x00000238E7820000-0x00000238E7821000-memory.dmp
memory/3728-1084-0x00000238E7820000-0x00000238E7821000-memory.dmp
memory/3728-1085-0x00000238E7820000-0x00000238E7821000-memory.dmp
memory/3728-1086-0x00000238E7820000-0x00000238E7821000-memory.dmp
memory/3728-1087-0x00000238E7820000-0x00000238E7821000-memory.dmp
memory/1180-1090-0x0000000001B00000-0x0000000001B10000-memory.dmp
memory/1180-1089-0x00007FF8A28B0000-0x00007FF8A3251000-memory.dmp
memory/1180-1091-0x00007FF8A28B0000-0x00007FF8A3251000-memory.dmp
memory/1180-1092-0x0000000001B00000-0x0000000001B10000-memory.dmp
memory/1180-1093-0x0000000001B00000-0x0000000001B10000-memory.dmp
memory/1180-1094-0x0000000001B00000-0x0000000001B10000-memory.dmp
memory/1180-1095-0x0000000001B00000-0x0000000001B10000-memory.dmp
memory/1180-1096-0x0000000001B00000-0x0000000001B10000-memory.dmp
memory/1180-1097-0x0000000001B00000-0x0000000001B10000-memory.dmp
memory/1180-1098-0x0000000001B00000-0x0000000001B10000-memory.dmp
C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\Stub\Stub.il
| MD5 | 8a1ea88a0ce54fbe8a85aedc751e0edc |
| SHA1 | 2e3622edeaa569f4b38f740f593f4bd9f913c97a |
| SHA256 | 4eaa0830f3a6b72e6380875b82c28fc48d22d3c14ab2adab87e2deafdbf19ea8 |
| SHA512 | e01a5511b9e21610d3e2e325fbf15068432dda6dbc976ca7395ad9c3e2d8a91883be813db75339d51e0bd5ea7c23a9c37c9b7e7384399489b21d15d953397f64 |
memory/4120-1101-0x0000000000940000-0x0000000000950000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\stub.il
| MD5 | c496991ec341aff8f47ad39d48920907 |
| SHA1 | ca59aab30c76495f0c75c4396735b49d3cae23ef |
| SHA256 | 119462fc087eaece7bbf1411d1b6abebfad76940f4b812c879540433602eec91 |
| SHA512 | 05bd4c184e9e8f45f7717287d4cd944c2a69673607550a7646f5e0ab3b4f3f649e4ee3a494d4b0b39ac5214c6e6ad7cefe59fffd05e2a657ffaf66014913bc7c |
C:\Users\Admin\Desktop\New Client.exe
| MD5 | 3aec111f7928fa8f610aef30103bc1aa |
| SHA1 | 3e44d32f727d6623dbb398175dbec662d07e1d93 |
| SHA256 | 39f1ba5d18442642c4f749ec4cbea2295dc821170f1816860570dd2500848d8f |
| SHA512 | f371066a3aaa0323865f72cfe47b9b7669b68b218b3b33f05ddb0af583a31f574cf57c6395731e3a326b13a9cc7d90d6b6f5f1e8c161cd26ff7437f5039a8d6e |
C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\Stub\Stub.manifest
| MD5 | 4d18ac38a92d15a64e2b80447b025b7e |
| SHA1 | 5c34374c2dd5afa92e0489f1d6f86dde616aca6c |
| SHA256 | 835a00d6e7c43db49ae7b3fa12559f23c2920b7530f4d3f960fd285b42b1efb5 |
| SHA512 | 72be79acd72366b495e0f625a50c9bdf01047bcf5f9ee1e3bdba10dab7bd721b0126f429a91d8c80c2434e8bc751defdf4c05bdc09d26a871df1bb2e22e923bf |
C:\Users\Admin\Desktop\New Client.exe
| MD5 | 3aec111f7928fa8f610aef30103bc1aa |
| SHA1 | 3e44d32f727d6623dbb398175dbec662d07e1d93 |
| SHA256 | 39f1ba5d18442642c4f749ec4cbea2295dc821170f1816860570dd2500848d8f |
| SHA512 | f371066a3aaa0323865f72cfe47b9b7669b68b218b3b33f05ddb0af583a31f574cf57c6395731e3a326b13a9cc7d90d6b6f5f1e8c161cd26ff7437f5039a8d6e |
memory/2356-1112-0x00000000754B0000-0x0000000075A61000-memory.dmp
memory/2356-1113-0x00000000754B0000-0x0000000075A61000-memory.dmp
memory/2356-1114-0x00000000011E0000-0x00000000011F0000-memory.dmp
memory/2356-1115-0x00000000754B0000-0x0000000075A61000-memory.dmp
memory/2356-1116-0x00000000754B0000-0x0000000075A61000-memory.dmp
memory/2356-1117-0x00000000011E0000-0x00000000011F0000-memory.dmp
memory/1180-1118-0x000000003F0D0000-0x000000003F1D0000-memory.dmp
C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\Sound\Sound.wav
| MD5 | 11ca5b5feba113ccf66d6649b5b3cb40 |
| SHA1 | 503f3a2a449b195d6e71237fba623c3a7b5a08fa |
| SHA256 | 9430fec62eb1bfecb35f4a9ceb2ddd5ce6294751cde85fd7169c8def811af49e |
| SHA512 | 2183286132157f0122b1c8cbfbf0ccf49cf59ca033453d983fb4e25850203e1c03beff98bf99580b20c8049180d4afce339680ba70e1bd7c5a95f859afa70da3 |
memory/1180-1120-0x000000003F0D0000-0x000000003F1D0000-memory.dmp
memory/2356-1121-0x00000000011E0000-0x00000000011F0000-memory.dmp
memory/1180-1122-0x000000003F0D0000-0x000000003F1D0000-memory.dmp
memory/2356-1123-0x00000000011E0000-0x00000000011F0000-memory.dmp
memory/1180-1125-0x000000003F0D0000-0x000000003F1D0000-memory.dmp
memory/2356-1127-0x00000000011E0000-0x00000000011F0000-memory.dmp
memory/1180-1128-0x00007FF8A28B0000-0x00007FF8A3251000-memory.dmp
memory/2356-1129-0x00000000011E0000-0x00000000011F0000-memory.dmp
C:\Users\Admin\Desktop\njRAT-0.7d-Platinum-Edition-RuS\NjRat Platinum Edition.exe
| MD5 | 9ea34bd96a5e4c536787107a532e1bf2 |
| SHA1 | 66941b6165076379114b4216ff4f60d9623c407a |
| SHA256 | 989114eac06b024e0fd631d7d7b6e5435f86ea349cdb59c9b7c4407d1527ae38 |
| SHA512 | e80b6ccd07e4187331085a23fea83acc6fbee611e0af2b4f1c724f2ae5b50688692c8aa917852dca400c705d25b83b95c4201e70c12cf68b35a276ee3a23cabf |
memory/2824-1131-0x00007FF8A28B0000-0x00007FF8A3251000-memory.dmp
memory/2824-1132-0x0000000001990000-0x00000000019A0000-memory.dmp
memory/2824-1133-0x00007FF8A28B0000-0x00007FF8A3251000-memory.dmp
memory/2356-1134-0x00000000011E0000-0x00000000011F0000-memory.dmp
memory/2824-1135-0x0000000001990000-0x00000000019A0000-memory.dmp
memory/2824-1136-0x0000000001990000-0x00000000019A0000-memory.dmp
memory/2824-1137-0x00007FF8A28B0000-0x00007FF8A3251000-memory.dmp
memory/2824-1138-0x00007FF8A28B0000-0x00007FF8A3251000-memory.dmp
memory/2824-1139-0x0000000001990000-0x00000000019A0000-memory.dmp
memory/2824-1140-0x0000000001990000-0x00000000019A0000-memory.dmp
memory/2824-1141-0x0000000001990000-0x00000000019A0000-memory.dmp
memory/2824-1142-0x0000000001990000-0x00000000019A0000-memory.dmp
memory/2824-1143-0x0000000001990000-0x00000000019A0000-memory.dmp