Analysis
-
max time kernel
182s -
max time network
182s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250113-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
19/01/2025, 18:55
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/XAKEP-1lly/NjRat-0.7D-Green-Edition-by-im523
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
https://github.com/XAKEP-1lly/NjRat-0.7D-Green-Edition-by-im523
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral3
Sample
https://github.com/XAKEP-1lly/NjRat-0.7D-Green-Edition-by-im523
Resource
win11-20241007-en
General
-
Target
https://github.com/XAKEP-1lly/NjRat-0.7D-Green-Edition-by-im523
Malware Config
Extracted
njrat
im523
HacKed
127.0.0.1:5552
165d6ed988ac1dbec1627a1ca9899d84
-
reg_key
165d6ed988ac1dbec1627a1ca9899d84
-
splitter
|'|'|
Signatures
-
Njrat family
-
Modifies Windows Firewall 2 TTPs 1 IoCs
pid Process 3884 netsh.exe -
Executes dropped EXE 1 IoCs
pid Process 4760 Server.exe -
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Uses the VBS compiler for execution 1 TTPs
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 4760 set thread context of 4984 4760 Server.exe 114 -
resource yara_rule behavioral2/memory/4984-354-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/4984-355-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/4984-356-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/4984-358-0x0000000000400000-0x0000000000472000-memory.dmp upx -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp chrome.exe -
Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language NjRat 0.7D Green Edition by im523.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ilasm.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Server.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language netsh.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133817865571100766" chrome.exe -
Modifies registry class 52 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings chrome.exe Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 NjRat 0.7D Green Edition by im523.exe Set value (data) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff NjRat 0.7D Green Edition by im523.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ NjRat 0.7D Green Edition by im523.exe Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell NjRat 0.7D Green Edition by im523.exe Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" NjRat 0.7D Green Edition by im523.exe Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} NjRat 0.7D Green Edition by im523.exe Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg NjRat 0.7D Green Edition by im523.exe Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" NjRat 0.7D Green Edition by im523.exe Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" NjRat 0.7D Green Edition by im523.exe Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" NjRat 0.7D Green Edition by im523.exe Set value (data) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 NjRat 0.7D Green Edition by im523.exe Set value (str) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" NjRat 0.7D Green Edition by im523.exe Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 NjRat 0.7D Green Edition by im523.exe Set value (data) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff NjRat 0.7D Green Edition by im523.exe Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 NjRat 0.7D Green Edition by im523.exe Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" NjRat 0.7D Green Edition by im523.exe Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0 NjRat 0.7D Green Edition by im523.exe Set value (str) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic" NjRat 0.7D Green Edition by im523.exe Set value (data) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 NjRat 0.7D Green Edition by im523.exe Set value (str) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic" NjRat 0.7D Green Edition by im523.exe Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" NjRat 0.7D Green Edition by im523.exe Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" NjRat 0.7D Green Edition by im523.exe Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" NjRat 0.7D Green Edition by im523.exe Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings NjRat 0.7D Green Edition by im523.exe Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 NjRat 0.7D Green Edition by im523.exe Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell NjRat 0.7D Green Edition by im523.exe Set value (str) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" NjRat 0.7D Green Edition by im523.exe Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" NjRat 0.7D Green Edition by im523.exe Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\NodeSlot = "7" NjRat 0.7D Green Edition by im523.exe Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" NjRat 0.7D Green Edition by im523.exe Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell NjRat 0.7D Green Edition by im523.exe Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 NjRat 0.7D Green Edition by im523.exe Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags NjRat 0.7D Green Edition by im523.exe Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" NjRat 0.7D Green Edition by im523.exe Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" NjRat 0.7D Green Edition by im523.exe Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU NjRat 0.7D Green Edition by im523.exe Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 NjRat 0.7D Green Edition by im523.exe Set value (data) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 NjRat 0.7D Green Edition by im523.exe Set value (data) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff NjRat 0.7D Green Edition by im523.exe Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} NjRat 0.7D Green Edition by im523.exe Set value (data) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 NjRat 0.7D Green Edition by im523.exe Set value (data) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 NjRat 0.7D Green Edition by im523.exe Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0 NjRat 0.7D Green Edition by im523.exe Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" NjRat 0.7D Green Edition by im523.exe Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" NjRat 0.7D Green Edition by im523.exe Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" NjRat 0.7D Green Edition by im523.exe Set value (data) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000002bdffb79c065db015bea80fec865db01bf4b83fec865db0114000000 NjRat 0.7D Green Edition by im523.exe Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 NjRat 0.7D Green Edition by im523.exe Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg NjRat 0.7D Green Edition by im523.exe Set value (data) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 NjRat 0.7D Green Edition by im523.exe Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" NjRat 0.7D Green Edition by im523.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1140 NjRat 0.7D Green Edition by im523.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 380 chrome.exe 380 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: 33 2432 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2432 AUDIODG.EXE Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe -
Suspicious use of FindShellTrayWindow 39 IoCs
pid Process 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 1140 NjRat 0.7D Green Edition by im523.exe 1140 NjRat 0.7D Green Edition by im523.exe 1140 NjRat 0.7D Green Edition by im523.exe 1140 NjRat 0.7D Green Edition by im523.exe 1140 NjRat 0.7D Green Edition by im523.exe 1140 NjRat 0.7D Green Edition by im523.exe -
Suspicious use of SendNotifyMessage 27 IoCs
pid Process 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 1140 NjRat 0.7D Green Edition by im523.exe 1140 NjRat 0.7D Green Edition by im523.exe 1140 NjRat 0.7D Green Edition by im523.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1140 NjRat 0.7D Green Edition by im523.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 380 wrote to memory of 656 380 chrome.exe 83 PID 380 wrote to memory of 656 380 chrome.exe 83 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2272 380 chrome.exe 84 PID 380 wrote to memory of 2620 380 chrome.exe 85 PID 380 wrote to memory of 2620 380 chrome.exe 85 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 PID 380 wrote to memory of 5068 380 chrome.exe 86 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/XAKEP-1lly/NjRat-0.7D-Green-Edition-by-im5231⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:380 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffe4549cc40,0x7ffe4549cc4c,0x7ffe4549cc582⤵PID:656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1992 /prefetch:22⤵PID:2272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1556,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2080 /prefetch:32⤵PID:2620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2472 /prefetch:82⤵PID:5068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3180 /prefetch:12⤵PID:3496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:3208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4484 /prefetch:82⤵PID:3288
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4464,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5100 /prefetch:82⤵PID:1600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=500,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5312 /prefetch:82⤵PID:1332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5196,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5280 /prefetch:82⤵PID:2784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5192,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5116 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1660
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:1356
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:1472
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1708
-
C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe"C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe"1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1140 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /alignment=512 /QUIET "C:\Users\Admin\AppData\Local\Temp\stub.il" /output:"C:\Users\Admin\Desktop\Server.exe"2⤵
- System Location Discovery: System Language Discovery
PID:3632
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x458 0x4141⤵
- Suspicious use of AdjustPrivilegeToken
PID:2432
-
C:\Users\Admin\Desktop\Server.exe"C:\Users\Admin\Desktop\Server.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4760 -
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\Desktop\Server.exe" "Server.exe" ENABLE2⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
PID:3884
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" -f "C:\Users\Admin\AppData\Local\Temp\2843391"2⤵PID:4984
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD553f3e1044ebf98cf003b428cd43282a2
SHA1370d8bfff82068d589bd1841a3cc95d7f5ac346b
SHA256ab48f479d1e0ece1ba1bc890561dd0eae209f3d21c4c35202bb1a90e0520b2ea
SHA512ede05ec5dd7d359c01f0b8ef122106b2cd666c449394ed1a69d28c5a1be9d54e202d417b876d449eff83f7bde5335b9d16e598affa266694f0854ac48a7923d2
-
Filesize
2KB
MD591162e237eab471d68504e6f6501eb08
SHA1b2be4aaf59629d53e6441695140ed8a80f3b9015
SHA2561de06b54c16cc86456204a229e8e9aeae943f07994e5409b88e22915e3a2197b
SHA512b5662ddfa994af5748668142a5f496a4f98b6988385ff09c61ded5d18c62652f56a105c03a8b740ccf7ec05f896b62f28a7c0a898cf21af67c27c981d61f703a
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD51089d7963d01898c730f1f2d531e690d
SHA19fb72f3a41dda3136c467fca9a0c86395df1d71a
SHA256d0e49c1abba435a4c649170062fff847a0572f5f81795ade762558a1329bc286
SHA512b348e6c3c26476b63a6b2ad0b15dade394b12e28e01ae1dccd95414c388e8516afe07c1b8b3b442f04e599d745aaa6ed32b5bf8cea1a050f4fc87f376c7f5564
-
Filesize
1KB
MD5d80f4675d723418eae2181fb4f48b4a8
SHA14d013f1fc0900e6874b67cce022207c420a1fb9c
SHA256319d39ba832a12667bc4f6aaaad825bbd291a23186082f08c94ebaec9fdd405f
SHA512972a7196300d260efb8325560d228d6a7557959de194d3e26187f387d6ccea9db8f89c3e817c664fef6adfced702ef3d498bf55c2baa8d58963922d200ac80fa
-
Filesize
1KB
MD50b235aff613e851654834eaa9784dd2d
SHA15661f1b3cb92af9ebd38455e06e053bcc6c704b0
SHA2568096e55379ed47d7d398771467cefbc5c0f581ec5155419ae76d3ec8851e3c90
SHA512006cf8ab621feae7ca321cc6fdeeb79ae1476f308268d10bb11847d818cf827af279420d45374647f6451f10725c198f0612cea357b9956057da9c7372ab97f2
-
Filesize
9KB
MD5775cf807de1aac4e25d8164d98d05f34
SHA118b1dc3f8e28e5a7f3a2c3ee88c78d1255e86bb8
SHA256c47848e2f6a26286fcc8be5b40dc6f77870bdabfb27662085de792c7cb44e3bc
SHA512a5bab9bc65c393b93cf5736f541b4948045ba28897068d68a4cf9306485416f1d8bcf4d2104bfc20bfdd12f045c0eb21dd0ae01738f29c5f9ee9fd35543d58c6
-
Filesize
9KB
MD540db0f6490312ef78548acd85a26ea92
SHA18b178fec0167e1ec9d77aa23f2180432a32bfcd8
SHA256703f4292eb274608893726291b310833babc5f46b5e413f3179771ff3ee0e477
SHA512c0dc59804bf431c4c2b3ba899e322b06b585e7a2307367150a59dddd8d34dba7fac905dd4cbf3dd0f777f4ac98b8ea6337424be8baee263f271a24d28f828cff
-
Filesize
9KB
MD54ba9da65f68b4c8f8996bd095c9164c6
SHA1cc179e71f2516839f7bd61904f28d6afa71daf8f
SHA2566059256ba3995fd968e5d0766b406ac51eeadf7876395affbe46fe7ab6a60f79
SHA51225d7a5a33fd9df4a06d9c2787aebd8aea36b127b29539d364b5bc262ecf10600bd035fa2cf710e68dd6735fb87704261e286cc87634136da2b7e15a25436ec33
-
Filesize
9KB
MD5aa62d3fcb2e97a355998f12940e0c907
SHA1f2c9f7ded746a6f543741ef402033227341246d6
SHA256d62ca9d94f5c7394aeaa2517017c2a2c40efe85a4db15306f081be0084b8a09e
SHA512eb3b5f80718e112134b0f770742137a301b4dd56603bf0238b46ebe160e363fbf1e06a2a380d2e94b6ad84b731ca3c6e5b4712058696f96485f458416eb1f430
-
Filesize
9KB
MD5369cb973048b09d64725664d3d08de4b
SHA1c3d4800b4767629aeac4cb90b6c745c5eee3703c
SHA2563695aaf4fb56148c2fade3b14e643f00b287e67c608d95af8e1e492407e84ddc
SHA5124c9249240ff3fe8f8bfe4c7c7c9e1fc7267659ec3c8c167145ab2716341e45655aad9469ff6c601d051458c78dee55a51685bf871ef4cb8e3ed7df18399a8683
-
Filesize
9KB
MD5f687329ca07a8394d64bf0f57cdea59c
SHA108f0f725b69c2fa5ab08dfe35e0c0b7218225d3b
SHA2563f9148e53a61f2cf2110b333d9e85d750b9e278eaa5a2931f3c514a8d5eb4cb9
SHA512ccdd6018bbad62ede7cd6d7f158a21e19e78c2cafa3d454529d9938a0dd3b9e2c44e640e0f8d2ffa5899515f320b67cf2df37082d60c37899401d498eba55c05
-
Filesize
9KB
MD5a3dd2e8c00fe12421c2707b5ffdbe878
SHA11eb9f88a03d7359b7b38a3f90a02a12e46417e30
SHA256fd86c68ee5be4f437b5bd9ff81157f430750aa8241cbf58ff3331679adc4d01e
SHA512d512a2a4151266503032d97366efb8ffc8fdde05ed2bf1ddffd89b994c2243fc82c68a089544265498ccc66b942a5c4c473f1cc638d288bafedbcaf3146381be
-
Filesize
9KB
MD58a371a913276617a52f0b4605e4e5aec
SHA1a876307525ffe03e8695930b7e98254eb1efbb03
SHA256e01bacec841da5123d8afd2aeb01242af05e02d8d7454b43a434028a1dd1a271
SHA512ee84ff4566892c201d7a9b352c4dc6d9bb0548b7e04b9360329003f0c07df53e4b3cb261b3fda28ec6efbdf4779023e491958b1827ac93026252ab094442f83a
-
Filesize
9KB
MD54b5ca13b9fed79dc54ffad8a6e60018d
SHA104a59a243ca291fdb6d7f4442ff2319bb0dad0d0
SHA2569758e48a225f2e534b160ea8f547a655a0ac151937198cd80f715588c4486c0d
SHA512ebaca5867c1261731a1ddc5971b65461c50e55b214430822d20da73192d8754ab72d1e48eeb5d9ff7ebbbe2703a32c3dd9f10dc585a9f57fabed67e6aa69f563
-
Filesize
9KB
MD55dc60b1e6b6555fcd493f157abd4e267
SHA15a06b5798ab95856489bab502dfc1a3820c4822b
SHA256451e7bb9c9b3a798d0d99941d2764670c51a170503b6131717e908396bca9b9a
SHA5120e9f9f294f80df45fa4106fe04de65115c69ab00cae3276c8f657417762c24c9467343daa33396a5b811360c3477874fe0d0ba4e24649ac485c5ddca8d177661
-
Filesize
9KB
MD55ad665bb26a46b7a3c8c341f80e7811a
SHA1649f843449a13c66d4647382f1c6b3d64b719b4b
SHA2563cb43b7cbc2dc1a6777ae7cc8fa6d79598dc3d02398684aef1dd4d2e1307ab7a
SHA512fdf23296733fc6d8f14b71b51fc99c636c59364c6adad70cb68ba0ac9028eba8e0964d8d5546d97cd10cf1f4a9c8ba389217ec88228b8ef3ab88b26da2e7af34
-
Filesize
9KB
MD5e07efb329431efbaae7a8cdd80de0732
SHA1fd120ee00004a5b1965aedc2460ebb41c6b22b57
SHA25609c5075af4c43b1f2c4bb11ec2f361fac7e9908e9ea1e74c509fe7b60a17b6e8
SHA512658d0d4b0ee80405e65826539be837df43142aa24366c375e8c4ebd964ceec873255babccb741eb3bfc2ea4ab686dda598a9ada5677793b47bfd0017075a695e
-
Filesize
120KB
MD5a19973cb6826c406cd2b18b5780f5f15
SHA1b4278946e6cb86353ee74889cbd4507cb610c10b
SHA2564ad7a9a45a4e073291c91d948e5d5ca7eee37b95a3db145a78e1fc2d773832dc
SHA512e226473e405ee5a486cda22f1c687e70e1cf59552b6b398ccb414202a8eddba8b272e8ea7e5bd632849c1de3e5cff7c7a4745010204ebf47434cb3d8e7f8e892
-
Filesize
120KB
MD51a5c4bd279aab207525a8ce7607ddd96
SHA109fb03c8b4080b5f43556b7653726d38761f6abc
SHA256a9796cc861b052b810f1d21bb57ca430058c3806bd17d22830ef33587249ee7a
SHA5120ca0c6327373e1c6bc770cc3d2981803e710fef9d6ecd49752b8ff2c876e26cb316551b45a7e643ad42be1461ebb6b61e6fd993c1970a093527a6ed313ca5ca0
-
Filesize
120KB
MD54a711095cbf23a1899e862d9709f94f0
SHA1d02b0472e6d617826e01f57ea042c65851659249
SHA256d42d6bfff768b1061f805f4f6048a99897757b34fa79a832eef0bf8479f5b688
SHA51234e6d015abba01ed0853ee0f14a601cbe12179a2bdafb28da28e02c72ad6e9e33cae802f38c278073931a972927596fc7283cb0d075aa41009e60d00faef6885
-
Filesize
217KB
MD56cf8c99950e9c3dec9267e01b86fcfa6
SHA146fd037d8ef024d8fb364ed41fc1b47d04e964d2
SHA256f99724000d993631080f48b25438cc71aa1e032fe048d2df530af96b5d438904
SHA512bb54871bd953f50500d49e6691e6bfe727d6768cde9db74567e7d9493947bb6f54f7ed45cda64e5f788f82ac14b26f3305f1a4ea03d788b6d06f582740b2ce21
-
Filesize
120KB
MD5cafe1183126e521cffb788c0337e59ee
SHA1857547bf2277368d6935fc7f5efdb71666bc9fea
SHA2565ef64f00dd0bce8e5787f1b071e07dd2d514703ed0e258c616687087f3620add
SHA512c3b4c135516fd05321620e050be3c6f8521b2f2b569f5347c067496ad07e1bae8736cb4fdf03a46288da1e4087ba88f684221dd141273b9a0acbd7d114f32a98
-
Filesize
507B
MD56d0e849b0647746facd7c73f03b4d366
SHA13138201a6608428b922bd86168b51cf80615bc91
SHA256c2f229ba47f29fccb6d35a908e887bf97e9e87cdb1110e855d5caa39571e5d72
SHA5123839589f64141ba269f95e2726dd040ee09b6c9c09f5765dcdba847b02f68fa000b588a272f17e73ac42e81b3bb154535dc20da6dce0682b4b3a1ac2daada86a
-
Filesize
399KB
MD58c535860a3e930693bcd0b3208420543
SHA17c43801272b18ac958e6099567d37bd93150109b
SHA2568babcbeaab9bb7b31e4c7bf6ac9493ee5ce154bfb46cbbec9c5b7744bc799b91
SHA5121fbfea733375df9c4cf737544e73f3216608a5c50443f480ee24705f0a0e4f21cc88b8c1f00badd9716c67ebe31a351890b72eafde784cdd46e5a5533b3690ce
-
Filesize
36KB
MD5d74a8bbc4a6ac85068307705d70ef618
SHA1a03f4e31733e1bb0ca82ad051bbc49b025fc9bfa
SHA2569c77c88900a7145cd1501d99e706623fc7844cf7d6507b54563108639afd05b2
SHA512160a5c72dd5fad01ee76dd6c95389e6395a26e198cbd36c12051dccbc54f4923542f07c24c7fae4cb141f4d9470f105fb8c310aad97ca845a082d5fc900acbd3
-
Filesize
37KB
MD5ed41233d972ce51739bde1ce338f63d2
SHA15d61560d30de215349d7f01fec663f22de95dcc0
SHA25674a3892c6caa6f95513619cb47c853b3327c4afc837b54c4174defbb8dee3e90
SHA51243d02b63bed6c1ff825ad196bd8ac3d1e6a20be257f5beb1dc505f6b8bb85f29879c3a447f5438eb14ec55a4f7d52c62c88e258ae82b123e192717f226bb848f
-
C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition.lnk
Filesize1KB
MD5d42f98173f80e3c8c53ed57c2f559e2c
SHA11820360c266fcc912b3ff6ad9354224e36ec5f39
SHA25677f0c1ce1a36358b3372d43c84102b426604a7b30dfc4ff055757ff4e803775b
SHA512ff47fd5c495378f8bf171907db7f00cc8cf862ca87e351cca534d3ae82efd3364e7d98e5e285be90f00689efd2822284cf2d7647e3cd1d0fff093f4e10fab231