Analysis

  • max time kernel
    182s
  • max time network
    182s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250113-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    19/01/2025, 18:55

General

  • Target

    https://github.com/XAKEP-1lly/NjRat-0.7D-Green-Edition-by-im523

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

165d6ed988ac1dbec1627a1ca9899d84

Attributes
  • reg_key

    165d6ed988ac1dbec1627a1ca9899d84

  • splitter

    |'|'|

Signatures

  • Njrat family
  • njRAT/Bladabindi

    Widely used RAT written in .NET.

  • Modifies Windows Firewall 2 TTPs 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

  • Uses the VBS compiler for execution 1 TTPs
  • Suspicious use of SetThreadContext 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 52 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 39 IoCs
  • Suspicious use of SendNotifyMessage 27 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/XAKEP-1lly/NjRat-0.7D-Green-Edition-by-im523
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:380
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffe4549cc40,0x7ffe4549cc4c,0x7ffe4549cc58
      2⤵
        PID:656
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1992 /prefetch:2
        2⤵
          PID:2272
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1556,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2080 /prefetch:3
          2⤵
            PID:2620
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2472 /prefetch:8
            2⤵
              PID:5068
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3180 /prefetch:1
              2⤵
                PID:3496
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3208 /prefetch:1
                2⤵
                  PID:3208
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4484 /prefetch:8
                  2⤵
                    PID:3288
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4464,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5100 /prefetch:8
                    2⤵
                      PID:1600
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=500,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5312 /prefetch:8
                      2⤵
                        PID:1332
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5196,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5280 /prefetch:8
                        2⤵
                          PID:2784
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5192,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5116 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1660
                      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                        1⤵
                          PID:1356
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                          1⤵
                            PID:1472
                          • C:\Windows\System32\rundll32.exe
                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                            1⤵
                              PID:1708
                            • C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe
                              "C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe"
                              1⤵
                              • System Location Discovery: System Language Discovery
                              • Modifies registry class
                              • Suspicious behavior: GetForegroundWindowSpam
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SendNotifyMessage
                              • Suspicious use of SetWindowsHookEx
                              PID:1140
                              • C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
                                "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /alignment=512 /QUIET "C:\Users\Admin\AppData\Local\Temp\stub.il" /output:"C:\Users\Admin\Desktop\Server.exe"
                                2⤵
                                • System Location Discovery: System Language Discovery
                                PID:3632
                            • C:\Windows\system32\AUDIODG.EXE
                              C:\Windows\system32\AUDIODG.EXE 0x458 0x414
                              1⤵
                              • Suspicious use of AdjustPrivilegeToken
                              PID:2432
                            • C:\Users\Admin\Desktop\Server.exe
                              "C:\Users\Admin\Desktop\Server.exe"
                              1⤵
                              • Executes dropped EXE
                              • Suspicious use of SetThreadContext
                              • System Location Discovery: System Language Discovery
                              PID:4760
                              • C:\Windows\SysWOW64\netsh.exe
                                netsh firewall add allowedprogram "C:\Users\Admin\Desktop\Server.exe" "Server.exe" ENABLE
                                2⤵
                                • Modifies Windows Firewall
                                • Event Triggered Execution: Netsh Helper DLL
                                • System Location Discovery: System Language Discovery
                                PID:3884
                              • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" -f "C:\Users\Admin\AppData\Local\Temp\2843391"
                                2⤵
                                  PID:4984

                              Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      1KB

                                      MD5

                                      53f3e1044ebf98cf003b428cd43282a2

                                      SHA1

                                      370d8bfff82068d589bd1841a3cc95d7f5ac346b

                                      SHA256

                                      ab48f479d1e0ece1ba1bc890561dd0eae209f3d21c4c35202bb1a90e0520b2ea

                                      SHA512

                                      ede05ec5dd7d359c01f0b8ef122106b2cd666c449394ed1a69d28c5a1be9d54e202d417b876d449eff83f7bde5335b9d16e598affa266694f0854ac48a7923d2

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                      Filesize

                                      2KB

                                      MD5

                                      91162e237eab471d68504e6f6501eb08

                                      SHA1

                                      b2be4aaf59629d53e6441695140ed8a80f3b9015

                                      SHA256

                                      1de06b54c16cc86456204a229e8e9aeae943f07994e5409b88e22915e3a2197b

                                      SHA512

                                      b5662ddfa994af5748668142a5f496a4f98b6988385ff09c61ded5d18c62652f56a105c03a8b740ccf7ec05f896b62f28a7c0a898cf21af67c27c981d61f703a

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                      Filesize

                                      2B

                                      MD5

                                      d751713988987e9331980363e24189ce

                                      SHA1

                                      97d170e1550eee4afc0af065b78cda302a97674c

                                      SHA256

                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                      SHA512

                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      1KB

                                      MD5

                                      1089d7963d01898c730f1f2d531e690d

                                      SHA1

                                      9fb72f3a41dda3136c467fca9a0c86395df1d71a

                                      SHA256

                                      d0e49c1abba435a4c649170062fff847a0572f5f81795ade762558a1329bc286

                                      SHA512

                                      b348e6c3c26476b63a6b2ad0b15dade394b12e28e01ae1dccd95414c388e8516afe07c1b8b3b442f04e599d745aaa6ed32b5bf8cea1a050f4fc87f376c7f5564

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      1KB

                                      MD5

                                      d80f4675d723418eae2181fb4f48b4a8

                                      SHA1

                                      4d013f1fc0900e6874b67cce022207c420a1fb9c

                                      SHA256

                                      319d39ba832a12667bc4f6aaaad825bbd291a23186082f08c94ebaec9fdd405f

                                      SHA512

                                      972a7196300d260efb8325560d228d6a7557959de194d3e26187f387d6ccea9db8f89c3e817c664fef6adfced702ef3d498bf55c2baa8d58963922d200ac80fa

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      1KB

                                      MD5

                                      0b235aff613e851654834eaa9784dd2d

                                      SHA1

                                      5661f1b3cb92af9ebd38455e06e053bcc6c704b0

                                      SHA256

                                      8096e55379ed47d7d398771467cefbc5c0f581ec5155419ae76d3ec8851e3c90

                                      SHA512

                                      006cf8ab621feae7ca321cc6fdeeb79ae1476f308268d10bb11847d818cf827af279420d45374647f6451f10725c198f0612cea357b9956057da9c7372ab97f2

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      775cf807de1aac4e25d8164d98d05f34

                                      SHA1

                                      18b1dc3f8e28e5a7f3a2c3ee88c78d1255e86bb8

                                      SHA256

                                      c47848e2f6a26286fcc8be5b40dc6f77870bdabfb27662085de792c7cb44e3bc

                                      SHA512

                                      a5bab9bc65c393b93cf5736f541b4948045ba28897068d68a4cf9306485416f1d8bcf4d2104bfc20bfdd12f045c0eb21dd0ae01738f29c5f9ee9fd35543d58c6

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      40db0f6490312ef78548acd85a26ea92

                                      SHA1

                                      8b178fec0167e1ec9d77aa23f2180432a32bfcd8

                                      SHA256

                                      703f4292eb274608893726291b310833babc5f46b5e413f3179771ff3ee0e477

                                      SHA512

                                      c0dc59804bf431c4c2b3ba899e322b06b585e7a2307367150a59dddd8d34dba7fac905dd4cbf3dd0f777f4ac98b8ea6337424be8baee263f271a24d28f828cff

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      4ba9da65f68b4c8f8996bd095c9164c6

                                      SHA1

                                      cc179e71f2516839f7bd61904f28d6afa71daf8f

                                      SHA256

                                      6059256ba3995fd968e5d0766b406ac51eeadf7876395affbe46fe7ab6a60f79

                                      SHA512

                                      25d7a5a33fd9df4a06d9c2787aebd8aea36b127b29539d364b5bc262ecf10600bd035fa2cf710e68dd6735fb87704261e286cc87634136da2b7e15a25436ec33

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      aa62d3fcb2e97a355998f12940e0c907

                                      SHA1

                                      f2c9f7ded746a6f543741ef402033227341246d6

                                      SHA256

                                      d62ca9d94f5c7394aeaa2517017c2a2c40efe85a4db15306f081be0084b8a09e

                                      SHA512

                                      eb3b5f80718e112134b0f770742137a301b4dd56603bf0238b46ebe160e363fbf1e06a2a380d2e94b6ad84b731ca3c6e5b4712058696f96485f458416eb1f430

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      369cb973048b09d64725664d3d08de4b

                                      SHA1

                                      c3d4800b4767629aeac4cb90b6c745c5eee3703c

                                      SHA256

                                      3695aaf4fb56148c2fade3b14e643f00b287e67c608d95af8e1e492407e84ddc

                                      SHA512

                                      4c9249240ff3fe8f8bfe4c7c7c9e1fc7267659ec3c8c167145ab2716341e45655aad9469ff6c601d051458c78dee55a51685bf871ef4cb8e3ed7df18399a8683

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      f687329ca07a8394d64bf0f57cdea59c

                                      SHA1

                                      08f0f725b69c2fa5ab08dfe35e0c0b7218225d3b

                                      SHA256

                                      3f9148e53a61f2cf2110b333d9e85d750b9e278eaa5a2931f3c514a8d5eb4cb9

                                      SHA512

                                      ccdd6018bbad62ede7cd6d7f158a21e19e78c2cafa3d454529d9938a0dd3b9e2c44e640e0f8d2ffa5899515f320b67cf2df37082d60c37899401d498eba55c05

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      a3dd2e8c00fe12421c2707b5ffdbe878

                                      SHA1

                                      1eb9f88a03d7359b7b38a3f90a02a12e46417e30

                                      SHA256

                                      fd86c68ee5be4f437b5bd9ff81157f430750aa8241cbf58ff3331679adc4d01e

                                      SHA512

                                      d512a2a4151266503032d97366efb8ffc8fdde05ed2bf1ddffd89b994c2243fc82c68a089544265498ccc66b942a5c4c473f1cc638d288bafedbcaf3146381be

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      8a371a913276617a52f0b4605e4e5aec

                                      SHA1

                                      a876307525ffe03e8695930b7e98254eb1efbb03

                                      SHA256

                                      e01bacec841da5123d8afd2aeb01242af05e02d8d7454b43a434028a1dd1a271

                                      SHA512

                                      ee84ff4566892c201d7a9b352c4dc6d9bb0548b7e04b9360329003f0c07df53e4b3cb261b3fda28ec6efbdf4779023e491958b1827ac93026252ab094442f83a

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      4b5ca13b9fed79dc54ffad8a6e60018d

                                      SHA1

                                      04a59a243ca291fdb6d7f4442ff2319bb0dad0d0

                                      SHA256

                                      9758e48a225f2e534b160ea8f547a655a0ac151937198cd80f715588c4486c0d

                                      SHA512

                                      ebaca5867c1261731a1ddc5971b65461c50e55b214430822d20da73192d8754ab72d1e48eeb5d9ff7ebbbe2703a32c3dd9f10dc585a9f57fabed67e6aa69f563

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      5dc60b1e6b6555fcd493f157abd4e267

                                      SHA1

                                      5a06b5798ab95856489bab502dfc1a3820c4822b

                                      SHA256

                                      451e7bb9c9b3a798d0d99941d2764670c51a170503b6131717e908396bca9b9a

                                      SHA512

                                      0e9f9f294f80df45fa4106fe04de65115c69ab00cae3276c8f657417762c24c9467343daa33396a5b811360c3477874fe0d0ba4e24649ac485c5ddca8d177661

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      5ad665bb26a46b7a3c8c341f80e7811a

                                      SHA1

                                      649f843449a13c66d4647382f1c6b3d64b719b4b

                                      SHA256

                                      3cb43b7cbc2dc1a6777ae7cc8fa6d79598dc3d02398684aef1dd4d2e1307ab7a

                                      SHA512

                                      fdf23296733fc6d8f14b71b51fc99c636c59364c6adad70cb68ba0ac9028eba8e0964d8d5546d97cd10cf1f4a9c8ba389217ec88228b8ef3ab88b26da2e7af34

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      e07efb329431efbaae7a8cdd80de0732

                                      SHA1

                                      fd120ee00004a5b1965aedc2460ebb41c6b22b57

                                      SHA256

                                      09c5075af4c43b1f2c4bb11ec2f361fac7e9908e9ea1e74c509fe7b60a17b6e8

                                      SHA512

                                      658d0d4b0ee80405e65826539be837df43142aa24366c375e8c4ebd964ceec873255babccb741eb3bfc2ea4ab686dda598a9ada5677793b47bfd0017075a695e

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      120KB

                                      MD5

                                      a19973cb6826c406cd2b18b5780f5f15

                                      SHA1

                                      b4278946e6cb86353ee74889cbd4507cb610c10b

                                      SHA256

                                      4ad7a9a45a4e073291c91d948e5d5ca7eee37b95a3db145a78e1fc2d773832dc

                                      SHA512

                                      e226473e405ee5a486cda22f1c687e70e1cf59552b6b398ccb414202a8eddba8b272e8ea7e5bd632849c1de3e5cff7c7a4745010204ebf47434cb3d8e7f8e892

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      120KB

                                      MD5

                                      1a5c4bd279aab207525a8ce7607ddd96

                                      SHA1

                                      09fb03c8b4080b5f43556b7653726d38761f6abc

                                      SHA256

                                      a9796cc861b052b810f1d21bb57ca430058c3806bd17d22830ef33587249ee7a

                                      SHA512

                                      0ca0c6327373e1c6bc770cc3d2981803e710fef9d6ecd49752b8ff2c876e26cb316551b45a7e643ad42be1461ebb6b61e6fd993c1970a093527a6ed313ca5ca0

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      120KB

                                      MD5

                                      4a711095cbf23a1899e862d9709f94f0

                                      SHA1

                                      d02b0472e6d617826e01f57ea042c65851659249

                                      SHA256

                                      d42d6bfff768b1061f805f4f6048a99897757b34fa79a832eef0bf8479f5b688

                                      SHA512

                                      34e6d015abba01ed0853ee0f14a601cbe12179a2bdafb28da28e02c72ad6e9e33cae802f38c278073931a972927596fc7283cb0d075aa41009e60d00faef6885

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      217KB

                                      MD5

                                      6cf8c99950e9c3dec9267e01b86fcfa6

                                      SHA1

                                      46fd037d8ef024d8fb364ed41fc1b47d04e964d2

                                      SHA256

                                      f99724000d993631080f48b25438cc71aa1e032fe048d2df530af96b5d438904

                                      SHA512

                                      bb54871bd953f50500d49e6691e6bfe727d6768cde9db74567e7d9493947bb6f54f7ed45cda64e5f788f82ac14b26f3305f1a4ea03d788b6d06f582740b2ce21

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      120KB

                                      MD5

                                      cafe1183126e521cffb788c0337e59ee

                                      SHA1

                                      857547bf2277368d6935fc7f5efdb71666bc9fea

                                      SHA256

                                      5ef64f00dd0bce8e5787f1b071e07dd2d514703ed0e258c616687087f3620add

                                      SHA512

                                      c3b4c135516fd05321620e050be3c6f8521b2f2b569f5347c067496ad07e1bae8736cb4fdf03a46288da1e4087ba88f684221dd141273b9a0acbd7d114f32a98

                                    • C:\Users\Admin\AppData\Local\Temp\2843391

                                      Filesize

                                      507B

                                      MD5

                                      6d0e849b0647746facd7c73f03b4d366

                                      SHA1

                                      3138201a6608428b922bd86168b51cf80615bc91

                                      SHA256

                                      c2f229ba47f29fccb6d35a908e887bf97e9e87cdb1110e855d5caa39571e5d72

                                      SHA512

                                      3839589f64141ba269f95e2726dd040ee09b6c9c09f5765dcdba847b02f68fa000b588a272f17e73ac42e81b3bb154535dc20da6dce0682b4b3a1ac2daada86a

                                    • C:\Users\Admin\AppData\Local\Temp\stub.il

                                      Filesize

                                      399KB

                                      MD5

                                      8c535860a3e930693bcd0b3208420543

                                      SHA1

                                      7c43801272b18ac958e6099567d37bd93150109b

                                      SHA256

                                      8babcbeaab9bb7b31e4c7bf6ac9493ee5ce154bfb46cbbec9c5b7744bc799b91

                                      SHA512

                                      1fbfea733375df9c4cf737544e73f3216608a5c50443f480ee24705f0a0e4f21cc88b8c1f00badd9716c67ebe31a351890b72eafde784cdd46e5a5533b3690ce

                                    • C:\Users\Admin\Desktop\Server.exe

                                      Filesize

                                      36KB

                                      MD5

                                      d74a8bbc4a6ac85068307705d70ef618

                                      SHA1

                                      a03f4e31733e1bb0ca82ad051bbc49b025fc9bfa

                                      SHA256

                                      9c77c88900a7145cd1501d99e706623fc7844cf7d6507b54563108639afd05b2

                                      SHA512

                                      160a5c72dd5fad01ee76dd6c95389e6395a26e198cbd36c12051dccbc54f4923542f07c24c7fae4cb141f4d9470f105fb8c310aad97ca845a082d5fc900acbd3

                                    • C:\Users\Admin\Desktop\Server.exe

                                      Filesize

                                      37KB

                                      MD5

                                      ed41233d972ce51739bde1ce338f63d2

                                      SHA1

                                      5d61560d30de215349d7f01fec663f22de95dcc0

                                      SHA256

                                      74a3892c6caa6f95513619cb47c853b3327c4afc837b54c4174defbb8dee3e90

                                      SHA512

                                      43d02b63bed6c1ff825ad196bd8ac3d1e6a20be257f5beb1dc505f6b8bb85f29879c3a447f5438eb14ec55a4f7d52c62c88e258ae82b123e192717f226bb848f

                                    • C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition.lnk

                                      Filesize

                                      1KB

                                      MD5

                                      d42f98173f80e3c8c53ed57c2f559e2c

                                      SHA1

                                      1820360c266fcc912b3ff6ad9354224e36ec5f39

                                      SHA256

                                      77f0c1ce1a36358b3372d43c84102b426604a7b30dfc4ff055757ff4e803775b

                                      SHA512

                                      ff47fd5c495378f8bf171907db7f00cc8cf862ca87e351cca534d3ae82efd3364e7d98e5e285be90f00689efd2822284cf2d7647e3cd1d0fff093f4e10fab231

                                    • memory/1140-199-0x0000000074E70000-0x0000000075421000-memory.dmp

                                      Filesize

                                      5.7MB

                                    • memory/1140-206-0x0000000074E70000-0x0000000075421000-memory.dmp

                                      Filesize

                                      5.7MB

                                    • memory/1140-201-0x0000000074E70000-0x0000000075421000-memory.dmp

                                      Filesize

                                      5.7MB

                                    • memory/1140-200-0x0000000074E70000-0x0000000075421000-memory.dmp

                                      Filesize

                                      5.7MB

                                    • memory/1140-205-0x0000000074E70000-0x0000000075421000-memory.dmp

                                      Filesize

                                      5.7MB

                                    • memory/1140-198-0x0000000074E70000-0x0000000075421000-memory.dmp

                                      Filesize

                                      5.7MB

                                    • memory/1140-197-0x0000000074E72000-0x0000000074E73000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/1140-204-0x0000000074E72000-0x0000000074E73000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/1140-208-0x0000000074E70000-0x0000000075421000-memory.dmp

                                      Filesize

                                      5.7MB

                                    • memory/1140-207-0x0000000074E70000-0x0000000075421000-memory.dmp

                                      Filesize

                                      5.7MB

                                    • memory/4984-354-0x0000000000400000-0x0000000000472000-memory.dmp

                                      Filesize

                                      456KB

                                    • memory/4984-358-0x0000000000400000-0x0000000000472000-memory.dmp

                                      Filesize

                                      456KB

                                    • memory/4984-356-0x0000000000400000-0x0000000000472000-memory.dmp

                                      Filesize

                                      456KB

                                    • memory/4984-355-0x0000000000400000-0x0000000000472000-memory.dmp

                                      Filesize

                                      456KB