Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://workupload.c...

windows10-ltsc 2021-x64

Analysis

  • max time kernel
    202s
  • max time network
    203s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250217-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    01/03/2025, 16:59

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    https://workupload.com/file/RVk2Ux6Lu3A

Score
10/10
njrathackeddefense_evasiondiscoverypersistenceprivilege_escalationtrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:5552
Mutex

90cdc4299e3838b5249c33e1c7a2dd25

Attributes
  • reg_key

    90cdc4299e3838b5249c33e1c7a2dd25

  • splitter

    |'|'|

Signatures

  • Njrat family
    njrat
  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Modifies Windows Firewall 2 TTPs 1 IoCs
    defense_evasion
  • Executes dropped EXE 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 25 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 28 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://workupload.com/file/RVk2Ux6Lu3A
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4012
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffc51ec46f8,0x7ffc51ec4708,0x7ffc51ec4718
      2⤵
        PID:2248
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11444120957095453876,13473184424937471742,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
        2⤵
          PID:2432
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11444120957095453876,13473184424937471742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1656
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11444120957095453876,13473184424937471742,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
          2⤵
            PID:2436
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11444120957095453876,13473184424937471742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
            2⤵
              PID:3084
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11444120957095453876,13473184424937471742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
              2⤵
                PID:1960
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11444120957095453876,13473184424937471742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
                2⤵
                  PID:712
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11444120957095453876,13473184424937471742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:776
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11444120957095453876,13473184424937471742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
                  2⤵
                    PID:4064
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11444120957095453876,13473184424937471742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
                    2⤵
                      PID:1780
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11444120957095453876,13473184424937471742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
                      2⤵
                        PID:4360
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11444120957095453876,13473184424937471742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
                        2⤵
                          PID:5020
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11444120957095453876,13473184424937471742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
                          2⤵
                            PID:1740
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,11444120957095453876,13473184424937471742,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3492 /prefetch:8
                            2⤵
                              PID:1916
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11444120957095453876,13473184424937471742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
                              2⤵
                                PID:2440
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,11444120957095453876,13473184424937471742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:700
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11444120957095453876,13473184424937471742,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6272 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1156
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11444120957095453876,13473184424937471742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
                                2⤵
                                  PID:2688
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11444120957095453876,13473184424937471742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
                                  2⤵
                                    PID:3412
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:3220
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:4024
                                    • C:\Windows\System32\rundll32.exe
                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                      1⤵
                                        PID:768
                                      • C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe
                                        "C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe"
                                        1⤵
                                        • System Location Discovery: System Language Discovery
                                        • Modifies registry class
                                        • Suspicious use of SendNotifyMessage
                                        • Suspicious use of SetWindowsHookEx
                                        PID:3596
                                        • C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
                                          "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /alignment=512 /QUIET "C:\Users\Admin\AppData\Local\Temp\stub.il" /output:"C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\Server.exe"
                                          2⤵
                                          • System Location Discovery: System Language Discovery
                                          PID:2148
                                      • C:\Windows\system32\AUDIODG.EXE
                                        C:\Windows\system32\AUDIODG.EXE 0x308 0x48c
                                        1⤵
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:3832
                                      • C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\Server.exe
                                        "C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\Server.exe"
                                        1⤵
                                        • Executes dropped EXE
                                        • System Location Discovery: System Language Discovery
                                        • Suspicious behavior: GetForegroundWindowSpam
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:3136
                                        • C:\Windows\SysWOW64\netsh.exe
                                          netsh firewall add allowedprogram "C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\Server.exe" "Server.exe" ENABLE
                                          2⤵
                                          • Modifies Windows Firewall
                                          • Event Triggered Execution: Netsh Helper DLL
                                          • System Location Discovery: System Language Discovery
                                          PID:3704
                                        • C:\Windows\SysWOW64\Shutdown.exe
                                          Shutdown -s
                                          2⤵
                                          • System Location Discovery: System Language Discovery
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:1800
                                      • C:\Windows\system32\LogonUI.exe
                                        "LogonUI.exe" /flags:0x4 /state0:0xa39c6855 /state1:0x41c64e6d
                                        1⤵
                                        • Modifies data under HKEY_USERS
                                        • Suspicious use of SetWindowsHookEx
                                        PID:5076
                                      • C:\Windows\System32\rundll32.exe
                                        C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                                        1⤵
                                          PID:4748

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          152B

                                          MD5

                                          c7783bea48a89e9a6f765d71cbc99692

                                          SHA1

                                          04440c5f8204e907041247319e7e1c967a465c18

                                          SHA256

                                          07666a388a81a4dab32d818c75a7d2ba982b7461c5ec8e0ce804897f3d022066

                                          SHA512

                                          a793cce705636200e9d1c9ce85b6a90a4a98d1e59c748009d355ff686ecd245358f1da8336b63740bef4900ed2a304064236f8e1ed65dcc9f36a5bb99e5b9579

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4f5b8caa-a438-41bd-b74b-eb1ba9687df1.tmp
                                          Filesize

                                          24KB

                                          MD5

                                          53cd489ae1b50ccf71f8a9f52504057f

                                          SHA1

                                          6fb31ee24b93612e214f101ba598dd94ed446593

                                          SHA256

                                          c0644967d5d5656a1361d012776c8e43e9c3cf7d7f0f49e4e844833101dfe8ef

                                          SHA512

                                          6804d9d9034a25c2b6ece549380100f0c3886e57885ab9a36380e0c143bfa74746873d3f023e5683f3de6d22c876048c8b3ace399bf7b86a350f9dd7bd3ff60a

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
                                          Filesize

                                          144B

                                          MD5

                                          c4782f230201d6226ce0213b440dec57

                                          SHA1

                                          2c14bc747fe0d0b10646728c5d331309a6b43d14

                                          SHA256

                                          d40cb4e54345cc3b183a1ab1e537f70723d300eb85af67be6161066b7e536865

                                          SHA512

                                          ad0665752e1084aac0c88487d9d9a4968e646867dac742ca812a40adaa8e53eba31fbe814791db6d308eaf2edd8ee1880176b0657c76cc66f0b010334dea12be

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                          Filesize

                                          168B

                                          MD5

                                          a3f7ffb5aea9824c51b439d1095448d1

                                          SHA1

                                          42b75307a456f047e83023f5e7a174ce637440ee

                                          SHA256

                                          aa845f23eb067fd34b264401325b3b1d0f84cd5ec99637261f44c1a4a8533555

                                          SHA512

                                          47bc5c0a99e49b74aaba56b63f5bb7fd2951e2d7c5c2efa24c285d78cabb6ccab808e6c631f7d3df5cfce14148f2011838226a6377ffd635c5e1364539d028ac

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                          Filesize

                                          111B

                                          MD5

                                          285252a2f6327d41eab203dc2f402c67

                                          SHA1

                                          acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                          SHA256

                                          5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                          SHA512

                                          11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          5KB

                                          MD5

                                          16b57b4a106def8c74cd9228fb820a97

                                          SHA1

                                          cce91517554ebe16b66a6aeb7749f6bee8f6e3c4

                                          SHA256

                                          5f5ca8200da76fdcb5d0d5cf057442c9c0cbc25e6d8724aaa548e86d9bc87d21

                                          SHA512

                                          047b1c5fb7f29b830930705eb125ec55315b0d4750f1c698a574e5d9de5d3a463d09eca3274e62bf132d2bed5eb0536fea2058fea2a9dc5d8994920ec6c858d3

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          6KB

                                          MD5

                                          8d8df9511c0c43bd9dc8d2007a9adb7e

                                          SHA1

                                          dc5b722a7168369f44dc32bac7cf20e1631670b6

                                          SHA256

                                          0fba76bce063660febe865d0700f4301b94dc6d1eec40ded19ec8c7d5cd82496

                                          SHA512

                                          77f662e0dbfa02570a95ebf5887cb5470ffabb71e067db969d56b3ece814dcb2058a152c7d461799a561c274ab98118e3a9fdcf7ce62b464c2fd91e6bfa46624

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          5KB

                                          MD5

                                          96eeebf717ac4441eecf94267b67a651

                                          SHA1

                                          b09498cec935103815f8d0eba89ce315b52b6c19

                                          SHA256

                                          d76290768f3c47c7bec085ec735119e369c8b1ad6310957a0536959c36451e94

                                          SHA512

                                          18ee91b8194b6c0a4dc4f68a5b29da1548e73648b442b023c51038faeb7da8d5004e49dfb66d58323767055481c78cb12bb6ca62f8d1991111bef41c58276eef

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          6KB

                                          MD5

                                          b554ccc3e92c30c6d83425b9089e1c41

                                          SHA1

                                          45378c0c1ea85c9b6133caf6b6b72c46dc6e08f5

                                          SHA256

                                          daf8fd5eb82f15f8d95fe9e484739712eb41824c47e9a50cc784f60b74932767

                                          SHA512

                                          f7e48e3a3abf15bc4a92e13cf3918b58fcfed2a35bd3d7f4a28394a9fc3c6b536ff7eeca7b9f20e41f8330763538ecce38f9c3e477589ce75cf541d5e0bbc57a

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                          Filesize

                                          16B

                                          MD5

                                          6752a1d65b201c13b62ea44016eb221f

                                          SHA1

                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                          SHA256

                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                          SHA512

                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          11KB

                                          MD5

                                          6b6cf924bc2d32ae548cf2abb4d80bc6

                                          SHA1

                                          10fb1b62c25159ac0073ca5c96b8e25be5a6d2e8

                                          SHA256

                                          475fec9593612de71d7f3ab4a8fcca59f64d69eca6233d6e9597082aabbbdfab

                                          SHA512

                                          0e1accb568d115ad8faca63e20b0c0b40f4e7bdee690e606b13867fac6191a90504e76c1c1406ee75d22f286dea7b1f56b45e353f033ec5925693e47b6fe4f50

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          10KB

                                          MD5

                                          a6c2f1a06e557adbdcb2022f995f3e86

                                          SHA1

                                          1a0c95fcde747bc59c286acb8b2d56bd25978366

                                          SHA256

                                          d1d94221a034f233e97b881f483f3d3f7d4959347414a56c04c3d35a7b1d1475

                                          SHA512

                                          52b17fedce6cbeabc22e5a7f9525f9e2ccdb10e221538c24cf4316483664c1267e63aae778cfe8dbea83a25a20a2ac88b312359a31ef8ceb0c46bd9ff21d3034

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          10KB

                                          MD5

                                          e5c4234956ee832af6367023c551e199

                                          SHA1

                                          6d93da0730e8e42b3553789da06aa233ea8f2e0b

                                          SHA256

                                          7a853db786cda3cf67490b599486d76db38b2ca37324e03a64fc931b8cbb3bb6

                                          SHA512

                                          ce99f6538fd772ab26cc997ac2afc95417d6f59adec9e46132e1d84a1c82ba79205e548b5fb61bd772381cd70d17075367e243c34c9dad367e40467a02e32610

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          10KB

                                          MD5

                                          f3bb82956b71962583262507209cf6cd

                                          SHA1

                                          a0b4aeab1c1fc8c5fb7d6e9b4b4d7d29340bc535

                                          SHA256

                                          3e4bb886ea3b8078ff934b84dd0bf3f96ff74e81c6dcb9ef674177258ec454e7

                                          SHA512

                                          ee0516dd0813068e81aec82ae0818b4beb65eb4bdb148da22e9ac685925353343fc04753f8cbfd68dbaff98dad0bfdbb899ce0677f05b20862ce8fc58ee4cb4c

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Temp\stub.il
                                          Filesize

                                          1.2MB

                                          MD5

                                          becb6303daca0596aa6f1f7cf75d87cf

                                          SHA1

                                          52d6d8b1f85c5b26674309605938d998b8e98005

                                          SHA256

                                          7d7faffafbd91aa09bb2328badbd3f350841522678af0008740d2f5059ca5a8a

                                          SHA512

                                          c5ebc6fc57da45f14a269f82a53043c36437b8c74c286c8d6af19910f16ab761b50014fb58b3051981a3c91cb38d8215ddf1161de684d2c8aeb7ee8b6843a714

                                          Download Submit

                                        • C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\Server.exe
                                          Filesize

                                          93KB

                                          MD5

                                          72c6943fdf1522f99a598c19261bd6e2

                                          SHA1

                                          df85c4a95645244ff1d33b7aac55ff2a870e54ab

                                          SHA256

                                          b4d31e26c80ceb74ea734ed9b3520709ded615bbf864462bec5df2bd12d2e09d

                                          SHA512

                                          0313b64ad570ffad9c5fcdf9ab24a3d68a2497ac5dda785072f62bd662a757103cd729f2015b514d0688103b6e538f2bc7aa66d58a2a462fc07f17de65c0a63f

                                          Download Submit

                                        • C:\Users\Admin\Downloads\Unconfirmed 466785.crdownload
                                          Filesize

                                          15.5MB

                                          MD5

                                          3f718345aab7d78e3e26f0f0fd34d7f5

                                          SHA1

                                          f5315671a2ebb572ed22f6233d09038daa426df1

                                          SHA256

                                          2385541da9adbcd936229cc8d79c1a5f0055e5ec982366e1d180ec65104879fa

                                          SHA512

                                          9c622cf569004868a613eb21e40e809745069b28d82cf1e22cbe5f06820e2ee7d438bbba5558d02fc5144760f49994f5353cf48073b2593de8970b4a82886a86

                                          Download Submit