NRMW is a tool for generating Ransomeware in MS Word. It drops vba source files,when the src is included to a doc it gets executed on closing word Payloads are the following: -Download files via FTP -set new password for active document -set new admin password -open url to a predefined site(maybe a phishing site...) -drop 1 of 3 Rootkits -encrypt active document i would thank SlageHammer for providing files and ideas for the Kit. !!!!!!!!!!!!!!!!! You will find the RCK in the binary dir. !!!!!!!!!!!!!!!!!