njrat | hxxps://github[.]com/simalei/njRAT/releases/tag/v0[.]7D

Analysis

max time kernel
265s
max time network
272s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20-02-2024 22:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/simalei/njRAT/releases/tag/v0.7D

Score

10^/10

njrat mybot evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

127.0.0.1:6522

Mutex

60c28f2ec9c1d3d7f391e11534af955e

Attributes

reg_key
60c28f2ec9c1d3d7f391e11534af955e
splitter
Y262SUCZ4UJJ

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat
Modifies Windows Firewall 2 TTPs 2 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exenetsh.exe

pid process

1408 netsh.exe
5460 netsh.exe
Executes dropped EXE 1 IoCs

Processes:

Client.exe

pid process

2016 Client.exe

pid	process
1408	netsh.exe
5460	netsh.exe

pid	process
2016	Client.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133529421511936952"	chrome.exe

Modifies registry class 64 IoCs

Processes:

chrome.exeNjRat 0.7D.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NjRat 0.7D.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	NjRat 0.7D.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	NjRat 0.7D.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	NjRat 0.7D.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	NjRat 0.7D.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NjRat 0.7D.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	NjRat 0.7D.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	NjRat 0.7D.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	NjRat 0.7D.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	NjRat 0.7D.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	NjRat 0.7D.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NjRat 0.7D.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NjRat 0.7D.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NjRat 0.7D.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NjRat 0.7D.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	NjRat 0.7D.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	NjRat 0.7D.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	NjRat 0.7D.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	NjRat 0.7D.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NjRat 0.7D.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NjRat 0.7D.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000a38f91b6382fda0120009bff452fda01756fe93a4d64da0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

3564 PING.EXE

pid	process
3564	PING.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exemsedge.exemsedge.exeClient.exe

pid	process
1508	chrome.exe
1508	chrome.exe
5436	chrome.exe
5436	chrome.exe
4596	msedge.exe
4596	msedge.exe
1040	msedge.exe
1040	msedge.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe
2016	Client.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

chrome.exe

pid process

4996 chrome.exe

pid	process
4996	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

Processes:

chrome.exemsedge.exe

pid	process
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1040	msedge.exe
1040	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

Processes:

chrome.exeNjRat 0.7D.exemsedge.exe

pid	process
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
4420	NjRat 0.7D.exe
4420	NjRat 0.7D.exe
4420	NjRat 0.7D.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
4420	NjRat 0.7D.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

chrome.exeNjRat 0.7D.exe

pid process

4996 chrome.exe
4420 NjRat 0.7D.exe

pid	process
4996	chrome.exe
4420	NjRat 0.7D.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1508 wrote to memory of 4892	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4892	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4784	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4552	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4552	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe
PID 1508 wrote to memory of 4748	1508	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/simalei/njRAT/releases/tag/v0.7D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa32229758,0x7ffa32229768,0x7ffa32229778
2⤵
PID:4892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:2
2⤵
PID:4784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:8
2⤵
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:8
2⤵
PID:4748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:1652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3328 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:2380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4760 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:3640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5068 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:2020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5252 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:8
2⤵
PID:2700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5384 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:8
2⤵
PID:3540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5520 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:8
2⤵
PID:4888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:8
2⤵
PID:4252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5728 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5948 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:4380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6136 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:1448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6300 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:8
2⤵
PID:4092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6272 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:8
2⤵
PID:1200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6680 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:3280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4776 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:1268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4576 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:1388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4540 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:2096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6072 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:3608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4748 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:3220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6636 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5720 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:8
2⤵
PID:3196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5480 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5432 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:2852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:8
2⤵
PID:228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6080 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:3856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6524 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:3592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4904 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:2560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6068 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:5148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7004 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:5272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7308 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:5368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7868 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:8
2⤵
PID:5772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5896 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:2620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5912 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:8
2⤵
PID:6128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6448 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:8
2⤵
PID:5580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4560 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:4596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7340 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:5788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2792 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:8
2⤵
PID:4696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1780 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:8
2⤵
PID:5116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7288 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:1
2⤵
PID:4780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4628 --field-trial-handle=1632,i,1409077335289377473,11524695014145619092,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5436

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4476

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5988

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x52c 0x534
1⤵
PID:324

C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe
"C:\Users\Admin\Downloads\NjRat.0.7D\NjRat 0.7D.exe"
1⤵
- Modifies registry class
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4420

C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /alignment=512 /QUIET "C:\Users\Admin\AppData\Local\Temp\stub.il" /output:"C:\Users\Admin\Downloads\NjRat.0.7D\Client.exe"
2⤵
PID:5508

C:\Users\Admin\Downloads\NjRat.0.7D\Client.exe
"C:\Users\Admin\Downloads\NjRat.0.7D\Client.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2016

C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\Downloads\NjRat.0.7D\Client.exe" "Client.exe" ENABLE
2⤵
- Modifies Windows Firewall
PID:1408

C:\Windows\SysWOW64\netsh.exe
netsh firewall delete allowedprogram "C:\Users\Admin\Downloads\NjRat.0.7D\Client.exe"
2⤵
- Modifies Windows Firewall
PID:5460

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c ping 0 -n 2 & del "C:\Users\Admin\Downloads\NjRat.0.7D\Client.exe"
2⤵
PID:4736

C:\Windows\SysWOW64\PING.EXE
ping 0 -n 2
3⤵
- Runs ping.exe
PID:3564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa329446f8,0x7ffa32944708,0x7ffa32944718
2⤵
PID:1532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,11552562757750673836,9552496574963664864,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,11552562757750673836,9552496574963664864,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
2⤵
PID:2620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,11552562757750673836,9552496574963664864,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
2⤵
PID:4632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11552562757750673836,9552496574963664864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
2⤵
PID:3552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,11552562757750673836,9552496574963664864,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
2⤵
PID:5436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5196

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Remote System Discovery

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
57KB

MD5
e916c325b7f923c35b35faa70505e9e3

SHA1
789a80d9cbd2b4f1385c0b97ae05fc5938d99a9c

SHA256
408b478855cc69c62e01906c56a951a525300f2e8f06e0b21c1090efeef1d386

SHA512
e1aabe9eaead4e93da785d723b27ae17db24da0a5b59f0c341db10ed80026ccac21463a005ffad1862605e0d49222386b5e1f5c6468d93ef7097e37737f7f91c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048
Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
1dd87e6358e7fcd890a2e46333992153

SHA1
09ad9bedeba8ce2118310f2eeafc913f1a5b5122

SHA256
dbb7a7c717d0b1ddbadcb823c313a8541aea327029b180d1149de7c3a0e694e5

SHA512
6a9c058477703a9a3e69ef1006c8ba6e06d01b8245531953248c3ed6c38f95adf1d2c7c48e2628a6adec0a820076c83dafbb39bb81e2961e739238d684ca430a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
d2b6acdb9c99edd42a8981732f9bee8c

SHA1
71b828ca8b3c36aab8ade1ad111d401502c3c672

SHA256
05410dafa10125ed0014286a7e2fb1bf037b058a5359fb2c7007e0a2ef4ee691

SHA512
4673aa7ea13f867d73d676b5f387cc1dc0313eafaeaa954c8680acb9658397101702da0c02aeed044188495ab89b1ad91aa3ca47dcf26e7c3ecda0dd464e3b79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
cef2dc11fe429cab046b7d1419eef431

SHA1
96d26360af5ac188803b38962730a02665c086a4

SHA256
9e23250b11b01111b4764da6a1c683c92ebb47d8788bf2adea555b19306fcdbd

SHA512
b482203b896c13ab3a093ff02deedda405ae3ab3c2747187b7276c95731d385307d430fb0ab755e385a2f20237b8a8c00be5850082564f1f544c0b20709a225c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
4d27cf28fdc456b639de57ae20ee2a77

SHA1
ee9a9a0fc0705c9c441687c9f3e7f1cfbea6533b

SHA256
11f0475de0e04a4dbcbd9a298971b883ca7d7941db59b8450ffb6840d665cd41

SHA512
f82211808f9fa34f6d0beec548a09d0ba4df6b685d835bbb631f164781edc6f8d27f578bb096be55b966a6ecd29bdd0f3a0b1ecff3c3a008adf8281199624a45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
11KB

MD5
38aa058e5a23618f2aee3f71cc2e0a8c

SHA1
ca9f8d43f687b336bc18786049de9694e9e9d240

SHA256
1295acf58d28239d3c2fdca0d2fb09d5cdb5b44e2107e54ff0c96a4b795fc082

SHA512
5b19071cb48955f4ad255e64351b1a3762977896ebf8ecd0406785dc419eed174cd93f8070194e3922c524efc63ca5e449bf91dcc92342076c8f27b3d0c7d878

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
11KB

MD5
b39f9cb0d6dd6dc04ec22c81527d2c16

SHA1
370fef080c3b563bb1c333b787b84717123ae537

SHA256
bd7fd2debe90fd0a2d4e13e1431271c95def402b6fb9a0f42851e7f38bdfc981

SHA512
a04484dff0a36abfe5598870d37b0de453e18435bbc6ab727f5b136d1f3ad6b2aa70d5b9555f2032f1b9c7d3616e738fda6d567f16b928a50a62609b2fc05f51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
11KB

MD5
ff521e99e54cedc95cb9420f645006c2

SHA1
276926c77cc6b7831e24cac7936b5392e5e8ddb5

SHA256
40662150677466ff3e708a8baaf3a753f0e6266da8f5ac235e1c48293eb74d32

SHA512
dd33356ec985934200ead8bc1c4e2fb30ad20d640c529dcd1d3fb3be5dd4e3b0d69777684d087749668cfded3852c339ba077fbbc47a90f801b2ea3cb1ffc08e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
85a42036594484dc3ab04919b02878a9

SHA1
08934d658396a8e02ba94fb50d2ac9b3f64e1fa4

SHA256
7cd41151f4dc882d017010cb5590f9977d5a553a1cd6efe4c7ad6f224f83fc85

SHA512
a1e4ca8dfc7a27ab3ac8744222b6b1472f8b6c2adef89001afafce6805b317d019de76506fb7950984b6c9485c10792a6f40e0b66b8a736d5048f6f84d036007

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
fda6484c125933525451d32a118ee2b4

SHA1
741edf957b46364acc5289294cc7a525a0a51de2

SHA256
af28cad5e1344aea652dd9c1a6beb126ca7479d9ed3ca9919961ce4b6a2e3e31

SHA512
3e932b44e60e3cbefca19547a8a963e96f12824475f87d871e3be34e02a6515ce099916f54a4a1f4d74ab806972ff5931880b9148c1cb9cc66ca3a3ca3e9fa25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
4ab7b51d41b0171c55a4c9b4bf6c4ac5

SHA1
334e26d2376b43f06629a072a020c2ba4a7294a4

SHA256
731f0ec84ff38f41045a4f3f0cc6c2d2e1a926d7953a990705455292f096f3da

SHA512
a995c24ed4ce154a06c8e6d88942187b3d87ad1d78387bc95bdf5784ff24a34182aa25bb5aa2444b36c4939605d2301e225960a3a81914432b9945069b58f60a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
4f4286f8c9b3f98e07a8057f275513ec

SHA1
d0537eccd06d67ca5e2e56c6c4397364274c9034

SHA256
0ff435d15e4a333fa4ad726e935849ce18bd4bd25d0706b906f608607d3a8fbe

SHA512
a9ca6ad029417208817540a373a9604e548be72d99d01104232e00fc99eeda7a0e4c80c8c9cfa7151c5c486c990eeb7635bb622a3d0ce7149e0a08fa31fc173c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
1fb2566e5e6b0a37968ad262215d0790

SHA1
b29237e292eaee38a42b07f1d889da92cc3414c2

SHA256
595353a9e0bddbc5f6237f6114c448af7675f9d0aa802e5863c2aec01833eb22

SHA512
b4768d178b67b2f9b974027d9c2eacaeec9e412ef8242b982627a12469592317140c97ec959a069fa17bb55dd8c03a887eb16e3ebf262725132d60e8da062b2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
50c8eb225f403f33ffcfb193b6428b01

SHA1
640c5697576729849810f6ff254ff4659f4f9276

SHA256
4598dfb277f372a666e90ffa0f31addc92cce141450de0538a65728390bbcaca

SHA512
2e176433151bb07e48070c2e0c00efa9d1a27c9489ccec1b349743511e0eaf5dda48a5be274969cc1632d3a0ec015b008b36808fcc416749fa0ac8110c8eacfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
497326e36aa5b44496c9bf04d61a12ca

SHA1
e9159d35aa58be9e9ce9b0f05919677ff5b1baa2

SHA256
fe0b900782bfecf63f4ae757b4ee73a07c238efaa94f899a0feb26390ba85930

SHA512
cebcdc77927d3434966e6e5305315dae48b3cd5f20cc9984f4a05ae19678ebfa714550053305288a6dd89f6fa5a93370d70f15719704462a1b9f8016b72e5f7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
f86c1b4c9e514879cb70c1293feeb18e

SHA1
264c2f4261357b737a2a6a355e6cdf38459ba352

SHA256
0c78282362ed3a1a46ed88e6a6f616a1d94e947ace780c8e84fee44568ec75aa

SHA512
ab86c465c768710e3cb0b31347f211a7940b1b6d0f3e13a1d2eb7ead92bcfc7f4027a99ca179620e35b28bfeed52dc026eb98df4c557450865bdf4c8986bc29e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
cfcfc01e4f77a69f48bcd0424c7b8441

SHA1
83a63cb4b8c960f310dd3d9a3deea7026f74a351

SHA256
88da4914fa748836dfd054aa5c94eb60af6d350a699a11a85452a879ca1a9d55

SHA512
aa23335d948bc1f19e56e57a9daebf85e5a2bcfffd0f997c9b585a6d9c073d634659de7312bf9e726be9375c1797f188bc022bf09571029005b116d3495967b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
37e0bb8111fedd2a72d2cce5bd98a0e8

SHA1
c6c0e8c72eca8da1c9d940d5df775ec2685291cc

SHA256
f1c60d862b1e8f173d50ec3bc7bf225a6366fd19857c93de6ca6d909808072b5

SHA512
e9a88f53256dddaa7f40a48b4ba20e12b48e06b8830dc31d56d777ff31241b47dac52f229f00b2005dd9876fd3dc562c73d77014e55c2e33e8e5da4ee207e717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
ffc93ffd7d9db2d95aafcd153cbc3e5d

SHA1
9ea27d8dc7632738c8bf218a55d8f5cd9208ea96

SHA256
e721e57dd35459026bbda15bf93cf3f23fb28117bfd2d8d16b35ad1e8a114b0f

SHA512
50b7f0282a31756f9f2a0da4d35f699c3d168444cd44e1daee8314e592ac87e5a19a3b19d19d33005bcd1bf4b85ffcd1c3ff9c9988286c56c80b0198fdc25199

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1fde24d7201581e0a8fdaa9eaaef9f61

SHA1
fb68c78a40059f365414b7daf0caf29ec862ff86

SHA256
6ea5a13db1f58935fd7690b8b969e07c9c3162c6168706a1092f660cc1cd484a

SHA512
c598173a65bacec05125879495c06a3bac5df71b35ff5eb288cf6c0ac3ac05d84d941c88bcfcef03a153d56340c1bfe208c4b6dbe37fac57a0be4943fb84583e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
7d1f218f8aca1e0a83bc395e298c7db8

SHA1
2cdebb493d657789b849a207f2a5cd76e416a606

SHA256
d1e6ae97fa0b90c01cf5a4ab1a13969e98316a58558b08015463243af502bd9d

SHA512
46fbdd878305cf189d5d0c57bdcd8f67af6e526110ebe8a8a124ea53d9783e353bf9e43ac096582d218af23f228060d1bff4078d9bcb18efe59bb0129a0f5845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0418ff760e063b8c886170a9daf7a4ae

SHA1
a6dce72ea8dd59950056bed940f194e8ab904811

SHA256
277295280d2c3059b22ce33ea1cddabc17c52606a811edc33b021481de18e201

SHA512
86900972407fb73bcc33238c7f7ec6f2ebb4c5a71265ae3dc96028910de60fc59592dcf86d9b8b8322c7b2df561ac692a768c41e3dc8d5e23a4b741baa81f7e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
21f00da95716325393a63756a540b320

SHA1
c26b498f78e83060024ec5e0038169420ccb28b1

SHA256
7fc497b6335bd6e483cd4ab19f153c11f8ef74a02395efb663feefad58e126c7

SHA512
932a5085fe0857fd29cb1c3d0182b7984ab15db79b4105e29593f0fcf22a98a44fd9013a741f8003f3deb97cf2ce387531832321bf0f61bac86c5282d32ab244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
b768bc060050857fe657982c4dcc5b4c

SHA1
e96d930d8e24409f36af0afc7510ab534867cd7a

SHA256
dff7439c70839a23002a904bf60de06cb7d441ec7d44fa35a743fc3c8d6e361d

SHA512
489d7dedf5cfd7245010fc428b8340987f4e578fa2f52f8eb3bf858978d2e165c0d9915e27fdf2a57e7c4948444abe299b127a52a1c05d8cbb6c61c49c4784b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
4ba80a3669510914f868bb5c342f211c

SHA1
9db5743fa9096452f78d0761b00af4d0b564e387

SHA256
ddbeb6dd91c323999393f06a34f1cdab7bfcd6100f0408c1a47979d2d6533fc3

SHA512
4259c03635f564c1a563fb5422432adeba9da8208155476ea7a3553303adacce37a5e95fe03236419d1fc0c1c56689e964fb536cbc9f6df4c86a24f463ec3412

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
74924ef819b3f6ec22972357754d8e9b

SHA1
b602ba4257fbd3ea34a8290b39f67b7bab4fab6b

SHA256
b811a40e15d147ba8017fdac9451099e6e81bab006c22aaa7a595d9967934591

SHA512
7fd1e5a12496dfae35afda98dbe76d2ff640a75125456af92ea027407ec5a30bf246211e7986e3b788bf23d289ef51b1f06d14d4643199215ed686d3dbcaa563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
a6cfe6f86b17a4f46d64deba8008bfef

SHA1
017ed9aee049832e32f6297fd0cb04149fcec664

SHA256
3c4c487c779a75441341a3e352341c0ef7c3da404d3d68903896e10a6d64814e

SHA512
c6e4f80b49bf2bab69ec5c48f1b846e90f9af181df0a55a696127e8df11c482e6d7ca0db1428328f777ee7885b3d415bab535764332386ac845e60d11a932e6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589dd1.TMP
Filesize
48B

MD5
29b4ab5c3523e5eba1e08f4207c2be8f

SHA1
a50c63627048deda2c5039cc02569bad52fcf8b0

SHA256
e36535258fa325fb1767050241a11a7aa39911eb80d5ecbc5a841ff0a2dcf5b0

SHA512
171117951a9edca7a8c051a7eae1854d20681e59fba264c59090227ccd38418970a25819e25bd3488f2f6efe81f0b5af930e14a7225d21f02c13b0b3b8f6bbe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
6fb9b7905852375cc5faf5d6fbe65060

SHA1
0e9aba044bbdf82f9ff782d418ffb22d5d188f99

SHA256
63e4ca8d48ae8cc2178693423a45ea214436b3929439ec711ca64e8623ad8cab

SHA512
1d61094cc57812aa8725dd6b119ca6a6375916e34c5dbc5427d54386a655312a6f6a96b4f488f4c3e38c2aa67c5c155295b941890b5cddb57f4abef590b6e0c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
8dbdc446c96cc17b85b8f7bf2e044320

SHA1
2b95b6cf5537411114d02cb2cfba72e93e79954c

SHA256
c06b7d26da36eb2d4348a28f57fb0fc6adaaab51207d24651e99aa1e584cd814

SHA512
f70516fdcfc3a2ca8a12d6e67c30bdf8bc5eb4d511042a1df7ad85c5c0107c034cebdc49f848d76d0314331d7423b9d93113652f21a271000ce8dc1c0a0b8550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
0b54e3bdb5e6d91d1883d08b248d5feb

SHA1
412fd2a35d200fd0c4958d50f25d4c6d341200fe

SHA256
cea49e609bccc44fbaea973cd0b96187daea2d08b54821873f47c097455ef7b5

SHA512
d7786881f78d96941d66a16ae8b771e5af545ce284e70d0d79faf85608036404df6d7b1f99833ceec23ef5b13b7af3ab39dec97cbf890156998070ed7e931db0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
68fbd7452659f2bd7e591f5a61361752

SHA1
8e9137e1e3481598aa490c5401fbbabebb4e0977

SHA256
6b750db2214549f8f0556e8213fdff3c06626e1991360c2153c8fb4bb037c116

SHA512
19ff2a5eb5a45acff506884e2488abd94fc459c68bca274fa5eedf4a5299c808e6aad703634520ed3d16379698cb72f4324cba44583e9001a493918ade4a1b52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
bd85aaa78a893bdb129b0e1a5f50eda8

SHA1
682ab3f09c443ec71ae7f2c8ce6fdfe3733720cb

SHA256
7175b774c48b5e860be7c229fb2059d20fa863374a04611b77fa6543bd45cad9

SHA512
0d2cf2d7f1a5d608bdbf4e477c1c648189aa8ecd2d6a6e3f63ef32dfbdea96cb3252f534ad207ba69a5fe146f5e709d7d5ee60517596628c40ee812cef88544b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
18d262ff6720b50d45085456a60280bb

SHA1
7160bae0a3eecfa5d2a0b94ff35abd83f122f1ed

SHA256
ea3b2a22c88a108b7f2d3c19f4f28a68f17a03ae619a2d53b0b7044be8766a26

SHA512
31c5a9a376d29ea068ed259cbac86d9d691e253b4a054831e934bd7e537575ef582eba14527746ce595611ddd03f8e00dd65b03cce6fc5728a0190f83c607a05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
110KB

MD5
70b6971ec7a7b14b203d3abf86a46046

SHA1
b14243f8383318a230d6d728d4746a3ff3a9b0c4

SHA256
2ffd01b0356a9ffc9a2590e206dc4c744123184f1fa0487709efebd258f40bd6

SHA512
e35643728455488f091f2b06ce4ed46a62ad7e4198c7f8e8b9d0f0884f9282f51aea6082f6372f9f27872fa2aed1e844f878b61dbbba36b25e32b0dd955730ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
115KB

MD5
058db47ac929201bac0f6f011cd36f02

SHA1
900285cf3fe5ae04a3e4f8943b0ec5c7be98887a

SHA256
751e175ca1000ca93424776bbf9862f2aaf6c3952b07205af6a0c94ab7d2a2ff

SHA512
d7d51cb5103fc3c8ebf30763fd08f0ac0ad1d6e985406aae224101c79d581382bdc3ed6ca79110730655bbd92a09659e42d5e32a89812ed7168c1c1ca895cf7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe590efa.TMP
Filesize
110KB

MD5
7cfead8ec6d2ce2307b98ba746770fac

SHA1
1c26d8f58c17b0cec48492375ea2b63a03f8e03b

SHA256
e042a4060a3f96e889d93c71bc05633bfce6a4a6b72891092cb7ce141b881626

SHA512
97eb94a63768b99a47ca82010b6753bbda52e92d659d01e01ce54707a3ef2e7aefd9fd0a3af1347c5c240917fe4bb5ede59ac23ddb4ec89f58b59b58872a9a7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
a49b4481112f7f07ab07d9948c458c40

SHA1
5371c44d0ba0c6f9d388bfc6e969cec3bbd55b11

SHA256
e6a7bb9bf12eb0acbeb0538948ac456c2099970a22dfa4ae09a0ece860018b15

SHA512
5f19dd0acf54d98c7ad38a32a3d707c785d1cb2fa48dadae32e67da4b604a3646694245c7d18048b08cdcd78eb8e45910ae548f4d151a1e8ee57f50627945839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
206b987dad7598de3e287ba1792f9dab

SHA1
3b0a08e2fe3d458c5d584998998be5e0b904ae63

SHA256
7a045a64e201ea3e684a668cfb172d78e92f9ac80788ac14324fc2bacf9b5581

SHA512
bebb742a60ea38eddc1fd3194c5357010bd201315b7ec646e1ed44eb0dda8f6e1a2117974ad486408db96beea53107777ca66e7e20ed9b3c1b2df9e7c5e90f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
a64030746c8bc273ae66900f2d5296c4

SHA1
82a34c4f33aac41963218eb7336156d630a9d4c4

SHA256
65fade26ff58b27e5b51efae6613efced10d5dddce61475d43286cb9d5accc3f

SHA512
271280c574e7c3bed8b76af6ac5d8f7c3b6f03ce7f9a2ef16a86f46d912d1de79533b5737bb505be1dc23498081291b005ae6c435124717db95566d1e0189477

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
3KB

MD5
f2268adf8d325432d9af2f50b6d6d10e

SHA1
bd8c83bcfc7084f25039d4fd7e6a52375d156bd9

SHA256
e284e8cd39756446166294bf8c3d1948b5ea7d8d4b18951d48f53a4e0905d1a5

SHA512
4619713316d2c24eb18b5ae0ef0db8de93f5b41fee9f1ff88a5134fed5a29566a1243339060f9dc856c913f3ab267699ab48cfba563df1cd74f921036640e1dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\stub.il
Filesize
338KB

MD5
cb94a1f3d924e1e9f7737ea5516c3ceb

SHA1
0ab0c6dc2ac0def2ed64c710d81cfb23e8007356

SHA256
47296718f8989a56b09ebff98db9d9240f5bfd7886985bb64a8fdd17ba006ca5

SHA512
a93b2b801f053bfb12e56c94f43736a5bdc42a3575801d0070e1035981cc47dd54b43b3dd8268b3466bc864a2a58338bc0276b1982adb7b3a7a09c5c399485e0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
14KB

MD5
bc88e6ac56df08f8362150c184c71fee

SHA1
68b09867ced38a9db5220018b85af09d3ab42773

SHA256
55da76ff5a250aa5deedd88f34c2bcaa6f8023e30957683d8ccfaefdf5d869ad

SHA512
cce1f75a845867e942aaaff0b7b0f6814e5fdb905e499193054bd32aaee50247053180ac3668705c50c0d9b883f9af66e43cb68774aa7be7a3d04a7e05f75fc8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
11KB

MD5
5cb325a4d146916b282b4eb606ec66b0

SHA1
6917992972d0da8240352d8faae8cfece5a325dd

SHA256
e8713cb27f9e265b9be3ad66fc3820363277fa275c766746734aa4daad9bc14e

SHA512
6dc255b87f141a73399f5caa78e058095403f4cbf667beb6cd2ff1bee32ef023f7b04c942a52fe84603f904a0b508d4bd0d7161b77baa3f4940371a0f64987f6

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D.zip
Filesize
9.2MB

MD5
6a4984809b0b295b75d8a52095a70f73

SHA1
5b7fd2737d6f7c5541c17704534f7602f7465b8d

SHA256
902576f7f90174513a45bc82796b82c9264a57c82c0c72b7c9bf11e7da6bba96

SHA512
f54954b82b36c57604960c020e5674e413ca61a61111290c1712036d1f00175f1263967c5ce3674c5d28e606d3c06013d0d331faba24a3a1d77bd38429f22a1d

Download Submit
C:\Users\Admin\Downloads\NjRat.0.7D\Client.exe
Filesize
30KB

MD5
f20499434b0382035605e2907873179f

SHA1
bda7eefd03d5c02a7cf9e14e2c65a63c08ce5530

SHA256
f074638965807b672bb8d250d8b64f822fa427625aa9d142a12ad0625a45fa57

SHA512
dd6bdb79613bcb541dec8b353a5f8f335d0ae0909a1ce448bd244f9f17afa5096cda2cb0eb529755d18edaa869f35338e89935632404017e28435dca67c5b22e

Download Submit
\??\pipe\crashpad_1508_HLSZGNMYUPQIVBAL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2016-824-0x00000000751E0000-0x0000000075791000-memory.dmp

Filesize
5.7MB

Download
memory/2016-954-0x00000000751E0000-0x0000000075791000-memory.dmp

Filesize
5.7MB

Download
memory/2016-952-0x0000000001090000-0x00000000010A0000-memory.dmp

Filesize
64KB

Download
memory/2016-950-0x0000000001090000-0x00000000010A0000-memory.dmp

Filesize
64KB

Download
memory/2016-948-0x00000000751E0000-0x0000000075791000-memory.dmp

Filesize
5.7MB

Download
memory/2016-883-0x0000000001090000-0x00000000010A0000-memory.dmp

Filesize
64KB

Download
memory/2016-825-0x00000000751E0000-0x0000000075791000-memory.dmp

Filesize
5.7MB

Download
memory/4420-820-0x0000000001E80000-0x0000000001E90000-memory.dmp

Filesize
64KB

Download
memory/4420-819-0x0000000001E80000-0x0000000001E90000-memory.dmp

Filesize
64KB

Download
memory/4420-826-0x0000000001E80000-0x0000000001E90000-memory.dmp

Filesize
64KB

Download
memory/4420-794-0x0000000001E80000-0x0000000001E90000-memory.dmp

Filesize
64KB

Download
memory/4420-784-0x0000000001E80000-0x0000000001E90000-memory.dmp

Filesize
64KB

Download
memory/4420-783-0x0000000001E80000-0x0000000001E90000-memory.dmp

Filesize
64KB

Download
memory/4420-782-0x00000000751E0000-0x0000000075791000-memory.dmp

Filesize
5.7MB

Download
memory/4420-821-0x0000000001E80000-0x0000000001E90000-memory.dmp

Filesize
64KB

Download
memory/4420-781-0x00000000751E0000-0x0000000075791000-memory.dmp

Filesize
5.7MB

Download
memory/4420-823-0x0000000001E80000-0x0000000001E90000-memory.dmp

Filesize
64KB

Download
memory/4420-805-0x00000000751E0000-0x0000000075791000-memory.dmp

Filesize
5.7MB

Download
memory/4420-804-0x0000000001E80000-0x0000000001E90000-memory.dmp

Filesize
64KB

Download
memory/4420-947-0x0000000001E80000-0x0000000001E90000-memory.dmp

Filesize
64KB

Download
memory/4420-810-0x0000000001E80000-0x0000000001E90000-memory.dmp

Filesize
64KB

Download
memory/4420-809-0x0000000001E80000-0x0000000001E90000-memory.dmp

Filesize
64KB

Download
memory/4420-807-0x0000000001E80000-0x0000000001E90000-memory.dmp

Filesize
64KB

Download
memory/4420-806-0x00000000751E0000-0x0000000075791000-memory.dmp

Filesize
5.7MB

Download
memory/4420-956-0x00000000751E0000-0x0000000075791000-memory.dmp

Filesize
5.7MB

Download