Analysis Overview
Threat Level: Known bad
The file https://github.com/XAKEP-1lly/NjRat-0.7D-Green-Edition-by-im523 was found to be: Known bad.
Malicious Activity Summary
Njrat family
njRAT/Bladabindi
Modifies Windows Firewall
Uses the VBS compiler for execution
Unsecured Credentials: Credentials In Files
Executes dropped EXE
Reads data files stored by FTP clients
Suspicious use of SetThreadContext
UPX packed file
Drops file in Windows directory
Event Triggered Execution: Netsh Helper DLL
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Uses Volume Shadow Copy WMI provider
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-19 18:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-19 18:55
Reported
2025-01-19 19:05
Platform
win10v2004-20241007-en
Max time kernel
600s
Max time network
589s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133817865612892736" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/XAKEP-1lly/NjRat-0.7D-Green-Edition-by-im523
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd773fcc40,0x7ffd773fcc4c,0x7ffd773fcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,9025058591640645006,13479175284931208984,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1908 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,9025058591640645006,13479175284931208984,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2084 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,9025058591640645006,13479175284931208984,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2328 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,9025058591640645006,13479175284931208984,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,9025058591640645006,13479175284931208984,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4708,i,9025058591640645006,13479175284931208984,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=724,i,9025058591640645006,13479175284931208984,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=208 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 61.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.173.78.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.131.30.184.in-addr.arpa | udp |
Files
\??\pipe\crashpad_3292_TNSBYUVLIMOVRYYC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 6471672cfd88daec0b7a7b17e7286c2a |
| SHA1 | d53f5f271acb56db3674795c1fa3cb6a90b0fc19 |
| SHA256 | c5e6f164aa69b08521a540ff8e204d055418390bb7c17cf51b8eade801f845a0 |
| SHA512 | 615bab62631a4e1090a4e8eaa0f9172e715717d11ebb5b0b172076f01b51071d84303a58dfb1d1092f5bf1d7fb9a3515534e103980fa578c1c44471998f28a06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7de158b9a7f40dd314dd00c09e6c6cfc |
| SHA1 | 97b3a1d76207af93abb1e5b47b930fd8db6ebb8e |
| SHA256 | 6fc7e0109d8cc6efb83d4e4ddb5f98b5acef54a9b4edb196972f53be3f767334 |
| SHA512 | 020015735b98f7db4c36c6ac3d9d694fd2a3590268a2f64bfa541438ff6caa10aeb45b8b8c5f7e322aa39e7ab3fd57a5c3b277e9d20ebd66d658cc5d94d6fccd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c77982f6c4b06a211f363f01bf24e64a |
| SHA1 | 4ef919c82adc6b76652b0a0e801a94f093eb6bde |
| SHA256 | db81f9c3b07e16a4e3bf13f8a3bb6eff1c5c51598f2608c24063fd1dcd985eb0 |
| SHA512 | 6754132cc8a11b1f969b9ad6b3516a6ae8e53c47654223bbca2d56562e56c34b9f26d1339d080ff5726c501f156ae03ab442a2bcf18d2edb90ecd38f5bb7697c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | de110932741d06e5a43f0bc15925cc5b |
| SHA1 | 17adec9b28fba2339e0030746322dbe3f5991486 |
| SHA256 | e2d2d728b87d6f0d542264402c6107864bba6ff2026f479966c4a0feb385a6e0 |
| SHA512 | 9d640d5cf9c09f9d3a93973dff3ad3c5bb7b4cd06b69cbc1a34c5dc0014eb5130433aa3cd2634b53ef82d2fedff634ec70e7d39366dbbc8b1f09af92e0dae361 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3f0415a5002cb49ccb6fc3a57e203557 |
| SHA1 | cbb57e4596893b982e05da91fe6c2a7752211304 |
| SHA256 | 69a7aeaccc500381abb37decc58f65163e15e9692ef97070f3e98f225c193113 |
| SHA512 | 4bacf2a35f1722b8af500d17429b79835d77802c4884e710c44cfaf4c27d825bd8503e0c38bf6be1250d2d4cf33e06a39f098593c9fad7bccb6ec080f9571274 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5834194c1fb2fe46e5b2e75cd0d9b587 |
| SHA1 | 018a9e4da18e8ad0e1f7843602191da67c252048 |
| SHA256 | 47e120fe49ddf96fdaedf53473406f9fa784bfc745ce9a6cc73a94ffda7399c9 |
| SHA512 | 04f49562495a3769b83472a1ad5beb962239aea551a92afc7a4945a3dea48a738eebc1e79edef34e13817394598a2883067fd8315406eb62b1046a3c1c200ce6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0724b2769d8cb2d36c625c4094f24a4d |
| SHA1 | 6242e3f1c4dcc61bd2f340ab052ae9a0838f6ef9 |
| SHA256 | 4185034947ddecb817f2f8351ef444d27bda2ef9369d75dbb6412e9b472ad25e |
| SHA512 | 2f5833faf8a9e8be31d5aac6fc942de1317ebc052c0c444e6accab25ca51a2aff5d43f627d86ea3790b754c351b267227a59c8d1974b07925aa95026c0a55ae5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 874796afc099e5d2aebc72568e5930d1 |
| SHA1 | b0c669ae0eaab4a6e50ff64975cc21caec18ce1c |
| SHA256 | f2645017b441a0887782f9d8ea09e82171e2a4e09826ea4fc7143bacdaf20b09 |
| SHA512 | c74fd7ef495867be6bee1e0693c806c87bb4c37abcbfeda890161d9d9267820f43dfd40d8cefd190f3cf9be8b9b6d8d8610bd6459e60e031e91570d06d4acc79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 015c90b7e9832c08cc1c573563a8eb1b |
| SHA1 | f68740c08ae7c08375577e4ef8ba73fb5974545c |
| SHA256 | 7e7a83c665a34dc28ffff92b7db756f9c09c13c9b6105d7dd873dcc59c4ff95f |
| SHA512 | 6f6f5e2641d8bff2573a98ff45e4c7069c598d4dac70d1014b548daedae9f2acc868fb3db8d5dae8a8a4a50101644df4c884add91491354fd5f9f3b4dcbde078 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7ba7eef2d558df4779e6ada799cad924 |
| SHA1 | 90360c86c80efeff70e96677381cdd988bfc3229 |
| SHA256 | 07926efa09d39b0f1dce291c361bfcedb4fb588c57ff7e56a802c5f32b5bdd39 |
| SHA512 | 1b9fd66dc26e0175b4db675c0ecd4fbe01a76bd3a8241f882e1b95a96940e6929dcc84c9a7fe60bb5cd7ecae31ecc6cd4d2c099c2ab6c32c871fd5062e0d98f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3d61635c250d2a2b0657c01681c85714 |
| SHA1 | ee921a04446e30f4f6ea83ddbaf4af64497bac29 |
| SHA256 | 564532f1ceb5921513698ffeffb9aefbf2ecab67ba83b728e6db9fae464690ec |
| SHA512 | 33d2d71ae3885f5d32da9a3edf2fb66155f227db841ae5637488d331c6c8813c1afd7561653db884bb43715305c0695ded76eafb5ec0a8857f443ba31eabdbd0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1ee35ade47622df8ba23b7d3ab81a03c |
| SHA1 | 5b6c48c6f58e57676c2b23ee322447698bc55cd2 |
| SHA256 | 8909fe3a57cc85ed66e2e3692783b0ae3bb2fd86d77312cb02ab29f36d1974b2 |
| SHA512 | f5af34ec3fdcba888c670546c425253a7094ceee03efbb7d90ebb3e4c1667dab7fb1afe5e60f79b49f0219534c0876ea84ed162459eb49600bcf72334432ac27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8e4fda3b91dbfcf22ab3fd8b7d573227 |
| SHA1 | 6439d126f33e6d11e8978178e4eaa2ea1ce53f80 |
| SHA256 | 8dead01d5469fce6397b96379f12482c36e71211f70210cf3dcf758987332665 |
| SHA512 | 0b94bf7f23ca298a755cb00718298dbf1ec9f4e0a6440c0d76f7ac452954623722306b52d0287ec0bfb78f44f988c23a0afddf0b7b0452a863fa60371066ab24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0027be2f8eaa7e0f84e4a09845471ce3 |
| SHA1 | 8ca3cdbd7d45bd170d5408b4aee85b235c854ed9 |
| SHA256 | 98ec27561d04f46b62172c2ccc04fb79228492b5f63fcf777458d18b9a2493af |
| SHA512 | 7921e9530fe850d9a48bdb188855005727884fec06f79eff6b1e937243e720ae36c5d505fdc727611b53742536516456c4a622ed7e77d1e0beb3c2886f2331d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 88aa1bfa2aa3400cc4ad31f39f4f3308 |
| SHA1 | 3a20dc5e5db92b02208ca376604e5120e65d489f |
| SHA256 | c716f540fa796014979d48ce561a62fd1ae9db18814748bdfc2596e07a48dc97 |
| SHA512 | 472bf668243afcfb74f684bdc993ef16b4e065cd21a0ddbe7a7b3e80f9025694b28c62f6b57a78175f507f24adfab11f235b29870c584d2ecfd59918871155d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 782722548c44004f4af87a33476386f3 |
| SHA1 | 6408ac79945354f79f623ab330803071ae0de446 |
| SHA256 | 1e9df559f280aeef97c1574ad8931084b4419a356afacfe8ae46d3c5716b10a4 |
| SHA512 | 68627354308bdef436aede2c9e1ed6a2ec517f9cc1f2d367d04dd04227d3b32d97a7b886a52e34c367202610a797124d7f5823982941989df1e365e1654a8f43 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9cceb9fcf580235bd155877def7fff4f |
| SHA1 | a81b0d42ea4dd6f910b429c9fa042328824b82ea |
| SHA256 | 9e1df6f9c9d415d7e092802908d5706668737da43823725ac3cf67d871dc31bf |
| SHA512 | 2a56ea3b0ec40c9c8c99baa864fcdbd4885a39c6dc8638e0ffccf9a829c48fb8624b0e20ab89ff051c7a1772b2b5eff89c64b2c37bb92a276f79ceef73266be6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d7e96cde6f0879c670f65c4a865da414 |
| SHA1 | 8fa851da4782e40b3516c6d074fd3ef4203bbcd7 |
| SHA256 | f4e6e3cbea761e8279a397d48ad3827d46ec70ae714811fcaaf47de2fb800379 |
| SHA512 | 0532915aec65712cdff7685e52c549d76f713046959e4713f70e7f9e0d84fd047ab0bbcd945156a23bdb39f3c4b5e1e37936a8039e6a3f80f913ef69b636bc4c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a4c6c25aacbc909e86d7ad57c5a54824 |
| SHA1 | 358566cbd3c9ca1b7100cc5c3b960d95f78c4c90 |
| SHA256 | 0871b6040d3aba01097811c999f324adc4480062996fe2eb4ca0c07efb5d5264 |
| SHA512 | a93e2824ffff129c6d7cdf79de319324a3aff7e31bdb82672c2913664b4f65de2b36b6ca13f7adcd7e841ccf0810fe2a25f919bb06ae0cfc8dfb3b358bd7f606 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 99031619d3ed0eccbd57930e01068ebc |
| SHA1 | 792b1dc1df150d634dd377d54215ff17faa3289e |
| SHA256 | 2b2d0cf73c87a0227153739b4ae9aa6026c05849949b117db00d8271e28ac1c9 |
| SHA512 | db63089843dfc2f82b46dded7ae808a898f586c4acf7836fe894ee9760d07b1d9cc18277d1e93b326c3833161362da71bc75355564f68a0fc62cb73c5b59ca97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4b074d5a256be8a5150537d9af185bd8 |
| SHA1 | 2ae3fa4c6037d3c6b6bbe103ac94ceddc2f4e224 |
| SHA256 | 2da869c82ff66063a035af995b4bfd5c8009b70694e6b034eda1ce25273c0dad |
| SHA512 | 12ce0328a46cd8c600d9e4c36ee1421ae6b8b83cee35829c2ea1f0aee0fefd692a0b5d6316cecb7031a75eeaea417821a8d03b9f7b27f9cb2acaf1e7bd548510 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c517a1ad83f7f88c8df8a08abe94232c |
| SHA1 | bbfb8bab3b392cf6423ea0f7602ba00b114d27e4 |
| SHA256 | 7b420b757d76483ab920045aabb6f09947844e7efe4bf71becb023477b67ad1d |
| SHA512 | 0be1c778eb93735d7069e15a03c740d9feb5bf2db455913ab2eaeed8a0d364980aca7c1804130f77008ad0d0869d2c8ef89896ef8c22938459dbfba303d1c34c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5e37055b93be87e48c1ac9077e307e46 |
| SHA1 | 7336c208698b0ff05c5bd071838352e84a2098c4 |
| SHA256 | 7713a3ebb4dfafb1148730cf723fa5d21318814e893777c141b7b213483b58cf |
| SHA512 | 3086a91ebe129466e5264c491d312bd3463ce1bbe46ef7cea7d862034d7be185ce27fc8f0cab2e6a66ad8272a15bc557439dfcb73b670a1d368ced3293a51d26 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e023fcf678dddb2ce71983e0285a8df2 |
| SHA1 | 4c12197bd09e60dbad8f1f4663cedccc2ab18e7b |
| SHA256 | dda61b07115e2c2dfc8648b6a15117f1111d7f4d39706a95a2dd36c785bf7c51 |
| SHA512 | f043d06f57b7fbcf649f40cf6b83626e9d7f05ae31d467804e08c36fc831001c7087505d59d6132b07fedb9a5c49f67d709c7d8c5d4529928a82c29334c0ad5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | de0f4b9d1549c3ccad70d9df4b8eb03a |
| SHA1 | aeb795311fdbd481faf3b3ab98ef24e227f2f4db |
| SHA256 | ce797a7a85754342ef3d38c7ccf6cf2b9cbd119aa13022e4698435b5fb099530 |
| SHA512 | 8bbb7b1f458dd798d9f4e5a5aebd5ba677b597c14a798bc9718cd24dc92319c64fd6d227d5a2f71723a7a6b598c804858b10d8871720b0166b9eb154237c0dae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d03a08d05f245f448cb55db9d7584452 |
| SHA1 | 689db19188e406323f8eaed1950176dd94a915e8 |
| SHA256 | 850582b914fc2e51bc225cc11ec4639750f44a14d6bef82036e9b43e00ad41a8 |
| SHA512 | fd603a8729c6d271e11ef767fc3d6a40fa7548e6bbdd832b831cbf9ad44cd8075f5f12e3559efd7d210030b68df393bdad07ff62190ad244b453645cd49076c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ae28b32c1494ce4071040c1806cffafb |
| SHA1 | 3f16c81d09e821c6f84fe66fa9c8a05e2eb44496 |
| SHA256 | 4422bb6280bb4d01e0567a3b0e66a147538562fda6ec1f4d95e3f9dafacd6641 |
| SHA512 | 7e89d4baa0d6fb8d598c56ebec384a5537d366b0d20cb15b64a72c04a1977c8b61ee68bf60afe5c4974b1cdc09fd35c29377f774291d2690d3e4da9a2d58ec37 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-19 18:55
Reported
2025-01-19 18:58
Platform
win10ltsc2021-20250113-en
Max time kernel
182s
Max time network
182s
Command Line
Signatures
Njrat family
njRAT/Bladabindi
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Server.exe | N/A |
Reads data files stored by FTP clients
Unsecured Credentials: Credentials In Files
Uses the VBS compiler for execution
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4760 set thread context of 4984 | N/A | C:\Users\Admin\Desktop\Server.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Server.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133817865571100766" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/XAKEP-1lly/NjRat-0.7D-Green-Edition-by-im523
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffe4549cc40,0x7ffe4549cc4c,0x7ffe4549cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1992 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1556,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2080 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2472 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3180 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4484 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4464,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5100 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe
"C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=500,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5312 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5196,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5280 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x458 0x414
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /alignment=512 /QUIET "C:\Users\Admin\AppData\Local\Temp\stub.il" /output:"C:\Users\Admin\Desktop\Server.exe"
C:\Users\Admin\Desktop\Server.exe
"C:\Users\Admin\Desktop\Server.exe"
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\Desktop\Server.exe" "Server.exe" ENABLE
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5192,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5116 /prefetch:8
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" -f "C:\Users\Admin\AppData\Local\Temp\2843391"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.173.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.11.108.188:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 20.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.50.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | 144.50.22.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| US | 8.8.8.8:53 | dl.dropboxusercontent.com | udp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a19973cb6826c406cd2b18b5780f5f15 |
| SHA1 | b4278946e6cb86353ee74889cbd4507cb610c10b |
| SHA256 | 4ad7a9a45a4e073291c91d948e5d5ca7eee37b95a3db145a78e1fc2d773832dc |
| SHA512 | e226473e405ee5a486cda22f1c687e70e1cf59552b6b398ccb414202a8eddba8b272e8ea7e5bd632849c1de3e5cff7c7a4745010204ebf47434cb3d8e7f8e892 |
\??\pipe\crashpad_380_XYCHECVLJFUEQWOT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1a5c4bd279aab207525a8ce7607ddd96 |
| SHA1 | 09fb03c8b4080b5f43556b7653726d38761f6abc |
| SHA256 | a9796cc861b052b810f1d21bb57ca430058c3806bd17d22830ef33587249ee7a |
| SHA512 | 0ca0c6327373e1c6bc770cc3d2981803e710fef9d6ecd49752b8ff2c876e26cb316551b45a7e643ad42be1461ebb6b61e6fd993c1970a093527a6ed313ca5ca0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aa62d3fcb2e97a355998f12940e0c907 |
| SHA1 | f2c9f7ded746a6f543741ef402033227341246d6 |
| SHA256 | d62ca9d94f5c7394aeaa2517017c2a2c40efe85a4db15306f081be0084b8a09e |
| SHA512 | eb3b5f80718e112134b0f770742137a301b4dd56603bf0238b46ebe160e363fbf1e06a2a380d2e94b6ad84b731ca3c6e5b4712058696f96485f458416eb1f430 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1089d7963d01898c730f1f2d531e690d |
| SHA1 | 9fb72f3a41dda3136c467fca9a0c86395df1d71a |
| SHA256 | d0e49c1abba435a4c649170062fff847a0572f5f81795ade762558a1329bc286 |
| SHA512 | b348e6c3c26476b63a6b2ad0b15dade394b12e28e01ae1dccd95414c388e8516afe07c1b8b3b442f04e599d745aaa6ed32b5bf8cea1a050f4fc87f376c7f5564 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 775cf807de1aac4e25d8164d98d05f34 |
| SHA1 | 18b1dc3f8e28e5a7f3a2c3ee88c78d1255e86bb8 |
| SHA256 | c47848e2f6a26286fcc8be5b40dc6f77870bdabfb27662085de792c7cb44e3bc |
| SHA512 | a5bab9bc65c393b93cf5736f541b4948045ba28897068d68a4cf9306485416f1d8bcf4d2104bfc20bfdd12f045c0eb21dd0ae01738f29c5f9ee9fd35543d58c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d80f4675d723418eae2181fb4f48b4a8 |
| SHA1 | 4d013f1fc0900e6874b67cce022207c420a1fb9c |
| SHA256 | 319d39ba832a12667bc4f6aaaad825bbd291a23186082f08c94ebaec9fdd405f |
| SHA512 | 972a7196300d260efb8325560d228d6a7557959de194d3e26187f387d6ccea9db8f89c3e817c664fef6adfced702ef3d498bf55c2baa8d58963922d200ac80fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 53f3e1044ebf98cf003b428cd43282a2 |
| SHA1 | 370d8bfff82068d589bd1841a3cc95d7f5ac346b |
| SHA256 | ab48f479d1e0ece1ba1bc890561dd0eae209f3d21c4c35202bb1a90e0520b2ea |
| SHA512 | ede05ec5dd7d359c01f0b8ef122106b2cd666c449394ed1a69d28c5a1be9d54e202d417b876d449eff83f7bde5335b9d16e598affa266694f0854ac48a7923d2 |
C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition.lnk
| MD5 | d42f98173f80e3c8c53ed57c2f559e2c |
| SHA1 | 1820360c266fcc912b3ff6ad9354224e36ec5f39 |
| SHA256 | 77f0c1ce1a36358b3372d43c84102b426604a7b30dfc4ff055757ff4e803775b |
| SHA512 | ff47fd5c495378f8bf171907db7f00cc8cf862ca87e351cca534d3ae82efd3364e7d98e5e285be90f00689efd2822284cf2d7647e3cd1d0fff093f4e10fab231 |
memory/1140-197-0x0000000074E72000-0x0000000074E73000-memory.dmp
memory/1140-198-0x0000000074E70000-0x0000000075421000-memory.dmp
memory/1140-199-0x0000000074E70000-0x0000000075421000-memory.dmp
memory/1140-200-0x0000000074E70000-0x0000000075421000-memory.dmp
memory/1140-201-0x0000000074E70000-0x0000000075421000-memory.dmp
memory/1140-204-0x0000000074E72000-0x0000000074E73000-memory.dmp
memory/1140-205-0x0000000074E70000-0x0000000075421000-memory.dmp
memory/1140-206-0x0000000074E70000-0x0000000075421000-memory.dmp
memory/1140-207-0x0000000074E70000-0x0000000075421000-memory.dmp
memory/1140-208-0x0000000074E70000-0x0000000075421000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f687329ca07a8394d64bf0f57cdea59c |
| SHA1 | 08f0f725b69c2fa5ab08dfe35e0c0b7218225d3b |
| SHA256 | 3f9148e53a61f2cf2110b333d9e85d750b9e278eaa5a2931f3c514a8d5eb4cb9 |
| SHA512 | ccdd6018bbad62ede7cd6d7f158a21e19e78c2cafa3d454529d9938a0dd3b9e2c44e640e0f8d2ffa5899515f320b67cf2df37082d60c37899401d498eba55c05 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4a711095cbf23a1899e862d9709f94f0 |
| SHA1 | d02b0472e6d617826e01f57ea042c65851659249 |
| SHA256 | d42d6bfff768b1061f805f4f6048a99897757b34fa79a832eef0bf8479f5b688 |
| SHA512 | 34e6d015abba01ed0853ee0f14a601cbe12179a2bdafb28da28e02c72ad6e9e33cae802f38c278073931a972927596fc7283cb0d075aa41009e60d00faef6885 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 369cb973048b09d64725664d3d08de4b |
| SHA1 | c3d4800b4767629aeac4cb90b6c745c5eee3703c |
| SHA256 | 3695aaf4fb56148c2fade3b14e643f00b287e67c608d95af8e1e492407e84ddc |
| SHA512 | 4c9249240ff3fe8f8bfe4c7c7c9e1fc7267659ec3c8c167145ab2716341e45655aad9469ff6c601d051458c78dee55a51685bf871ef4cb8e3ed7df18399a8683 |
C:\Users\Admin\AppData\Local\Temp\stub.il
| MD5 | 8c535860a3e930693bcd0b3208420543 |
| SHA1 | 7c43801272b18ac958e6099567d37bd93150109b |
| SHA256 | 8babcbeaab9bb7b31e4c7bf6ac9493ee5ce154bfb46cbbec9c5b7744bc799b91 |
| SHA512 | 1fbfea733375df9c4cf737544e73f3216608a5c50443f480ee24705f0a0e4f21cc88b8c1f00badd9716c67ebe31a351890b72eafde784cdd46e5a5533b3690ce |
C:\Users\Admin\Desktop\Server.exe
| MD5 | d74a8bbc4a6ac85068307705d70ef618 |
| SHA1 | a03f4e31733e1bb0ca82ad051bbc49b025fc9bfa |
| SHA256 | 9c77c88900a7145cd1501d99e706623fc7844cf7d6507b54563108639afd05b2 |
| SHA512 | 160a5c72dd5fad01ee76dd6c95389e6395a26e198cbd36c12051dccbc54f4923542f07c24c7fae4cb141f4d9470f105fb8c310aad97ca845a082d5fc900acbd3 |
C:\Users\Admin\Desktop\Server.exe
| MD5 | ed41233d972ce51739bde1ce338f63d2 |
| SHA1 | 5d61560d30de215349d7f01fec663f22de95dcc0 |
| SHA256 | 74a3892c6caa6f95513619cb47c853b3327c4afc837b54c4174defbb8dee3e90 |
| SHA512 | 43d02b63bed6c1ff825ad196bd8ac3d1e6a20be257f5beb1dc505f6b8bb85f29879c3a447f5438eb14ec55a4f7d52c62c88e258ae82b123e192717f226bb848f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6cf8c99950e9c3dec9267e01b86fcfa6 |
| SHA1 | 46fd037d8ef024d8fb364ed41fc1b47d04e964d2 |
| SHA256 | f99724000d993631080f48b25438cc71aa1e032fe048d2df530af96b5d438904 |
| SHA512 | bb54871bd953f50500d49e6691e6bfe727d6768cde9db74567e7d9493947bb6f54f7ed45cda64e5f788f82ac14b26f3305f1a4ea03d788b6d06f582740b2ce21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5ad665bb26a46b7a3c8c341f80e7811a |
| SHA1 | 649f843449a13c66d4647382f1c6b3d64b719b4b |
| SHA256 | 3cb43b7cbc2dc1a6777ae7cc8fa6d79598dc3d02398684aef1dd4d2e1307ab7a |
| SHA512 | fdf23296733fc6d8f14b71b51fc99c636c59364c6adad70cb68ba0ac9028eba8e0964d8d5546d97cd10cf1f4a9c8ba389217ec88228b8ef3ab88b26da2e7af34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 91162e237eab471d68504e6f6501eb08 |
| SHA1 | b2be4aaf59629d53e6441695140ed8a80f3b9015 |
| SHA256 | 1de06b54c16cc86456204a229e8e9aeae943f07994e5409b88e22915e3a2197b |
| SHA512 | b5662ddfa994af5748668142a5f496a4f98b6988385ff09c61ded5d18c62652f56a105c03a8b740ccf7ec05f896b62f28a7c0a898cf21af67c27c981d61f703a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0b235aff613e851654834eaa9784dd2d |
| SHA1 | 5661f1b3cb92af9ebd38455e06e053bcc6c704b0 |
| SHA256 | 8096e55379ed47d7d398771467cefbc5c0f581ec5155419ae76d3ec8851e3c90 |
| SHA512 | 006cf8ab621feae7ca321cc6fdeeb79ae1476f308268d10bb11847d818cf827af279420d45374647f6451f10725c198f0612cea357b9956057da9c7372ab97f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cafe1183126e521cffb788c0337e59ee |
| SHA1 | 857547bf2277368d6935fc7f5efdb71666bc9fea |
| SHA256 | 5ef64f00dd0bce8e5787f1b071e07dd2d514703ed0e258c616687087f3620add |
| SHA512 | c3b4c135516fd05321620e050be3c6f8521b2f2b569f5347c067496ad07e1bae8736cb4fdf03a46288da1e4087ba88f684221dd141273b9a0acbd7d114f32a98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 40db0f6490312ef78548acd85a26ea92 |
| SHA1 | 8b178fec0167e1ec9d77aa23f2180432a32bfcd8 |
| SHA256 | 703f4292eb274608893726291b310833babc5f46b5e413f3179771ff3ee0e477 |
| SHA512 | c0dc59804bf431c4c2b3ba899e322b06b585e7a2307367150a59dddd8d34dba7fac905dd4cbf3dd0f777f4ac98b8ea6337424be8baee263f271a24d28f828cff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a3dd2e8c00fe12421c2707b5ffdbe878 |
| SHA1 | 1eb9f88a03d7359b7b38a3f90a02a12e46417e30 |
| SHA256 | fd86c68ee5be4f437b5bd9ff81157f430750aa8241cbf58ff3331679adc4d01e |
| SHA512 | d512a2a4151266503032d97366efb8ffc8fdde05ed2bf1ddffd89b994c2243fc82c68a089544265498ccc66b942a5c4c473f1cc638d288bafedbcaf3146381be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8a371a913276617a52f0b4605e4e5aec |
| SHA1 | a876307525ffe03e8695930b7e98254eb1efbb03 |
| SHA256 | e01bacec841da5123d8afd2aeb01242af05e02d8d7454b43a434028a1dd1a271 |
| SHA512 | ee84ff4566892c201d7a9b352c4dc6d9bb0548b7e04b9360329003f0c07df53e4b3cb261b3fda28ec6efbdf4779023e491958b1827ac93026252ab094442f83a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4ba9da65f68b4c8f8996bd095c9164c6 |
| SHA1 | cc179e71f2516839f7bd61904f28d6afa71daf8f |
| SHA256 | 6059256ba3995fd968e5d0766b406ac51eeadf7876395affbe46fe7ab6a60f79 |
| SHA512 | 25d7a5a33fd9df4a06d9c2787aebd8aea36b127b29539d364b5bc262ecf10600bd035fa2cf710e68dd6735fb87704261e286cc87634136da2b7e15a25436ec33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4b5ca13b9fed79dc54ffad8a6e60018d |
| SHA1 | 04a59a243ca291fdb6d7f4442ff2319bb0dad0d0 |
| SHA256 | 9758e48a225f2e534b160ea8f547a655a0ac151937198cd80f715588c4486c0d |
| SHA512 | ebaca5867c1261731a1ddc5971b65461c50e55b214430822d20da73192d8754ab72d1e48eeb5d9ff7ebbbe2703a32c3dd9f10dc585a9f57fabed67e6aa69f563 |
memory/4984-354-0x0000000000400000-0x0000000000472000-memory.dmp
memory/4984-355-0x0000000000400000-0x0000000000472000-memory.dmp
memory/4984-356-0x0000000000400000-0x0000000000472000-memory.dmp
memory/4984-358-0x0000000000400000-0x0000000000472000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2843391
| MD5 | 6d0e849b0647746facd7c73f03b4d366 |
| SHA1 | 3138201a6608428b922bd86168b51cf80615bc91 |
| SHA256 | c2f229ba47f29fccb6d35a908e887bf97e9e87cdb1110e855d5caa39571e5d72 |
| SHA512 | 3839589f64141ba269f95e2726dd040ee09b6c9c09f5765dcdba847b02f68fa000b588a272f17e73ac42e81b3bb154535dc20da6dce0682b4b3a1ac2daada86a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5dc60b1e6b6555fcd493f157abd4e267 |
| SHA1 | 5a06b5798ab95856489bab502dfc1a3820c4822b |
| SHA256 | 451e7bb9c9b3a798d0d99941d2764670c51a170503b6131717e908396bca9b9a |
| SHA512 | 0e9f9f294f80df45fa4106fe04de65115c69ab00cae3276c8f657417762c24c9467343daa33396a5b811360c3477874fe0d0ba4e24649ac485c5ddca8d177661 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e07efb329431efbaae7a8cdd80de0732 |
| SHA1 | fd120ee00004a5b1965aedc2460ebb41c6b22b57 |
| SHA256 | 09c5075af4c43b1f2c4bb11ec2f361fac7e9908e9ea1e74c509fe7b60a17b6e8 |
| SHA512 | 658d0d4b0ee80405e65826539be837df43142aa24366c375e8c4ebd964ceec873255babccb741eb3bfc2ea4ab686dda598a9ada5677793b47bfd0017075a695e |
Analysis: behavioral3
Detonation Overview
Submitted
2025-01-19 18:55
Reported
2025-01-19 19:05
Platform
win11-20241007-en
Max time kernel
600s
Max time network
589s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133817865572603873" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/XAKEP-1lly/NjRat-0.7D-Green-Edition-by-im523
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9811cc40,0x7ffe9811cc4c,0x7ffe9811cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,17944134711075506341,3202047339546324535,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1792 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,17944134711075506341,3202047339546324535,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2084 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2144,i,17944134711075506341,3202047339546324535,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2252 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,17944134711075506341,3202047339546324535,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,17944134711075506341,3202047339546324535,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4548,i,17944134711075506341,3202047339546324535,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4700,i,17944134711075506341,3202047339546324535,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4784 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 224.0.0.251:5353 | udp |
Files
\??\pipe\crashpad_892_YLHIOEWXHZDBRLUE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | cf52a102cf3a59f60aefe7addedbe5b3 |
| SHA1 | b0baf730d93b8f9fe79f0c5ea0e8958dc9824a47 |
| SHA256 | a1e59d6ad3b8ddb0f97e7b154ea26494888b929157937fcb1751b11f38943483 |
| SHA512 | 9e5306fd276347862206099a8da1f262c755678072a74603545efece2f2d09973c615056e855a8d04f46f2904eb220609e195478a53ddc034fc926a75e5183ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 12e334a235d381391bb86c37f07c0c3a |
| SHA1 | 338e32b48d3e13efbab31cc8aaf3a48368e40264 |
| SHA256 | bd901eed06db045ef950787b1470c0739fe18fd214f34c670bd51453ea79128a |
| SHA512 | e843478a2264b240e1b80aa1ddfbf2e86e3295b25bed4c407ac64e35cbd362a0f59c32a18847c19e61bd9491ba52ce59b09bb728e5bc80050f462eab2e498495 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 816fbae47f89ebe1a5ad7cf15c7cbe96 |
| SHA1 | 5abcb11f8daeb7b8e235479d07ca2e30da919549 |
| SHA256 | d2f1f301997d68e8402bac74a34644084a12cce189273dffb35ddfc9944d49b7 |
| SHA512 | d328af33f91ed407438c17086d7bdb7fea15343ce73046911c6737ce9639613b05a42f98f1577dddd7793b55c082dc614724eb34c5e69f5fa55e025a9d82e004 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f1c05abe3e236871e972f63014972a4d |
| SHA1 | 21ee282399829844f9682224c0ca434825a47b00 |
| SHA256 | 9db6b9ad71d91a9af4abb7658f1d35646f6e4ded0cbca078160c106effae259f |
| SHA512 | eadf3057f559ecfaa2a806becbf1b9e94c792a973013a927e9b98edbf9f6a6dc5b08f9fb54b1c05c16aceadb39328a2e689bbcfc4d9b52b572eae6e5640097b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ab6b8bbc83e53431c280687ed35cb83f |
| SHA1 | c0a8dfa698b9583c6ec463373ca7cd6928f30b68 |
| SHA256 | 8a82b49b2477993a07cbdce09df220c881b967099dfac85c8040bed7c51c8041 |
| SHA512 | a2e34a89a084b2db243eb154d41b7de7017c24c8b96b3e81fb5bfa4d3e16e8b6098b6c04f004881552bec9611bd970aff4df0591cd66e882ce1e5f4ccbb7df50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 89d3ffd74fc75cd85b18f309a6768e87 |
| SHA1 | 0cf9538b8ee1c9a7c2717c76911a941d088de64e |
| SHA256 | 86220a3accec416b080e39f2c9471a3cee707a8525e039b8dd29bd63bf901430 |
| SHA512 | 14f1c4c24c16a5c5bb1674621990ca4950bd44e275b07cea7e31f36527517be9626d3a129b508134baada287f4020a4356d2abd9df2c39db8f6a5ef2b4fc6e09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | df17ed148be33b7c85d00d7380b8921a |
| SHA1 | 2f480263ad11b9d232a75f61074ed6eec3f521ab |
| SHA256 | 2235f62267effa1871614d4e3356225030f5b1b62446b5c03dd72f323a709986 |
| SHA512 | 33ed415de0d68519c46eec6aad3de52180a4b813acf089f970c8cb72dd1c7fd38fcbe75bbf2bf10287eaced2d07f9dd2e44c76210498b08b4395e9a39a10a9df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 76313dec81760fe9818fe0301576df67 |
| SHA1 | e0b74c7c05459f0058e5978c9c0354f44b9f9c0e |
| SHA256 | 62056e21dcd9e05c540dd702db7ef146d65481d756e2a246c4b0214fde89a0a3 |
| SHA512 | a65b3c157bf92850b8134524043121da3cd3aceeffae4c42a3f7f64457df5649855fe41187e262f2ad0b26f8dd67343842b91307f5c87398f2421e082a398c88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a3f2b3c71c48bc0400fc0680daaac9bb |
| SHA1 | ad4192c932ae927a1057cdec08d51e0611960fc7 |
| SHA256 | 52f358f5cb6bbe4bcbc77f111a88f15e6f79cd611f053cdfb4c8edddf07d656c |
| SHA512 | 108dc2039e49e04e51f567face31e72357656cf13fe71cdd18f08ad036224719910da9f16288620319df9e0766e99c2f8eda6d8d0475604f2e34197442429afd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e1d2a33c7a7b60f4c48bb6a712028f89 |
| SHA1 | b91ad1f4544213ceaa3887ee786cf6d833f037f4 |
| SHA256 | e48032d9134e309496464b42f6a775d6c962d69c7d5aab6664f671eb5bb002d1 |
| SHA512 | f3d0fe90ffc2ba663405a5e465c30f73b0b85898d76663462efc5218a41e2b02cd3f98603a15c9063ff67075fd550dfbaa73c01b42d7f750eafb679db60d3043 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b0fdeb01f69ee1ab493afea738639d58 |
| SHA1 | 8df736728ddb782a46c62b17cf8059ae4ad96913 |
| SHA256 | 1fb200ea46b08179d299f400e6617b4f3e7fdd54d56d795de11341c5f557f0d2 |
| SHA512 | 640f2bd76eb4f9ca394c680f52a36238307c84227eb98866261cc969c6e48a3c7df35a2556eb052ceecdb2295a867b337eb2b6e3938db093e6cd49f0c16e63f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 62f5e3e29ea3f5caa9268e89ba08c445 |
| SHA1 | 0d79025b22da080b1867110317bab14fb6a11180 |
| SHA256 | 1841a9e09cafd24d2ffc925ab8ed0ddb664b4ab4ebfaf3df3a230ac4cfe27f18 |
| SHA512 | 8729376a71f5c6bb0735aa3a6effa62b788700489c69735aca5222a32068de5dffb9ac34ff56c179bca68b895624778b1cffd2dafe814f00b283a4bfcae142e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d62b936af2312ad84e98e7431c39dc06 |
| SHA1 | 93ae1b378e8bbbb9d09201ae170ca02d2ede96cb |
| SHA256 | c0c237506a98fa566d4df4b6125489900eadd9381b1b5b1243b74578b25c1c05 |
| SHA512 | 5348af8237c7069fa5e51947c3d3beed04419e5f4b33f481e832775d2018633e1df8694db46e22e1da9434d55f8150e6c4f195ed16213e9b16a1aa50bf004e8e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5564559b576fd7b6684a6de40bda763d |
| SHA1 | 39a41bec0a8a86704e82905d47e730fbfb030065 |
| SHA256 | ec8a801fc8cad3a69f173d9c620ad50daf013716267bb05799adc9b06dd5b5e7 |
| SHA512 | 1f7da78fa0abdab43f78551f70f43a3687bbbab903951f1e1457bcb73037893bcdd90c95b84aaf76cc541239d0e850c43f6d314f4b212b57e37553278931486b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d69730b6ae2288359e32746437026cf4 |
| SHA1 | 6049906ab30ade1257738a9c83e1009e31b15b93 |
| SHA256 | 1be5bfbb8f24d23724b3e207b2092366fe2cd971224a7202222e81f603b688e7 |
| SHA512 | 1f795700d71386a1d64a3ecc2ae7e2c22b43dc610ae44e382eb08aeb8572b221bce31cb17208ea9738eee2cdd08f7faff2dddbe71a7c142662aeed366fbbbc23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bc8c432fb54d6defb2749c650023398f |
| SHA1 | 74464b9f7873558953b491fec99a75a2bed61182 |
| SHA256 | 9cef9455aa941201cd04828e4cfb04155c7f4d3b746adf47c981abe0022c5a4a |
| SHA512 | e64a4225999bef009882688ec9ab6ecc7e07c5fc3a7070031b896cebc50af25bdc298126e4148dada50fa889274c925df52ee7be9930b660355001eae385895e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 08ca6499f6d0ea48cb3363dca1dc9bf9 |
| SHA1 | 5bbbc1eb27a2c0374ec37718db241a88f0c77c80 |
| SHA256 | bf9091d8b7b087bdad1d5962e7acf94ab80d53d66746127b7b1c2d2d80bd0259 |
| SHA512 | 18c635fbb3943ba265a212117b9e88fdd1c2702ee568948bb4aa1b2852c6630f78fa94b90847aa72fa2f1a0d9c66fa61a1208354994b17e76b2f70f615c87d96 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 33c155d8e6b6f608e79050b0fb11cf6b |
| SHA1 | 9bfefe5c368c4dc31cc49a9c3e53ebb3c5c01cfe |
| SHA256 | 910d87dc883438bac95f2a8a83926714b7c421ebd44b23e63e7387ba29eb4840 |
| SHA512 | cb96f28586446ef11fa731c3d7141438f66a95f5669f6ee659c4936587bf64211d87803a1acb62a0b4a166b3f615468990c445f25d13a7b67ac9d3940be0b11b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7d26218b91bd6128123dd87f6321dbc8 |
| SHA1 | a0ac9b851d0f4aea0bacb2221323e0d23184cfec |
| SHA256 | ee5112b3a71f0e7c0ed6c9c7c88e4642d5c387e53070d0557e44d82819bd5395 |
| SHA512 | a4450599f3692d6700234cd5e3361ba76d1eea8cdf41a7718e0f13ffc87e40eeff916411b4dc1e812c10d63b5875da746546092083626f7cc9af08f236196a41 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bb9e50bbf18543273598b6b2512618ab |
| SHA1 | c51ce9b340ac4599767fe5effa22549a31b0d244 |
| SHA256 | f653ce8dd3e956d7ec7dd5e0a4f8891bd8390e09c0529c67c083ac780625fa77 |
| SHA512 | 1c49ed31e06cf8ec1c7b97585ee22f2afc086e99e66be287174dea06430a112aef7f0991ba8fc77f58bee66d700bd94bbd632aac73fedd264a56a24da3292443 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cb1184f193aeed72e767156dab96aace |
| SHA1 | df33b560b7bf94ef93a869f1ba5541c842eb1266 |
| SHA256 | aff02298e6ba44b172fffd4a36e8a96076799dab5e1e52946137f95c47cc1f1f |
| SHA512 | d1afa7fd6fb2a0ea082ca5120b9cf1fc73a09b2b9741083d354410a9f40cf6a5b6ac599428b91dc088d0708600e21dad24947aaeb25209b12aa5a6c651436edc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f9cb6b48a8a642cefa9924316c77438e |
| SHA1 | 7fd791286b86a711fedd2c6d59743df45b8873d5 |
| SHA256 | 5338ff8c941fb025ac07bfa6c81a17624c20aa65d80d1d5fb6b7732a57eaf1a8 |
| SHA512 | 08fb3622383eef108b1bda830d7024e0c85e4dd83c1d4b637110fd2312d6dcef354d8622cf1c54ed9a824ff8ffbceebf5fcae4385c1e337b46e066185c5404f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cd438ba64ae49e7a7f405891c0be0914 |
| SHA1 | 02f5cef33321f2b0ebf09f2089ca1b790e95fd93 |
| SHA256 | 779a43f8328dca1da14e2526fcf64209e61818e21f5b1b0df3b23e6df35e441d |
| SHA512 | 71a4f0eca434f9c26c2b6985a320e173286a067430415ce619ac9ed2b11d5f398397bdb9c14016f54e16beef82747b48facd5036c67e2f902bd51f3b958d8d88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cf05b7d9b44119471355063f7db009ba |
| SHA1 | 40d7aef235e9b7352328a4b9569d9c8fe749fd16 |
| SHA256 | b82bb9bb5eb8cc4e4ade1f9cadeac0eade1a0634df624c99f135b1dcf7e40ac0 |
| SHA512 | 4a0925e84c8bd657bcdebcd5491ab11769865062a8e1df0abf0bb6d397db05683bd9081f56b9f3f463bf01d8fdd6228d639895001f442f061426aa370e27aea5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8bcd7cd2ea17d551b7ed753bc4820ee8 |
| SHA1 | d6e9e78f302d708160827544bb918f8361ea92e7 |
| SHA256 | 56a6c918c5a5ba6f3ea224027996522981537d5c5f0381764e380dea10691c1a |
| SHA512 | 8cb040c8f832304ea2781d0e5bdef0b9145de0c7184260544f771c2c68328e453d3c30b0203dcd681391b6bdc2bafa106e3ba95b1b021c1e33c80bff992f8efe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 24b04e5228bd1f351fc4dfa9492ab4ec |
| SHA1 | 94781507e35a332269a9efc6fe296970dea7242d |
| SHA256 | 26cfbca14a039232b7a1bfcf83f476eb8ad204287f297c11c15742b763ef9e9c |
| SHA512 | 5118d34f62b8da61d5fdd2eda2018a462fde61ad4ee9a0b5a8fb18c9c2bfef258c41e5a193dd42f76f0d0837add720f3a43ba6726a3ebc8ca6232c145b5eb445 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | eb594f5aaefc8438d7a8dba51d461b7d |
| SHA1 | 3a4e72afe0f34ef74c68a4b096e613ce1aa48765 |
| SHA256 | 4c698e5da9f45813531fde9c5ab711971eafec24187a1349a18fa7c8b897cf56 |
| SHA512 | 544c765d36d397c4a2a73247d8800d8da5c2059e3478d37d716a3759992629ca8516056926c8a0a625786f95d59a644138ec40a64d456506ad6d62606f6a6b85 |