Malware Analysis Report

2025-08-05 23:33

Sample ID 250119-xk562a1lew
Target https://github.com/XAKEP-1lly/NjRat-0.7D-Green-Edition-by-im523
Tags
discovery njrat hacked credential_access evasion persistence privilege_escalation spyware stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/XAKEP-1lly/NjRat-0.7D-Green-Edition-by-im523 was found to be: Known bad.

Malicious Activity Summary

discovery njrat hacked credential_access evasion persistence privilege_escalation spyware stealer trojan upx

Njrat family

njRAT/Bladabindi

Modifies Windows Firewall

Uses the VBS compiler for execution

Unsecured Credentials: Credentials In Files

Executes dropped EXE

Reads data files stored by FTP clients

Suspicious use of SetThreadContext

UPX packed file

Drops file in Windows directory

Event Triggered Execution: Netsh Helper DLL

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Uses Volume Shadow Copy WMI provider

Uses Task Scheduler COM API

Uses Volume Shadow Copy service COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-19 18:55

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-19 18:55

Reported

2025-01-19 19:05

Platform

win10v2004-20241007-en

Max time kernel

600s

Max time network

589s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/XAKEP-1lly/NjRat-0.7D-Green-Edition-by-im523

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133817865612892736" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3292 wrote to memory of 4448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 3516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3292 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/XAKEP-1lly/NjRat-0.7D-Green-Edition-by-im523

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd773fcc40,0x7ffd773fcc4c,0x7ffd773fcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,9025058591640645006,13479175284931208984,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1908 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,9025058591640645006,13479175284931208984,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2084 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,9025058591640645006,13479175284931208984,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2328 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,9025058591640645006,13479175284931208984,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,9025058591640645006,13479175284931208984,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4708,i,9025058591640645006,13479175284931208984,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=724,i,9025058591640645006,13479175284931208984,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=208 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 61.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 85.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 245.131.30.184.in-addr.arpa udp

Files

\??\pipe\crashpad_3292_TNSBYUVLIMOVRYYC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 6471672cfd88daec0b7a7b17e7286c2a
SHA1 d53f5f271acb56db3674795c1fa3cb6a90b0fc19
SHA256 c5e6f164aa69b08521a540ff8e204d055418390bb7c17cf51b8eade801f845a0
SHA512 615bab62631a4e1090a4e8eaa0f9172e715717d11ebb5b0b172076f01b51071d84303a58dfb1d1092f5bf1d7fb9a3515534e103980fa578c1c44471998f28a06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7de158b9a7f40dd314dd00c09e6c6cfc
SHA1 97b3a1d76207af93abb1e5b47b930fd8db6ebb8e
SHA256 6fc7e0109d8cc6efb83d4e4ddb5f98b5acef54a9b4edb196972f53be3f767334
SHA512 020015735b98f7db4c36c6ac3d9d694fd2a3590268a2f64bfa541438ff6caa10aeb45b8b8c5f7e322aa39e7ab3fd57a5c3b277e9d20ebd66d658cc5d94d6fccd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c77982f6c4b06a211f363f01bf24e64a
SHA1 4ef919c82adc6b76652b0a0e801a94f093eb6bde
SHA256 db81f9c3b07e16a4e3bf13f8a3bb6eff1c5c51598f2608c24063fd1dcd985eb0
SHA512 6754132cc8a11b1f969b9ad6b3516a6ae8e53c47654223bbca2d56562e56c34b9f26d1339d080ff5726c501f156ae03ab442a2bcf18d2edb90ecd38f5bb7697c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 de110932741d06e5a43f0bc15925cc5b
SHA1 17adec9b28fba2339e0030746322dbe3f5991486
SHA256 e2d2d728b87d6f0d542264402c6107864bba6ff2026f479966c4a0feb385a6e0
SHA512 9d640d5cf9c09f9d3a93973dff3ad3c5bb7b4cd06b69cbc1a34c5dc0014eb5130433aa3cd2634b53ef82d2fedff634ec70e7d39366dbbc8b1f09af92e0dae361

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3f0415a5002cb49ccb6fc3a57e203557
SHA1 cbb57e4596893b982e05da91fe6c2a7752211304
SHA256 69a7aeaccc500381abb37decc58f65163e15e9692ef97070f3e98f225c193113
SHA512 4bacf2a35f1722b8af500d17429b79835d77802c4884e710c44cfaf4c27d825bd8503e0c38bf6be1250d2d4cf33e06a39f098593c9fad7bccb6ec080f9571274

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5834194c1fb2fe46e5b2e75cd0d9b587
SHA1 018a9e4da18e8ad0e1f7843602191da67c252048
SHA256 47e120fe49ddf96fdaedf53473406f9fa784bfc745ce9a6cc73a94ffda7399c9
SHA512 04f49562495a3769b83472a1ad5beb962239aea551a92afc7a4945a3dea48a738eebc1e79edef34e13817394598a2883067fd8315406eb62b1046a3c1c200ce6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0724b2769d8cb2d36c625c4094f24a4d
SHA1 6242e3f1c4dcc61bd2f340ab052ae9a0838f6ef9
SHA256 4185034947ddecb817f2f8351ef444d27bda2ef9369d75dbb6412e9b472ad25e
SHA512 2f5833faf8a9e8be31d5aac6fc942de1317ebc052c0c444e6accab25ca51a2aff5d43f627d86ea3790b754c351b267227a59c8d1974b07925aa95026c0a55ae5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 874796afc099e5d2aebc72568e5930d1
SHA1 b0c669ae0eaab4a6e50ff64975cc21caec18ce1c
SHA256 f2645017b441a0887782f9d8ea09e82171e2a4e09826ea4fc7143bacdaf20b09
SHA512 c74fd7ef495867be6bee1e0693c806c87bb4c37abcbfeda890161d9d9267820f43dfd40d8cefd190f3cf9be8b9b6d8d8610bd6459e60e031e91570d06d4acc79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 015c90b7e9832c08cc1c573563a8eb1b
SHA1 f68740c08ae7c08375577e4ef8ba73fb5974545c
SHA256 7e7a83c665a34dc28ffff92b7db756f9c09c13c9b6105d7dd873dcc59c4ff95f
SHA512 6f6f5e2641d8bff2573a98ff45e4c7069c598d4dac70d1014b548daedae9f2acc868fb3db8d5dae8a8a4a50101644df4c884add91491354fd5f9f3b4dcbde078

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7ba7eef2d558df4779e6ada799cad924
SHA1 90360c86c80efeff70e96677381cdd988bfc3229
SHA256 07926efa09d39b0f1dce291c361bfcedb4fb588c57ff7e56a802c5f32b5bdd39
SHA512 1b9fd66dc26e0175b4db675c0ecd4fbe01a76bd3a8241f882e1b95a96940e6929dcc84c9a7fe60bb5cd7ecae31ecc6cd4d2c099c2ab6c32c871fd5062e0d98f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3d61635c250d2a2b0657c01681c85714
SHA1 ee921a04446e30f4f6ea83ddbaf4af64497bac29
SHA256 564532f1ceb5921513698ffeffb9aefbf2ecab67ba83b728e6db9fae464690ec
SHA512 33d2d71ae3885f5d32da9a3edf2fb66155f227db841ae5637488d331c6c8813c1afd7561653db884bb43715305c0695ded76eafb5ec0a8857f443ba31eabdbd0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1ee35ade47622df8ba23b7d3ab81a03c
SHA1 5b6c48c6f58e57676c2b23ee322447698bc55cd2
SHA256 8909fe3a57cc85ed66e2e3692783b0ae3bb2fd86d77312cb02ab29f36d1974b2
SHA512 f5af34ec3fdcba888c670546c425253a7094ceee03efbb7d90ebb3e4c1667dab7fb1afe5e60f79b49f0219534c0876ea84ed162459eb49600bcf72334432ac27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8e4fda3b91dbfcf22ab3fd8b7d573227
SHA1 6439d126f33e6d11e8978178e4eaa2ea1ce53f80
SHA256 8dead01d5469fce6397b96379f12482c36e71211f70210cf3dcf758987332665
SHA512 0b94bf7f23ca298a755cb00718298dbf1ec9f4e0a6440c0d76f7ac452954623722306b52d0287ec0bfb78f44f988c23a0afddf0b7b0452a863fa60371066ab24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0027be2f8eaa7e0f84e4a09845471ce3
SHA1 8ca3cdbd7d45bd170d5408b4aee85b235c854ed9
SHA256 98ec27561d04f46b62172c2ccc04fb79228492b5f63fcf777458d18b9a2493af
SHA512 7921e9530fe850d9a48bdb188855005727884fec06f79eff6b1e937243e720ae36c5d505fdc727611b53742536516456c4a622ed7e77d1e0beb3c2886f2331d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 88aa1bfa2aa3400cc4ad31f39f4f3308
SHA1 3a20dc5e5db92b02208ca376604e5120e65d489f
SHA256 c716f540fa796014979d48ce561a62fd1ae9db18814748bdfc2596e07a48dc97
SHA512 472bf668243afcfb74f684bdc993ef16b4e065cd21a0ddbe7a7b3e80f9025694b28c62f6b57a78175f507f24adfab11f235b29870c584d2ecfd59918871155d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 782722548c44004f4af87a33476386f3
SHA1 6408ac79945354f79f623ab330803071ae0de446
SHA256 1e9df559f280aeef97c1574ad8931084b4419a356afacfe8ae46d3c5716b10a4
SHA512 68627354308bdef436aede2c9e1ed6a2ec517f9cc1f2d367d04dd04227d3b32d97a7b886a52e34c367202610a797124d7f5823982941989df1e365e1654a8f43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9cceb9fcf580235bd155877def7fff4f
SHA1 a81b0d42ea4dd6f910b429c9fa042328824b82ea
SHA256 9e1df6f9c9d415d7e092802908d5706668737da43823725ac3cf67d871dc31bf
SHA512 2a56ea3b0ec40c9c8c99baa864fcdbd4885a39c6dc8638e0ffccf9a829c48fb8624b0e20ab89ff051c7a1772b2b5eff89c64b2c37bb92a276f79ceef73266be6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d7e96cde6f0879c670f65c4a865da414
SHA1 8fa851da4782e40b3516c6d074fd3ef4203bbcd7
SHA256 f4e6e3cbea761e8279a397d48ad3827d46ec70ae714811fcaaf47de2fb800379
SHA512 0532915aec65712cdff7685e52c549d76f713046959e4713f70e7f9e0d84fd047ab0bbcd945156a23bdb39f3c4b5e1e37936a8039e6a3f80f913ef69b636bc4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a4c6c25aacbc909e86d7ad57c5a54824
SHA1 358566cbd3c9ca1b7100cc5c3b960d95f78c4c90
SHA256 0871b6040d3aba01097811c999f324adc4480062996fe2eb4ca0c07efb5d5264
SHA512 a93e2824ffff129c6d7cdf79de319324a3aff7e31bdb82672c2913664b4f65de2b36b6ca13f7adcd7e841ccf0810fe2a25f919bb06ae0cfc8dfb3b358bd7f606

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 99031619d3ed0eccbd57930e01068ebc
SHA1 792b1dc1df150d634dd377d54215ff17faa3289e
SHA256 2b2d0cf73c87a0227153739b4ae9aa6026c05849949b117db00d8271e28ac1c9
SHA512 db63089843dfc2f82b46dded7ae808a898f586c4acf7836fe894ee9760d07b1d9cc18277d1e93b326c3833161362da71bc75355564f68a0fc62cb73c5b59ca97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4b074d5a256be8a5150537d9af185bd8
SHA1 2ae3fa4c6037d3c6b6bbe103ac94ceddc2f4e224
SHA256 2da869c82ff66063a035af995b4bfd5c8009b70694e6b034eda1ce25273c0dad
SHA512 12ce0328a46cd8c600d9e4c36ee1421ae6b8b83cee35829c2ea1f0aee0fefd692a0b5d6316cecb7031a75eeaea417821a8d03b9f7b27f9cb2acaf1e7bd548510

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c517a1ad83f7f88c8df8a08abe94232c
SHA1 bbfb8bab3b392cf6423ea0f7602ba00b114d27e4
SHA256 7b420b757d76483ab920045aabb6f09947844e7efe4bf71becb023477b67ad1d
SHA512 0be1c778eb93735d7069e15a03c740d9feb5bf2db455913ab2eaeed8a0d364980aca7c1804130f77008ad0d0869d2c8ef89896ef8c22938459dbfba303d1c34c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5e37055b93be87e48c1ac9077e307e46
SHA1 7336c208698b0ff05c5bd071838352e84a2098c4
SHA256 7713a3ebb4dfafb1148730cf723fa5d21318814e893777c141b7b213483b58cf
SHA512 3086a91ebe129466e5264c491d312bd3463ce1bbe46ef7cea7d862034d7be185ce27fc8f0cab2e6a66ad8272a15bc557439dfcb73b670a1d368ced3293a51d26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e023fcf678dddb2ce71983e0285a8df2
SHA1 4c12197bd09e60dbad8f1f4663cedccc2ab18e7b
SHA256 dda61b07115e2c2dfc8648b6a15117f1111d7f4d39706a95a2dd36c785bf7c51
SHA512 f043d06f57b7fbcf649f40cf6b83626e9d7f05ae31d467804e08c36fc831001c7087505d59d6132b07fedb9a5c49f67d709c7d8c5d4529928a82c29334c0ad5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 de0f4b9d1549c3ccad70d9df4b8eb03a
SHA1 aeb795311fdbd481faf3b3ab98ef24e227f2f4db
SHA256 ce797a7a85754342ef3d38c7ccf6cf2b9cbd119aa13022e4698435b5fb099530
SHA512 8bbb7b1f458dd798d9f4e5a5aebd5ba677b597c14a798bc9718cd24dc92319c64fd6d227d5a2f71723a7a6b598c804858b10d8871720b0166b9eb154237c0dae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d03a08d05f245f448cb55db9d7584452
SHA1 689db19188e406323f8eaed1950176dd94a915e8
SHA256 850582b914fc2e51bc225cc11ec4639750f44a14d6bef82036e9b43e00ad41a8
SHA512 fd603a8729c6d271e11ef767fc3d6a40fa7548e6bbdd832b831cbf9ad44cd8075f5f12e3559efd7d210030b68df393bdad07ff62190ad244b453645cd49076c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ae28b32c1494ce4071040c1806cffafb
SHA1 3f16c81d09e821c6f84fe66fa9c8a05e2eb44496
SHA256 4422bb6280bb4d01e0567a3b0e66a147538562fda6ec1f4d95e3f9dafacd6641
SHA512 7e89d4baa0d6fb8d598c56ebec384a5537d366b0d20cb15b64a72c04a1977c8b61ee68bf60afe5c4974b1cdc09fd35c29377f774291d2690d3e4da9a2d58ec37

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-19 18:55

Reported

2025-01-19 18:58

Platform

win10ltsc2021-20250113-en

Max time kernel

182s

Max time network

182s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/XAKEP-1lly/NjRat-0.7D-Green-Edition-by-im523

Signatures

Njrat family

njrat

njRAT/Bladabindi

trojan njrat

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Server.exe N/A

Reads data files stored by FTP clients

spyware stealer

Unsecured Credentials: Credentials In Files

credential_access stealer

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4760 set thread context of 4984 N/A C:\Users\Admin\Desktop\Server.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133817865571100766" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0 C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\NodeSlot = "7" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0 C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000002bdffb79c065db015bea80fec865db01bf4b83fec865db0114000000 C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Key created \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
N/A N/A C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
N/A N/A C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
N/A N/A C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
N/A N/A C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
N/A N/A C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
N/A N/A C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A
N/A N/A C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 380 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 380 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/XAKEP-1lly/NjRat-0.7D-Green-Edition-by-im523

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffe4549cc40,0x7ffe4549cc4c,0x7ffe4549cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1992 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1556,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2080 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2472 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4484 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4464,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5100 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe

"C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition by im523.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=500,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5312 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5196,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5280 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x458 0x414

C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /alignment=512 /QUIET "C:\Users\Admin\AppData\Local\Temp\stub.il" /output:"C:\Users\Admin\Desktop\Server.exe"

C:\Users\Admin\Desktop\Server.exe

"C:\Users\Admin\Desktop\Server.exe"

C:\Windows\SysWOW64\netsh.exe

netsh firewall add allowedprogram "C:\Users\Admin\Desktop\Server.exe" "Server.exe" ENABLE

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5192,i,7422161322254930133,15329985255625238868,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5116 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" -f "C:\Users\Admin\AppData\Local\Temp\2843391"

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.11.108.188:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 20.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 131.50.22.2.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
GB 20.26.156.210:443 api.github.com tcp
N/A 127.0.0.1:5552 tcp
N/A 127.0.0.1:5552 tcp
US 8.8.8.8:53 144.50.22.2.in-addr.arpa udp
N/A 127.0.0.1:5552 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
N/A 127.0.0.1:5552 tcp
US 8.8.8.8:53 dl.dropbox.com udp
GB 162.125.64.15:443 dl.dropbox.com tcp
US 8.8.8.8:53 dl.dropboxusercontent.com udp
GB 162.125.64.15:443 dl.dropboxusercontent.com tcp
US 8.8.8.8:53 15.64.125.162.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a19973cb6826c406cd2b18b5780f5f15
SHA1 b4278946e6cb86353ee74889cbd4507cb610c10b
SHA256 4ad7a9a45a4e073291c91d948e5d5ca7eee37b95a3db145a78e1fc2d773832dc
SHA512 e226473e405ee5a486cda22f1c687e70e1cf59552b6b398ccb414202a8eddba8b272e8ea7e5bd632849c1de3e5cff7c7a4745010204ebf47434cb3d8e7f8e892

\??\pipe\crashpad_380_XYCHECVLJFUEQWOT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1a5c4bd279aab207525a8ce7607ddd96
SHA1 09fb03c8b4080b5f43556b7653726d38761f6abc
SHA256 a9796cc861b052b810f1d21bb57ca430058c3806bd17d22830ef33587249ee7a
SHA512 0ca0c6327373e1c6bc770cc3d2981803e710fef9d6ecd49752b8ff2c876e26cb316551b45a7e643ad42be1461ebb6b61e6fd993c1970a093527a6ed313ca5ca0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aa62d3fcb2e97a355998f12940e0c907
SHA1 f2c9f7ded746a6f543741ef402033227341246d6
SHA256 d62ca9d94f5c7394aeaa2517017c2a2c40efe85a4db15306f081be0084b8a09e
SHA512 eb3b5f80718e112134b0f770742137a301b4dd56603bf0238b46ebe160e363fbf1e06a2a380d2e94b6ad84b731ca3c6e5b4712058696f96485f458416eb1f430

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1089d7963d01898c730f1f2d531e690d
SHA1 9fb72f3a41dda3136c467fca9a0c86395df1d71a
SHA256 d0e49c1abba435a4c649170062fff847a0572f5f81795ade762558a1329bc286
SHA512 b348e6c3c26476b63a6b2ad0b15dade394b12e28e01ae1dccd95414c388e8516afe07c1b8b3b442f04e599d745aaa6ed32b5bf8cea1a050f4fc87f376c7f5564

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 775cf807de1aac4e25d8164d98d05f34
SHA1 18b1dc3f8e28e5a7f3a2c3ee88c78d1255e86bb8
SHA256 c47848e2f6a26286fcc8be5b40dc6f77870bdabfb27662085de792c7cb44e3bc
SHA512 a5bab9bc65c393b93cf5736f541b4948045ba28897068d68a4cf9306485416f1d8bcf4d2104bfc20bfdd12f045c0eb21dd0ae01738f29c5f9ee9fd35543d58c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d80f4675d723418eae2181fb4f48b4a8
SHA1 4d013f1fc0900e6874b67cce022207c420a1fb9c
SHA256 319d39ba832a12667bc4f6aaaad825bbd291a23186082f08c94ebaec9fdd405f
SHA512 972a7196300d260efb8325560d228d6a7557959de194d3e26187f387d6ccea9db8f89c3e817c664fef6adfced702ef3d498bf55c2baa8d58963922d200ac80fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 53f3e1044ebf98cf003b428cd43282a2
SHA1 370d8bfff82068d589bd1841a3cc95d7f5ac346b
SHA256 ab48f479d1e0ece1ba1bc890561dd0eae209f3d21c4c35202bb1a90e0520b2ea
SHA512 ede05ec5dd7d359c01f0b8ef122106b2cd666c449394ed1a69d28c5a1be9d54e202d417b876d449eff83f7bde5335b9d16e598affa266694f0854ac48a7923d2

C:\Users\Admin\Downloads\NjRat-0.7D-Green-Edition-by-im523-master\NjRat-0.7D-Green-Edition-by-im523-master\NjRat 0.7D Green Edition by im523\NjRat 0.7D Green Edition.lnk

MD5 d42f98173f80e3c8c53ed57c2f559e2c
SHA1 1820360c266fcc912b3ff6ad9354224e36ec5f39
SHA256 77f0c1ce1a36358b3372d43c84102b426604a7b30dfc4ff055757ff4e803775b
SHA512 ff47fd5c495378f8bf171907db7f00cc8cf862ca87e351cca534d3ae82efd3364e7d98e5e285be90f00689efd2822284cf2d7647e3cd1d0fff093f4e10fab231

memory/1140-197-0x0000000074E72000-0x0000000074E73000-memory.dmp

memory/1140-198-0x0000000074E70000-0x0000000075421000-memory.dmp

memory/1140-199-0x0000000074E70000-0x0000000075421000-memory.dmp

memory/1140-200-0x0000000074E70000-0x0000000075421000-memory.dmp

memory/1140-201-0x0000000074E70000-0x0000000075421000-memory.dmp

memory/1140-204-0x0000000074E72000-0x0000000074E73000-memory.dmp

memory/1140-205-0x0000000074E70000-0x0000000075421000-memory.dmp

memory/1140-206-0x0000000074E70000-0x0000000075421000-memory.dmp

memory/1140-207-0x0000000074E70000-0x0000000075421000-memory.dmp

memory/1140-208-0x0000000074E70000-0x0000000075421000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f687329ca07a8394d64bf0f57cdea59c
SHA1 08f0f725b69c2fa5ab08dfe35e0c0b7218225d3b
SHA256 3f9148e53a61f2cf2110b333d9e85d750b9e278eaa5a2931f3c514a8d5eb4cb9
SHA512 ccdd6018bbad62ede7cd6d7f158a21e19e78c2cafa3d454529d9938a0dd3b9e2c44e640e0f8d2ffa5899515f320b67cf2df37082d60c37899401d498eba55c05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4a711095cbf23a1899e862d9709f94f0
SHA1 d02b0472e6d617826e01f57ea042c65851659249
SHA256 d42d6bfff768b1061f805f4f6048a99897757b34fa79a832eef0bf8479f5b688
SHA512 34e6d015abba01ed0853ee0f14a601cbe12179a2bdafb28da28e02c72ad6e9e33cae802f38c278073931a972927596fc7283cb0d075aa41009e60d00faef6885

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 369cb973048b09d64725664d3d08de4b
SHA1 c3d4800b4767629aeac4cb90b6c745c5eee3703c
SHA256 3695aaf4fb56148c2fade3b14e643f00b287e67c608d95af8e1e492407e84ddc
SHA512 4c9249240ff3fe8f8bfe4c7c7c9e1fc7267659ec3c8c167145ab2716341e45655aad9469ff6c601d051458c78dee55a51685bf871ef4cb8e3ed7df18399a8683

C:\Users\Admin\AppData\Local\Temp\stub.il

MD5 8c535860a3e930693bcd0b3208420543
SHA1 7c43801272b18ac958e6099567d37bd93150109b
SHA256 8babcbeaab9bb7b31e4c7bf6ac9493ee5ce154bfb46cbbec9c5b7744bc799b91
SHA512 1fbfea733375df9c4cf737544e73f3216608a5c50443f480ee24705f0a0e4f21cc88b8c1f00badd9716c67ebe31a351890b72eafde784cdd46e5a5533b3690ce

C:\Users\Admin\Desktop\Server.exe

MD5 d74a8bbc4a6ac85068307705d70ef618
SHA1 a03f4e31733e1bb0ca82ad051bbc49b025fc9bfa
SHA256 9c77c88900a7145cd1501d99e706623fc7844cf7d6507b54563108639afd05b2
SHA512 160a5c72dd5fad01ee76dd6c95389e6395a26e198cbd36c12051dccbc54f4923542f07c24c7fae4cb141f4d9470f105fb8c310aad97ca845a082d5fc900acbd3

C:\Users\Admin\Desktop\Server.exe

MD5 ed41233d972ce51739bde1ce338f63d2
SHA1 5d61560d30de215349d7f01fec663f22de95dcc0
SHA256 74a3892c6caa6f95513619cb47c853b3327c4afc837b54c4174defbb8dee3e90
SHA512 43d02b63bed6c1ff825ad196bd8ac3d1e6a20be257f5beb1dc505f6b8bb85f29879c3a447f5438eb14ec55a4f7d52c62c88e258ae82b123e192717f226bb848f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6cf8c99950e9c3dec9267e01b86fcfa6
SHA1 46fd037d8ef024d8fb364ed41fc1b47d04e964d2
SHA256 f99724000d993631080f48b25438cc71aa1e032fe048d2df530af96b5d438904
SHA512 bb54871bd953f50500d49e6691e6bfe727d6768cde9db74567e7d9493947bb6f54f7ed45cda64e5f788f82ac14b26f3305f1a4ea03d788b6d06f582740b2ce21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5ad665bb26a46b7a3c8c341f80e7811a
SHA1 649f843449a13c66d4647382f1c6b3d64b719b4b
SHA256 3cb43b7cbc2dc1a6777ae7cc8fa6d79598dc3d02398684aef1dd4d2e1307ab7a
SHA512 fdf23296733fc6d8f14b71b51fc99c636c59364c6adad70cb68ba0ac9028eba8e0964d8d5546d97cd10cf1f4a9c8ba389217ec88228b8ef3ab88b26da2e7af34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 91162e237eab471d68504e6f6501eb08
SHA1 b2be4aaf59629d53e6441695140ed8a80f3b9015
SHA256 1de06b54c16cc86456204a229e8e9aeae943f07994e5409b88e22915e3a2197b
SHA512 b5662ddfa994af5748668142a5f496a4f98b6988385ff09c61ded5d18c62652f56a105c03a8b740ccf7ec05f896b62f28a7c0a898cf21af67c27c981d61f703a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0b235aff613e851654834eaa9784dd2d
SHA1 5661f1b3cb92af9ebd38455e06e053bcc6c704b0
SHA256 8096e55379ed47d7d398771467cefbc5c0f581ec5155419ae76d3ec8851e3c90
SHA512 006cf8ab621feae7ca321cc6fdeeb79ae1476f308268d10bb11847d818cf827af279420d45374647f6451f10725c198f0612cea357b9956057da9c7372ab97f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cafe1183126e521cffb788c0337e59ee
SHA1 857547bf2277368d6935fc7f5efdb71666bc9fea
SHA256 5ef64f00dd0bce8e5787f1b071e07dd2d514703ed0e258c616687087f3620add
SHA512 c3b4c135516fd05321620e050be3c6f8521b2f2b569f5347c067496ad07e1bae8736cb4fdf03a46288da1e4087ba88f684221dd141273b9a0acbd7d114f32a98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 40db0f6490312ef78548acd85a26ea92
SHA1 8b178fec0167e1ec9d77aa23f2180432a32bfcd8
SHA256 703f4292eb274608893726291b310833babc5f46b5e413f3179771ff3ee0e477
SHA512 c0dc59804bf431c4c2b3ba899e322b06b585e7a2307367150a59dddd8d34dba7fac905dd4cbf3dd0f777f4ac98b8ea6337424be8baee263f271a24d28f828cff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a3dd2e8c00fe12421c2707b5ffdbe878
SHA1 1eb9f88a03d7359b7b38a3f90a02a12e46417e30
SHA256 fd86c68ee5be4f437b5bd9ff81157f430750aa8241cbf58ff3331679adc4d01e
SHA512 d512a2a4151266503032d97366efb8ffc8fdde05ed2bf1ddffd89b994c2243fc82c68a089544265498ccc66b942a5c4c473f1cc638d288bafedbcaf3146381be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8a371a913276617a52f0b4605e4e5aec
SHA1 a876307525ffe03e8695930b7e98254eb1efbb03
SHA256 e01bacec841da5123d8afd2aeb01242af05e02d8d7454b43a434028a1dd1a271
SHA512 ee84ff4566892c201d7a9b352c4dc6d9bb0548b7e04b9360329003f0c07df53e4b3cb261b3fda28ec6efbdf4779023e491958b1827ac93026252ab094442f83a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4ba9da65f68b4c8f8996bd095c9164c6
SHA1 cc179e71f2516839f7bd61904f28d6afa71daf8f
SHA256 6059256ba3995fd968e5d0766b406ac51eeadf7876395affbe46fe7ab6a60f79
SHA512 25d7a5a33fd9df4a06d9c2787aebd8aea36b127b29539d364b5bc262ecf10600bd035fa2cf710e68dd6735fb87704261e286cc87634136da2b7e15a25436ec33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4b5ca13b9fed79dc54ffad8a6e60018d
SHA1 04a59a243ca291fdb6d7f4442ff2319bb0dad0d0
SHA256 9758e48a225f2e534b160ea8f547a655a0ac151937198cd80f715588c4486c0d
SHA512 ebaca5867c1261731a1ddc5971b65461c50e55b214430822d20da73192d8754ab72d1e48eeb5d9ff7ebbbe2703a32c3dd9f10dc585a9f57fabed67e6aa69f563

memory/4984-354-0x0000000000400000-0x0000000000472000-memory.dmp

memory/4984-355-0x0000000000400000-0x0000000000472000-memory.dmp

memory/4984-356-0x0000000000400000-0x0000000000472000-memory.dmp

memory/4984-358-0x0000000000400000-0x0000000000472000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2843391

MD5 6d0e849b0647746facd7c73f03b4d366
SHA1 3138201a6608428b922bd86168b51cf80615bc91
SHA256 c2f229ba47f29fccb6d35a908e887bf97e9e87cdb1110e855d5caa39571e5d72
SHA512 3839589f64141ba269f95e2726dd040ee09b6c9c09f5765dcdba847b02f68fa000b588a272f17e73ac42e81b3bb154535dc20da6dce0682b4b3a1ac2daada86a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5dc60b1e6b6555fcd493f157abd4e267
SHA1 5a06b5798ab95856489bab502dfc1a3820c4822b
SHA256 451e7bb9c9b3a798d0d99941d2764670c51a170503b6131717e908396bca9b9a
SHA512 0e9f9f294f80df45fa4106fe04de65115c69ab00cae3276c8f657417762c24c9467343daa33396a5b811360c3477874fe0d0ba4e24649ac485c5ddca8d177661

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e07efb329431efbaae7a8cdd80de0732
SHA1 fd120ee00004a5b1965aedc2460ebb41c6b22b57
SHA256 09c5075af4c43b1f2c4bb11ec2f361fac7e9908e9ea1e74c509fe7b60a17b6e8
SHA512 658d0d4b0ee80405e65826539be837df43142aa24366c375e8c4ebd964ceec873255babccb741eb3bfc2ea4ab686dda598a9ada5677793b47bfd0017075a695e

Analysis: behavioral3

Detonation Overview

Submitted

2025-01-19 18:55

Reported

2025-01-19 19:05

Platform

win11-20241007-en

Max time kernel

600s

Max time network

589s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/XAKEP-1lly/NjRat-0.7D-Green-Edition-by-im523

Signatures

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133817865572603873" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 892 wrote to memory of 408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 2600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 892 wrote to memory of 3716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/XAKEP-1lly/NjRat-0.7D-Green-Edition-by-im523

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9811cc40,0x7ffe9811cc4c,0x7ffe9811cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,17944134711075506341,3202047339546324535,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1792 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,17944134711075506341,3202047339546324535,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2084 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2144,i,17944134711075506341,3202047339546324535,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2252 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,17944134711075506341,3202047339546324535,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,17944134711075506341,3202047339546324535,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4548,i,17944134711075506341,3202047339546324535,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4700,i,17944134711075506341,3202047339546324535,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4784 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
N/A 224.0.0.251:5353 udp

Files

\??\pipe\crashpad_892_YLHIOEWXHZDBRLUE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 cf52a102cf3a59f60aefe7addedbe5b3
SHA1 b0baf730d93b8f9fe79f0c5ea0e8958dc9824a47
SHA256 a1e59d6ad3b8ddb0f97e7b154ea26494888b929157937fcb1751b11f38943483
SHA512 9e5306fd276347862206099a8da1f262c755678072a74603545efece2f2d09973c615056e855a8d04f46f2904eb220609e195478a53ddc034fc926a75e5183ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 12e334a235d381391bb86c37f07c0c3a
SHA1 338e32b48d3e13efbab31cc8aaf3a48368e40264
SHA256 bd901eed06db045ef950787b1470c0739fe18fd214f34c670bd51453ea79128a
SHA512 e843478a2264b240e1b80aa1ddfbf2e86e3295b25bed4c407ac64e35cbd362a0f59c32a18847c19e61bd9491ba52ce59b09bb728e5bc80050f462eab2e498495

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 816fbae47f89ebe1a5ad7cf15c7cbe96
SHA1 5abcb11f8daeb7b8e235479d07ca2e30da919549
SHA256 d2f1f301997d68e8402bac74a34644084a12cce189273dffb35ddfc9944d49b7
SHA512 d328af33f91ed407438c17086d7bdb7fea15343ce73046911c6737ce9639613b05a42f98f1577dddd7793b55c082dc614724eb34c5e69f5fa55e025a9d82e004

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f1c05abe3e236871e972f63014972a4d
SHA1 21ee282399829844f9682224c0ca434825a47b00
SHA256 9db6b9ad71d91a9af4abb7658f1d35646f6e4ded0cbca078160c106effae259f
SHA512 eadf3057f559ecfaa2a806becbf1b9e94c792a973013a927e9b98edbf9f6a6dc5b08f9fb54b1c05c16aceadb39328a2e689bbcfc4d9b52b572eae6e5640097b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ab6b8bbc83e53431c280687ed35cb83f
SHA1 c0a8dfa698b9583c6ec463373ca7cd6928f30b68
SHA256 8a82b49b2477993a07cbdce09df220c881b967099dfac85c8040bed7c51c8041
SHA512 a2e34a89a084b2db243eb154d41b7de7017c24c8b96b3e81fb5bfa4d3e16e8b6098b6c04f004881552bec9611bd970aff4df0591cd66e882ce1e5f4ccbb7df50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 89d3ffd74fc75cd85b18f309a6768e87
SHA1 0cf9538b8ee1c9a7c2717c76911a941d088de64e
SHA256 86220a3accec416b080e39f2c9471a3cee707a8525e039b8dd29bd63bf901430
SHA512 14f1c4c24c16a5c5bb1674621990ca4950bd44e275b07cea7e31f36527517be9626d3a129b508134baada287f4020a4356d2abd9df2c39db8f6a5ef2b4fc6e09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 df17ed148be33b7c85d00d7380b8921a
SHA1 2f480263ad11b9d232a75f61074ed6eec3f521ab
SHA256 2235f62267effa1871614d4e3356225030f5b1b62446b5c03dd72f323a709986
SHA512 33ed415de0d68519c46eec6aad3de52180a4b813acf089f970c8cb72dd1c7fd38fcbe75bbf2bf10287eaced2d07f9dd2e44c76210498b08b4395e9a39a10a9df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 76313dec81760fe9818fe0301576df67
SHA1 e0b74c7c05459f0058e5978c9c0354f44b9f9c0e
SHA256 62056e21dcd9e05c540dd702db7ef146d65481d756e2a246c4b0214fde89a0a3
SHA512 a65b3c157bf92850b8134524043121da3cd3aceeffae4c42a3f7f64457df5649855fe41187e262f2ad0b26f8dd67343842b91307f5c87398f2421e082a398c88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a3f2b3c71c48bc0400fc0680daaac9bb
SHA1 ad4192c932ae927a1057cdec08d51e0611960fc7
SHA256 52f358f5cb6bbe4bcbc77f111a88f15e6f79cd611f053cdfb4c8edddf07d656c
SHA512 108dc2039e49e04e51f567face31e72357656cf13fe71cdd18f08ad036224719910da9f16288620319df9e0766e99c2f8eda6d8d0475604f2e34197442429afd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e1d2a33c7a7b60f4c48bb6a712028f89
SHA1 b91ad1f4544213ceaa3887ee786cf6d833f037f4
SHA256 e48032d9134e309496464b42f6a775d6c962d69c7d5aab6664f671eb5bb002d1
SHA512 f3d0fe90ffc2ba663405a5e465c30f73b0b85898d76663462efc5218a41e2b02cd3f98603a15c9063ff67075fd550dfbaa73c01b42d7f750eafb679db60d3043

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b0fdeb01f69ee1ab493afea738639d58
SHA1 8df736728ddb782a46c62b17cf8059ae4ad96913
SHA256 1fb200ea46b08179d299f400e6617b4f3e7fdd54d56d795de11341c5f557f0d2
SHA512 640f2bd76eb4f9ca394c680f52a36238307c84227eb98866261cc969c6e48a3c7df35a2556eb052ceecdb2295a867b337eb2b6e3938db093e6cd49f0c16e63f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 62f5e3e29ea3f5caa9268e89ba08c445
SHA1 0d79025b22da080b1867110317bab14fb6a11180
SHA256 1841a9e09cafd24d2ffc925ab8ed0ddb664b4ab4ebfaf3df3a230ac4cfe27f18
SHA512 8729376a71f5c6bb0735aa3a6effa62b788700489c69735aca5222a32068de5dffb9ac34ff56c179bca68b895624778b1cffd2dafe814f00b283a4bfcae142e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d62b936af2312ad84e98e7431c39dc06
SHA1 93ae1b378e8bbbb9d09201ae170ca02d2ede96cb
SHA256 c0c237506a98fa566d4df4b6125489900eadd9381b1b5b1243b74578b25c1c05
SHA512 5348af8237c7069fa5e51947c3d3beed04419e5f4b33f481e832775d2018633e1df8694db46e22e1da9434d55f8150e6c4f195ed16213e9b16a1aa50bf004e8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5564559b576fd7b6684a6de40bda763d
SHA1 39a41bec0a8a86704e82905d47e730fbfb030065
SHA256 ec8a801fc8cad3a69f173d9c620ad50daf013716267bb05799adc9b06dd5b5e7
SHA512 1f7da78fa0abdab43f78551f70f43a3687bbbab903951f1e1457bcb73037893bcdd90c95b84aaf76cc541239d0e850c43f6d314f4b212b57e37553278931486b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d69730b6ae2288359e32746437026cf4
SHA1 6049906ab30ade1257738a9c83e1009e31b15b93
SHA256 1be5bfbb8f24d23724b3e207b2092366fe2cd971224a7202222e81f603b688e7
SHA512 1f795700d71386a1d64a3ecc2ae7e2c22b43dc610ae44e382eb08aeb8572b221bce31cb17208ea9738eee2cdd08f7faff2dddbe71a7c142662aeed366fbbbc23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bc8c432fb54d6defb2749c650023398f
SHA1 74464b9f7873558953b491fec99a75a2bed61182
SHA256 9cef9455aa941201cd04828e4cfb04155c7f4d3b746adf47c981abe0022c5a4a
SHA512 e64a4225999bef009882688ec9ab6ecc7e07c5fc3a7070031b896cebc50af25bdc298126e4148dada50fa889274c925df52ee7be9930b660355001eae385895e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 08ca6499f6d0ea48cb3363dca1dc9bf9
SHA1 5bbbc1eb27a2c0374ec37718db241a88f0c77c80
SHA256 bf9091d8b7b087bdad1d5962e7acf94ab80d53d66746127b7b1c2d2d80bd0259
SHA512 18c635fbb3943ba265a212117b9e88fdd1c2702ee568948bb4aa1b2852c6630f78fa94b90847aa72fa2f1a0d9c66fa61a1208354994b17e76b2f70f615c87d96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 33c155d8e6b6f608e79050b0fb11cf6b
SHA1 9bfefe5c368c4dc31cc49a9c3e53ebb3c5c01cfe
SHA256 910d87dc883438bac95f2a8a83926714b7c421ebd44b23e63e7387ba29eb4840
SHA512 cb96f28586446ef11fa731c3d7141438f66a95f5669f6ee659c4936587bf64211d87803a1acb62a0b4a166b3f615468990c445f25d13a7b67ac9d3940be0b11b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7d26218b91bd6128123dd87f6321dbc8
SHA1 a0ac9b851d0f4aea0bacb2221323e0d23184cfec
SHA256 ee5112b3a71f0e7c0ed6c9c7c88e4642d5c387e53070d0557e44d82819bd5395
SHA512 a4450599f3692d6700234cd5e3361ba76d1eea8cdf41a7718e0f13ffc87e40eeff916411b4dc1e812c10d63b5875da746546092083626f7cc9af08f236196a41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bb9e50bbf18543273598b6b2512618ab
SHA1 c51ce9b340ac4599767fe5effa22549a31b0d244
SHA256 f653ce8dd3e956d7ec7dd5e0a4f8891bd8390e09c0529c67c083ac780625fa77
SHA512 1c49ed31e06cf8ec1c7b97585ee22f2afc086e99e66be287174dea06430a112aef7f0991ba8fc77f58bee66d700bd94bbd632aac73fedd264a56a24da3292443

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb1184f193aeed72e767156dab96aace
SHA1 df33b560b7bf94ef93a869f1ba5541c842eb1266
SHA256 aff02298e6ba44b172fffd4a36e8a96076799dab5e1e52946137f95c47cc1f1f
SHA512 d1afa7fd6fb2a0ea082ca5120b9cf1fc73a09b2b9741083d354410a9f40cf6a5b6ac599428b91dc088d0708600e21dad24947aaeb25209b12aa5a6c651436edc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f9cb6b48a8a642cefa9924316c77438e
SHA1 7fd791286b86a711fedd2c6d59743df45b8873d5
SHA256 5338ff8c941fb025ac07bfa6c81a17624c20aa65d80d1d5fb6b7732a57eaf1a8
SHA512 08fb3622383eef108b1bda830d7024e0c85e4dd83c1d4b637110fd2312d6dcef354d8622cf1c54ed9a824ff8ffbceebf5fcae4385c1e337b46e066185c5404f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cd438ba64ae49e7a7f405891c0be0914
SHA1 02f5cef33321f2b0ebf09f2089ca1b790e95fd93
SHA256 779a43f8328dca1da14e2526fcf64209e61818e21f5b1b0df3b23e6df35e441d
SHA512 71a4f0eca434f9c26c2b6985a320e173286a067430415ce619ac9ed2b11d5f398397bdb9c14016f54e16beef82747b48facd5036c67e2f902bd51f3b958d8d88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cf05b7d9b44119471355063f7db009ba
SHA1 40d7aef235e9b7352328a4b9569d9c8fe749fd16
SHA256 b82bb9bb5eb8cc4e4ade1f9cadeac0eade1a0634df624c99f135b1dcf7e40ac0
SHA512 4a0925e84c8bd657bcdebcd5491ab11769865062a8e1df0abf0bb6d397db05683bd9081f56b9f3f463bf01d8fdd6228d639895001f442f061426aa370e27aea5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8bcd7cd2ea17d551b7ed753bc4820ee8
SHA1 d6e9e78f302d708160827544bb918f8361ea92e7
SHA256 56a6c918c5a5ba6f3ea224027996522981537d5c5f0381764e380dea10691c1a
SHA512 8cb040c8f832304ea2781d0e5bdef0b9145de0c7184260544f771c2c68328e453d3c30b0203dcd681391b6bdc2bafa106e3ba95b1b021c1e33c80bff992f8efe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 24b04e5228bd1f351fc4dfa9492ab4ec
SHA1 94781507e35a332269a9efc6fe296970dea7242d
SHA256 26cfbca14a039232b7a1bfcf83f476eb8ad204287f297c11c15742b763ef9e9c
SHA512 5118d34f62b8da61d5fdd2eda2018a462fde61ad4ee9a0b5a8fb18c9c2bfef258c41e5a193dd42f76f0d0837add720f3a43ba6726a3ebc8ca6232c145b5eb445

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eb594f5aaefc8438d7a8dba51d461b7d
SHA1 3a4e72afe0f34ef74c68a4b096e613ce1aa48765
SHA256 4c698e5da9f45813531fde9c5ab711971eafec24187a1349a18fa7c8b897cf56
SHA512 544c765d36d397c4a2a73247d8800d8da5c2059e3478d37d716a3759992629ca8516056926c8a0a625786f95d59a644138ec40a64d456506ad6d62606f6a6b85