Malware analysis Server.exe Malicious activity | ANY.RUN

Add for printing

File name:	Server.exe
Full analysis:	https://app.any.run/tasks/0e439623-e7ed-4698-bb62-68fe6b689c15
Verdict:	Malicious activity
Threats:	njRAT is a remote access trojan. It is one of the most widely accessible RATs on the market that features an abundance of educational information. Interested attackers can even find tutorials on YouTube. This allows it to become one of the most popular RATs in the world. njRAT ist ein Trojaner für den Fernzugriff. Es handelt sich um einen der am weitesten verbreiteten RATs auf dem Markt, der eine Fülle von Bildungsinformationen bietet. Interessierte Angreifer können sogar Tutorials auf YouTube finden. Dies macht ihn zu einem der beliebtesten RATs der Welt. Remote access trojans (RATs) are a type of malware that enables attackers to establish complete to partial control over infected computers. Such malicious programs often have a modular design, offering a wide range of functionalities for conducting illicit activities on compromised systems. Some of the most common features of RATs include access to the users’ data, webcam, and keystrokes. This malware is often distributed through phishing emails and links. Malware Trends Tracker >>>
Analysis date:	February 20, 2024, 11:17:27
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	rat njrat bladabindi remote
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5:	87CFFA1480A27B5897CC9FEA84D8F383
SHA1:	C1BA390B8640F9FB72ECF2296216AA13CF244E69
SHA256:	F2F986DCEE9E3181984C43D4D9CCDAF02F2C16852BA7FFCDF0E4657F35C257E2
SSDEEP:	768:fxgSd6jMiTfj8jLs7FjBtjZyIsLNdeH1cVtsnY8/o/bJ:fx8MiT78jLspjfZy1U1OtsnY8Q/b

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- NJRAT has been detected (SURICATA)
  - Server.exe (PID: 3668)
- NjRAT is detected
  - Server.exe (PID: 3668)
- Drops the executable file immediately after the start
  - Server.exe (PID: 3668)
  - Skype-Setup.exe (PID: 3912)
- NJRAT has been detected (YARA)
  - Server.exe (PID: 3668)
- Connects to the CnC server
  - Server.exe (PID: 3668)
SUSPICIOUS
- Connects to unusual port
  - Server.exe (PID: 3668)
- Executable content was dropped or overwritten
  - Skype-Setup.exe (PID: 3912)
- Application launched itself
  - Skype.exe (PID: 2692)
- Reads the Internet Settings
  - Skype.exe (PID: 2692)
INFO
- Reads the computer name
  - Server.exe (PID: 3668)
  - Skype.exe (PID: 2692)
  - Skype.exe (PID: 3516)
  - Skype.exe (PID: 2152)
  - Skype.exe (PID: 1808)
  - Skype-Setup.tmp (PID: 2724)
- Checks supported languages
  - Server.exe (PID: 3668)
  - Skype.exe (PID: 2692)
  - Skype.exe (PID: 2208)
  - Skype.exe (PID: 3516)
  - Skype.exe (PID: 2152)
  - Skype-Setup.exe (PID: 3912)
  - Skype.exe (PID: 2972)
  - Skype.exe (PID: 1808)
  - Skype-Setup.tmp (PID: 2724)
  - Skype.exe (PID: 2576)
  - Skype.exe (PID: 1864)
  - Skype.exe (PID: 3984)
- Reads the machine GUID from the registry
  - Server.exe (PID: 3668)
- Manual execution by a user
  - powershell.exe (PID: 2304)
  - Skype.exe (PID: 2692)
- Creates files or folders in the user directory
  - Skype.exe (PID: 2692)
- Reads Environment values
  - Skype.exe (PID: 2692)
- Reads product name
  - Skype.exe (PID: 2692)
- Reads CPU info
  - Skype.exe (PID: 2692)
- Create files in a temporary directory
  - Skype-Setup.exe (PID: 3912)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

NjRat

(PID) Process(3668) Server.exe

C22.tcp.eu.ngrok.io

Ports17486

BotnetHacKed

Options

Auto-run registry keySoftware\Microsoft\Windows\CurrentVersion\Run\Windows Update

Splitter|Hassan|

VersionNjrat 0.7 Golden By Hassan Amiri

No Malware configuration.

Add for printing

TRiD

.exe	\|	Generic CIL Executable (.NET, Mono, etc.) (56.7)
.exe	\|	Win64 Executable (generic) (21.3)
.scr	\|	Windows screen saver (10.1)
.dll	\|	Win32 Dynamic Link Library (generic) (5)
.exe	\|	Win32 Executable (generic) (3.4)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2024:02:20 11:16:30+00:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	8
CodeSize:	41984
InitializedDataSize:	1536
UninitializedDataSize:	-
EntryPoint:	0xc38e
OSVersion:	4
ImageVersion:	-
SubsystemVersion:	4
Subsystem:	Windows GUI

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

1808

"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1472 --field-trial-handle=1320,i,8268601547305593478,14855251581328664018,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\Microsoft\Skype for Desktop\Skype.exe

—

Skype.exe

User:

admin

Company:

Skype Technologies S.A.

Integrity Level:

LOW

Description:

Skype

Exit code:

1073807364

Version:

8.110.0.215

Modules

Images
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll

1864

"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1320,i,8268601547305593478,14855251581328664018,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\Microsoft\Skype for Desktop\Skype.exe

—

Skype.exe

User:

admin

Company:

Skype Technologies S.A.

Integrity Level:

LOW

Description:

Skype

Exit code:

3221226091

Version:

8.110.0.215

Modules

Images
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll

2152

"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --mojo-platform-channel-handle=1520 --field-trial-handle=1320,i,8268601547305593478,14855251581328664018,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\Microsoft\Skype for Desktop\Skype.exe

—

Skype.exe

User:

admin

Company:

Skype Technologies S.A.

Integrity Level:

MEDIUM

Description:

Skype

Exit code:

1073807364

Version:

8.110.0.215

Modules

Images
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll

2208

"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Crashpad" --url=appcenter://generic?aid=a7417433-29d9-4bc0-8826-af367733939d&iid=ad142ee9-ecfe-4580-ec0f-259fb963ccd2&uid=ad142ee9-ecfe-4580-ec0f-259fb963ccd2 --annotation=IsOfficialBuild=1 --annotation=_companyName=Skype --annotation=_productName=skype-preview --annotation=_version=8.110.0.215 "--annotation=exe=C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=19.1.8 --initial-client-data=0x324,0x328,0x32c,0x320,0x330,0x7c8c2d8,0x7c8c2e8,0x7c8c2f4

C:\Program Files\Microsoft\Skype for Desktop\Skype.exe

Skype.exe

User:

admin

Company:

Skype Technologies S.A.

Integrity Level:

MEDIUM

Description:

Skype

Exit code:

Version:

8.110.0.215

Modules

Images
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll

2304

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

—

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows PowerShell

Exit code:

1073807364

Version:

10.0.14409.1005 (rs1_srvoob.161208-1155)

Modules

Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll

2576

"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1460 --field-trial-handle=1320,i,8268601547305593478,14855251581328664018,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\Microsoft\Skype for Desktop\Skype.exe

—

Skype.exe

User:

admin

Company:

Skype Technologies S.A.

Integrity Level:

LOW

Description:

Skype

Exit code:

3221226091

Version:

8.110.0.215

Modules

Images
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll

2692

"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe"

C:\Program Files\Microsoft\Skype for Desktop\Skype.exe

explorer.exe

User:

admin

Company:

Skype Technologies S.A.

Integrity Level:

MEDIUM

Description:

Skype

Exit code:

1073807364

Version:

8.110.0.215

Modules

Images
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll

2724

"C:\Users\admin\AppData\Local\Temp\is-A9TSJ.tmp\Skype-Setup.tmp" /SL5="$11021C,88729071,404480,C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Skype-Setup.exe" /silent !desktopicon

C:\Users\admin\AppData\Local\Temp\is-A9TSJ.tmp\Skype-Setup.tmp

—

Skype-Setup.exe

User:

admin

Integrity Level:

MEDIUM

Description:

Setup/Uninstall

Exit code:

1073807364

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-a9tsj.tmp\skype-setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

2972

"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --mojo-platform-channel-handle=1468 --field-trial-handle=1320,i,8268601547305593478,14855251581328664018,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\Microsoft\Skype for Desktop\Skype.exe

—

Skype.exe

User:

admin

Company:

Skype Technologies S.A.

Integrity Level:

MEDIUM

Description:

Skype

Exit code:

3221226091

Version:

8.110.0.215

Modules

Images
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll

3516

"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1296 --field-trial-handle=1320,i,8268601547305593478,14855251581328664018,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\Microsoft\Skype for Desktop\Skype.exe

—

Skype.exe

User:

admin

Company:

Skype Technologies S.A.

Integrity Level:

LOW

Description:

Skype

Exit code:

Version:

8.110.0.215

Modules

Images
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll

Add for printing

Total events

7 414

Read events

7 359

Write events

Delete events

Modification events


(PID) Process:	(3668) Server.exe	Key:	HKEY_CURRENT_USER
Operation:	write	Name:	di
Value: !
(PID) Process:	(3668) Server.exe	Key:	HKEY_CURRENT_USER\Environment
Operation:	write	Name:	SEE_MASK_NOZONECHECKS
Value: 1
(PID) Process:	(3668) Server.exe	Key:	HKEY_CURRENT_USER\Software\Windows Update
Operation:	write	Name:	1160d9aa3de4ef527f216c0393862101
Value: 4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000504500004C010300CE20A9520000000000000000E00002210B010800002A000000040000000000006E49000000200000006000000000400000200000000200000400000000000000040000000000000000A0000000020000000000000300408500001000001000000000100000100000000000001000000000000000000000001449000057000000006000001000000000000000000000000000000000000000008000000C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000080000000000000000000000082000004800000000000000000000002E746578740000007429000000200000002A000000020000000000000000000000000000200000602E72737263000000100000000060000000020000002C0000000000000000000000000000400000402E72656C6F6300000C0000000080000000020000002E0000000000000000000000000000400000420000000000000000000000000000000050490000000000004800000002000500083200000C17000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002E720100007080040000042AF602280300000A02167D0300000402730400000A7D050000040272130000707D0600000402167D0700000402167D0800000402730500000A7D090000042A3A020F0128050000066F030000062A5E02280300000A03800A0000047E4700000A80100000042A0000001B3005008C00000001000011027B050000040D09280600000A730700000A0B038EB7280800000A7215000070280900000A1304120428050000060A070616068EB76F0A00000A070316038EB76F0A00000A027B050000046F0B00000A076F0C00000A16076F0D00000AB7166F0E00000A26076F0F00000ADE1E09281000000ADCDE1525281100000A0C02177D03000004281200000ADE002A011C000002000D00606D00070000000000000000767600150B000001133002000D00000002000011281300000A02506F1400000A2A000000133002000D00000003000011281300000A03506F1500000A2A000000133002001A000000040000110225FE0708000006731600000A731700000A0A066F1800000A2A00001B3005006E02000005000011730700000A0D160C156A0B178D160000010A027B05000004027B01000004027B020000046F1900000A281A00000A6F1B00000A130F120F281C00000A13041D8D0E00000113101110167219000070A21110177E04000004A2111018027B06000004A21110197E04000004A211101A1204281D00000A280800000AA211101B7E04000004A211101C1204281E00000A280800000AA21110281F00000A13050211056F040000060225FE070A000006731600000A17732000000A130611066F1800000A027B030000042C05DD3C010000027B050000046F2100000A172F13027B050000046F0B00000A15166F2200000A26027B050000046F2100000A16FE0339F700000007156A337472130000701308027B050000046F2300000A6F2400000A13071107153305DDE000000011071633351108282500000A0B7213000070130807166A330E0272130000706F04000006156A0B027B050000046F2100000A163E5FFFFFFF2B8B11081107282600000A282700000A280900000A13082B93027B050000046F2100000A17D68D160000010A07096F0D00000ADA130A068EB76A110A310E110A176ADAB717D68D160000010A027B050000046F0B00000A0616068EB7166F2800000A130909061611096F0A00000A096F0D00000A07331B156A0B02096F0C00000A6F09000006096F0F00000A730700000A0D38C8FEFFFFDE0F25281100000A130B281200000ADE0002177D0300000402177D08000004027B050000046F0B00000A166F2900000ADE0F25281100000A130C281200000ADE00027B050000046F2A00000ADE0F25281100000A130D281200000ADE00096F0F00000ADE0F25281100000A130E281200000ADE002A0000416400000000000012000000E9010000FB0100000F0000000B0000010000000018020000130000002B0200000F0000000B000001000000003A0200000D000000470200000F0000000B0000010000000056020000080000005E0200000F0000000B0000011B3009003A02000006000011020F016F060000060B077E040000041516282B00000A0A06169A13041104722100007016282C00000A1640B00000000213051105280600000A02177D080000042B0617282D00000A027B070000042DF202167D0800000402177D070000040225FE070B000006732E00000A732F00000A0C08198D010000011307110716120606189A72250000701516282B00000A169A283000000A06189A72250000701516282B00000A179A283000000A283100000A11068C04000001A211071706179AA211071806199AA211076F3200000ADD670100001105281000000ADCDD5A0100001104722900007016282C00000A1633330213081108280600000A02177D080000042B0617282D00000A027B070000042DF2DD240100001108281000000ADCDD170100001104722F00007016282C00000A16336406199A283000000A130911092000080000331D06199A283000000A161606179A283000000A17280F000006DDD7000000120A06179A283000000A06189A283000000A283300000A110A283400000A06199A283000000A16161616280F000006DDA30000001104723300007016282C00000A16332706189A283500000A06189A283000000A16280E000006B406179A283000000A16280D000006DE6C1104723700007016282C00000A16330B027B050000046F2A00000ADE4F25281100000A0D021B8D0E000001130B110B16723B000070A2110B177E04000004A2110B1806169AA2110B197E04000004A2110B1A096F3600000AA2110B281F00000A6F04000006281200000ADE002A0000414C0000020000003900000099000000D2000000080000000000000002000000F90000001C0000001501000008000000000000000000000017000000D3010000EA0100004F0000000B0000011B3005004501000007000011160A383201000017282D00000A027B090000046F3700000A16FE02027B070000045F3912010000027B0500000413051105280600000A140B027B0900000413061106280600000A2B19027B09000004166F3800000A0B027B09000004166F3900000A027B090000046F3700000A1633D9DE081106281000000ADC027B030000043AAA000000730700000A0D078EB7280800000A7215000070280900000A1307120728050000060C090816088EB76F0A00000A090716078EB76F0A00000A027B050000046F0B00000A096F0D00000A6C2300000000000004405A283A00000AB76F3B00000A027B050000046F0B00000A15176F2200000A26027B050000046F0B00000A096F0C00000A16096F0D00000AB7166F0E00000A26DE1625281100000A130402177D03000004281200000ADE15DE081105281000000ADC027B0300000439C3FEFFFF2A00000001280000020047002B7200080000000000008500941901160B00000102003600FB310108000000001B300400B40100000800001103178D010000011308110816168C21000001A2110814283C00000A252D052611092B0A790400000171040000010C03178D010000011308110816178C21000001A2110814283C00000A283D00000A0B03178D010000011308110816188C21000001A2110814283C00000A283E00000A0A0873110000060D38FA00000017282D00000A027B090000046F3700000A1640E30000002822000006130511052D05DDD3000000730700000A130472410000707E04000004077E04000004283F00000A13061104120628050000061611066F4000000A6F0A00000A110411051611058EB76F0A00000A027B09000004130A110A280600000A027B0900000411046F0C00000A6F4100000ADE08110A281000000ADC11046F0F00000ADE5D25281100000A1307021B8D0E000001130B110B16723B000070A2110B177E04000004A2110B18724B000070A2110B197E04000004A2110B1A11076F3600000AA2110B281F00000A6F0400000620D0070000282D00000A281200000ADE00027B08000004027B030000046039F4FEFFFF027B09000004130C110C280600000A027B090000046F4200000ADE08110C281000000ADC02167D070000042A012800000200F4001408010800000000000093008619015D0B000001020097010DA4010800000000133003004600000009000011734300000A0B07036F4400000A100172130000700C0313051613042B1F11051104910D081203725B000070284500000A280900000A0C110417D61304110411058EB732D9082A00001330010044000000000000007F0B000004FE15250000017F0C000004FE15250000017F0D000004FE1525000001734600000A800E0000047E4700000A80100000041F0A80110000041F0A80120000042A13300100130000000A000011281A00000A6F1B00000A0B1201281C00000A2A0013300100060000000B0000117E0A0000042A0000133003002E0000000C000011284800000A0A16068EB70D0C2B1A06089A6F4900000A0216282C00000A16330406089A2A0817D60C080931E2142A000013300600FB0000000D000011027E10000004284A00000A39EA0000000F00281D00000A0F00281E00000A200B200E00734B00000A800F0000047E0E0000046F4C00000A0280100000047F0B000004FE15250000017F0C000004FE15250000017F0D000004FE1525000001167E1100000417DA0D0A3886000000167E1200000417DA13040B2B701202066C0F00281D00000A6C7E110000046C5B5A283A00000AB7076C0F00281E00000A6C7E120000046C5B5A283A00000AB70F00281D00000A6C7E110000046C5B283A00000AB70F00281E00000A6C7E120000046C5B283A00000AB7284D00000A7E0E000004086F4E00000A0717D60B071104318B0617D60A06093E73FFFFFF2A001B300B00100500000E000011281B000006281C000006281F0000067213000070130E16284F00000A2814000006800B0000047E0B0000042815000006800C0000047E0D0000041116285000000A2C357E0B000004281B000006281C00000613171217281D00000A281B000006281C00000613181218281E00000A2816000006800D0000047E0C0000047E0D000004281700000613097E0C0000041A2821000006267E0C0000041616281B000006281C00000613181218281D00000A281B000006281C00000613171217281E00000A7E0B0000041616281B00000613191219281D00000A281B000006131A121A281E00000A202000CC002813000006267E0C00000411092817000006267E0C00000428190000062616284F00000A7E0B000004281A000006267E0D000004285100000A0B285200000A130512051205285300000A6C076F5400000A6C281B000006131A121A281D00000A6C5B5A283A00000AB7285500000A12051205285600000A6C076F5700000A6C281B000006131A121A281E00000A6C5B5A283A00000AB7285800000A1F201F20735900000A0D09285A00000A1307285B00000A1107121B7E5C00000A096F5D00000A285E00000A111B6F5F00000A11076F6000000A07285A00000A1307110709121B110512182300000000000040407F0A000004281D00000A6C281B000006131A121A281D00000A6C5B5A283A00000AB72300000000000040407F0A000004281E00000A6C281B00000613191219281E00000A6C5B5A283A00000AB7283100000A1118285E00000A111B6F6100000A11076F6000000A200A202600130C7E0E000004166F6200000A131F121F286300000A7E0E000004166F6200000A131B121B286400000A7E0E0000046F6500000AD8076F6600000A734B00000A130D1B8D0E0000011320112016076F5400000A280800000AA21120177261000070A2112018076F5700000A280800000AA21120197265000070A211201A7E0E000004166F6200000A131F121F286400000A280800000AA21120281F00000A1308161304167E0E0000046F6500000A17DA1321131138130100007E0E00000411116F6200000A131307111317110C6F6700000A130F7E0F000004111317110C6F6700000A1310110F6F6800000A286900000A110F6F6A00000AD81312110F6F6B00000A11106F6B00000A1112281E000006163B9C000000110D121F161213286400000A1104D81213286300000A1213286400000A284D00000A111F18110C6F6700000A131411146F6B00000A110F6F6B00000A1112282300000626110D11146F6C00000A1B8D0E00000113201120161108A21120177265000070A21120181213286D00000A280800000AA21120197261000070A211201A1213286E00000A280800000AA21120281F00000A1308110417D6130407110F6F6C00000A7E0F00000411106F6C00000A111117D61311111111213EE4FEFFFF1104163307140ADDE900000007800F000004110D121D16167E0E000004166F6200000A131E121E286300000A7E0E000004166F6200000A131F121F286400000A1104D8284D00000A111D110D6F6600000A6F6F00000A0B11087E04000004280900000A1308730700000A130A730700000A130B17737000000A130611066F7100000A167E7200000A1F326A737300000AA207110A7269000070281D00000611066F7400000A120828050000060C110B0816088EB76F0A00000A110B110A6F0C00000A16110A6F0D00000AB76F0A00000A110B6F0C00000A0ADE1B25281100000A13157E4700000A8010000004140A281200000ADE00062A411C00000000000000000000F3040000F30400001B0000000B0000010000000042534A4201000100000000000C00000076322E302E35303732370000000005006C00000078090000237E0000E4090000CC08000023537472696E677300000000B012000080000000235553003013000010000000234755494400000040130000CC03000023426C6F6200000000000000020000015735021C0900000000FA253300160000010000002E000000030000001200000023000000430000007400000002000000030000000E0000000500000002000000100000000100000005000000000001000100000000000600210028000A003B00450006006B0072000E006F0160010E008A0160010E009B0160010E00150324030600A703C7030600E703C70306000504120406001C042800060026042E0412005B0467040600970428000A00B60445000A00D00445000600DC0412041200F004670406001E052705060052052E04060059052E040600650528001600870572050A00DC0545000A00F105450012000F0645040E003506600112004106450412004F06670406006D062E041600900672050600D30628000600F10628001200F706670406001D07360706005307360706006D0728000E00A60724030E00B20724030E00C40760010E00CD0724030E00F00760011600310872050E00610824030E00A30824030E00B408240300000000090000000000010001000100100012001400050001000100010010005501140005000A00100006002F000A00060031000D00060033001000160037000A00060039001300060058000A0006005C00100006006200100006006700170011005D016B00110074016F00110078016F0011007F016F00110087017200110094017A001100A2016B001100AB010D001100AE010D0050200000000011188D001F0001005C20000000000618940023000100C4200000000006009A00270001009A20000000000600A2002D0002007821000000001600A900320003009421000000000600AC0039000400B021000000000600B10023000500D821000000000600B70023000500B824000000000600BA00270005004C27000000000600BE0023000600C828000000000600C10040000600B02A000000000600C700450007000000000080001120D2004B0008000000000080001120070153000C0000000000800016203A0159000E00042B0000000011188D001F001300A92000000000061894007E0013000000000080001620B701840014000000000080001120FE0191001D0000000000800011206F02A000280000000000800011207A02A000290000000000800011209402A5002A000000000080001620AB02AC002D000000000080001120CA02B2002F000000000080001120D702B20031000000000080001120E002B9003300542B000000001600F302BF003600742B000000001600FE02C4003600882B0000000016000603CB00370000000000800011203D03D1003800C42B0000000016005B03D8003B0000000000800016206003A5003C0000000000800011207503DE003F00CC2C0000000016009403E400410000000000800016209C03E900410000000100A00000000100A70000000100A70000000100AF0000000100A00000000100C40000000100AF0000000100E90000000200ED0000000300F30000000400FB00000001002B0100000200310100000100F300000002004601000003004901000004004C0100000500FB0000000100B20100000100740100000200C80100000300CF0100000400D60100000500DD0100000600E50100000700EC0100000800F20100000900F801000001000902000002001102000003001E02000004002B0200000500360200000600E501000007004202000008004E02000009005A0200000A00640200000B00F801000001007502000001008D0200000100740100000200D60100000300DD0100000100740100000200C20200200000000000000100C20200200000000000000100740100200000000000000100EA0200000200EF0200000100B201000001003B03000001004F0300000200520300000300550300000100B201000001006E03000002007303000003005503000001007401000002008703000001006E0300000200A30300000300550341009400F0004900940023000900940023001100940023000C009400230061003F04300151009400230069008E04350171009E043A015100A50440011100AB0448015100BD044D015100C50452017900A20056018900E30423006100EB0430019100FC04600191000C051F00990033056B0199003F057001990048054500A90094007F01A10094008501A100B100230011006A05A901B9008E05AF01B900A005B4012900AB05B9012100B405BE012100BE05BE0171009E04C201A1009400C8011100C905BE017900D705CF011100E705D6018900FF05BE0169000806DB01D1001706E00169008E04E50179001C06560179002406EA0111002F062300D1003B060702E90059061102A10067061802F10094007F01A10094001D02690086062302210094002802A100B1004000D90094002802F90097062E026900A40634025900AB0639020C00B706BE010C00C10652020C00CA06F0000101D80658027900DE06F000110106077F0269008E048802690086068D0271009E0492027100C504BE010C0013079A020C001707230019019400230021016107AC02B1008E04B302140094002300210074076B0039007A07D50239008B07390221009807E40231009400EC0214001707230029009400F502140013079A022901D80742032901E407B9005101F6074703F90002084D03D9000F08BE015101B405BE01D9001508F000D9001B08BE015101BE05BE01D9002108F000310094002802410127085203590133055B03D900740760035101AB05B901290094006403F90039086C034101E304230041013E0875031400C10652022900B405BE012900BE05BE011400B706BE01510148087E0331005808840349016F08BE0101017A0892034901BE05BE0149017E089703310088089B0329000F08BE0129001B08BE0131009308A20339019400F00039019908AC037101BC08B30369019400B8035101C408C0032E000B00F5002E001300FE005F00B7006300B7006700B7002401660176017A018B01EF013D025D02A002BF02C602CB02DB02FD02DE002401BE01B80244031D01B80243011B00D200010043011D001501020043011F003A01020000012500B701030000012700FE010300000129006F02010040012B007A02030000012D009402030000012F00AB02040000013100CA02030000013300D702030000013500E002010000023D003D03050000024100670305000001430075030300000247009C0305000480000000000000000000000000000000001400000002000000000000000000000001001800000000000200000000000000000000000100280000000000020000000000000000000000620060010000000008000000000000000000000062004504000000000200000000000000000000000100720500000000007363322E646C6C003C4D6F64756C653E004100736332006D73636F726C6962004F626A6563740053797374656D00480050004F46460059004300546370436C69656E740053797374656D2E4E65742E536F636B657473004F534B00697372756E00556F666600626D62004C69737460310053797374656D2E436F6C6C656374696F6E732E47656E65726963002E6363746F72002E63746F720053656E646200620053656E640053005342004253004200537461727400524300696E64006672007564007861006765744D443548617368006B657962645F6576656E74007573657233322E646C6C0062566B00625363616E006477466C6167730064774578747261496E666F004D61705669727475616C4B6579004D61705669727475616C4B657941007573657233320077436F646500774D617054797065006D6F7573655F6576656E740064780064790063427574746F6E73006361707475726500737A0053797374656D2E44726177696E670053697A650068646300686D656D646300686269746D61700072670052656374616E676C65006C6173746274004269746D6170006C61737473697A6500636F00636F320073697A6500426974426C740067646933322E646C6C006E5844657374006E5944657374006E5769647468006E48656967687400686463537263006E58537263006E59537263006477526F700053747265746368426C740068646344657374006E584F726967696E44657374006E594F726967696E44657374006E576964746844657374006E48656967687444657374006E584F726967696E537263006E594F726967696E537263006E5769647468537263006E4865696768745372630047657444430068776E6400437265617465436F6D70617469626C6544430068526566444300437265617465436F6D70617469626C654269746D61700053656C6563744F626A6563740047646933322E646C6C00684F626A6563740044656C6574654F626A6563740044656C65746544430052656C6561736544430068576E64006844430073637265656E73697A650067657473697A6500476574456E636F646572496E666F00496D616765436F646563496E666F0053797374656D2E44726177696E672E496D6167696E67004D006D656D636D70006D73766372742E646C6C00703100703200636F756E7400696E6974004D656D536574006D656D736574006465737400630053657453747265746368426C744D6F64650069537472657463684D6F64650043617074757265006D656D6370790073726300436F6D70696C6174696F6E52656C61786174696F6E734174747269627574650053797374656D2E52756E74696D652E436F6D70696C657253657276696365730052756E74696D65436F6D7061746962696C697479417474726962757465004D656D6F727953747265616D0053797374656D2E494F00457863657074696F6E004D6F6E69746F720053797374656D2E546872656164696E6700456E746572004D6963726F736F66742E56697375616C426173696300436F6E76657273696F6E73004D6963726F736F66742E56697375616C42617369632E436F6D70696C6572536572766963657300546F537472696E6700537472696E6700436F6E636174005772697465006765745F436C69656E7400536F636B657400546F4172726179006765745F4C656E67746800536F636B6574466C6167730053747265616D00446973706F736500457869740050726F6A656374446174610053657450726F6A6563744572726F7200436C65617250726F6A6563744572726F7200456E636F64696E670053797374656D2E54657874006765745F44656661756C7400476574427974657300476574537472696E6700546872656164005468726561645374617274004279746500436F6E6E6563740053797374656D2E57696E646F77732E466F726D730053637265656E006765745F5072696D61727953637265656E006765745F426F756E6473006765745F53697A65006765745F5769647468006765745F486569676874006765745F417661696C61626C6500506F6C6C0053656C6563744D6F64650047657453747265616D004E6574776F726B53747265616D00526561644279746500546F4C6F6E6700537472696E67730043687257005265636569766500446973636F6E6E65637400436C6F736500506F696E740053706C697400436F6D706172654D6574686F64004F70657261746F727300436F6D70617265537472696E6700536C65657000506172616D65746572697A6564546872656164537461727400546F496E746567657200437572736F72007365745F506F736974696F6E00546F42797465006765745F4D657373616765006765745F436F756E74006765745F4974656D0052656D6F76654174004D61746800526F756E64007365745F53656E6442756666657253697A6500496E743332004E65774C61746542696E64696E67004C617465496E6465784765740041646400436C656172004D443543727970746F5365727669636550726F76696465720053797374656D2E53656375726974792E43727970746F6772617068790048617368416C676F726974686D00436F6D707574654861736800496E7450747200456D70747900476574496D616765456E636F64657273006765745F4D696D6554797065006F705F496E657175616C69747900506978656C466F726D617400456E636F646572506172616D6574657273004772617068696373004269746D617044617461006F705F4578706C69636974006F705F457175616C69747900496D6167650046726F6D486269746D6170006765745F506F736974696F6E006765745F58007365745F58006765745F59007365745F590046726F6D496D61676500437572736F727300447261770044726177496D616765006765745F506978656C466F726D6174004C6F636B4269747300496D6167654C6F636B4D6F6465006765745F53747269646500416273006765745F5363616E3000556E6C6F636B4269747300436C6F6E65006765745F506172616D00456E636F646572506172616D6574657200456E636F646572005175616C69747900536176650000000000117C00480061007300730061006E007C000001000300000007730063007E00000321000003780000052100210000034000000323000003240000054500520000097300630050004B00000F7300630032002E0064006C006C0000057800320000032C0000032D00011569006D006100670065002F006A0070006500670000007DD8BE03B5480D4BBB8EA572118542230008B77A5C561934E08902060E02060802060203061209070615120D011D050300000103200001052001011D05042001010E0600011D05100E0620010E101D05042001011C0520010E1D05070004010505080805000208080808000501080808080808B03F5F7F11D50A3A03061111020618070615120D011115030612190520010111110C0009021808080808180808090E000B02180808080818080808080904000118180600031818080805000218181804000102180102050002021818040000111106000111111111050001121D0E060003081818080500010111110500020218080400001D050600031818180804200101080801000800000000001E01000100540216577261704E6F6E457863657074696F6E5468726F7773010615120D011D050B07051D051229122D12090E040001011C0400010E080500020E0E0E072003011D050808042000123D0420001D050320000A092004081D050808114105000101122D0407011D05040000124D0520011D050E0307010E0407011251052002011C180520010112551D07111D050A08122911110E1251080E080A122D122D122D122D11151D0E052002010E08040000125D04200011150420001111032000080500010E1D0E062002011255080620020208116104200012650400010A0E04000103080400010E03042001010217070C1D0E0E1251122D0E120811111D1C120808116D1D0E0900041D0E0E0E081171060003080E0E020400010108052001011279040001080E05200201080805000101116D040001050E0320000E140708081D051D051229122D120915120D011D050E0520011300080400010D0D21070D080E1111120C12291D050E122D1D1C111115120D011D051D0E15120D011D050800031C1C1D1C1D0E0400010E1C040001081C0700040E0E0E0E0E0520010113000B07060E12808D0E05081D050620011D051D050420010E0E0615120D0111150607021111111504070111110907041D121D121D08080500001D121D080705080811150808070002021111111108200301080811809907200401080808084407221D0512191D05121908116D12809D1280A10E181229122911809912190E1280A51280A5080811151280A5122D181111111111111111111511151115111511151D0E080400011808050001121918040000116D0800011280A11280A9040000127D0306116D07200201116D1111082002011280A11115082002011280A911150520001180990D20031280A511151180B1118099040001080803200018062001011280A5092002121911151180990620001D1280B504061280B9072002011280B90A0A2003011245121D12809D003C49000000000000000000005E490000002000000000000000000000000000000000000000000000504900000000000000000000000000000000000000005F436F72446C6C4D61696E006D73636F7265652E646C6C0000000000FF250020400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000C000000703900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(2304) powershell.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2304	powershell.exe	C:\Users\admin\AppData\Local\Temp\plga5hik.avp.ps1		binary
		MD5:C4CA4238A0B923820DCC509A6F75849B	SHA256:—
2304	powershell.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\281XD8LHBPW0PR7WEDRY.temp		binary
		MD5:67BC9011476C87B42100EDEB9660C156	SHA256:1332A0F6F56E228FD1BF8D1756BBA448C457E74C26A8E2DDA9F0BA80BE65F1BC
2304	powershell.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms		binary
		MD5:67BC9011476C87B42100EDEB9660C156	SHA256:1332A0F6F56E228FD1BF8D1756BBA448C457E74C26A8E2DDA9F0BA80BE65F1BC
2692	Skype.exe	C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\settings.json		binary
		MD5:8AAB3FFA37C9CEF3FF1B107AE8FD1335	SHA256:AB9B6A671A41D213308E5D83C4DC72F090C25CD97392CB43A6EEF2FB55159833
2304	powershell.exe	C:\Users\admin\AppData\Local\Temp\cu2raw5v.2m2.psm1		binary
		MD5:C4CA4238A0B923820DCC509A6F75849B	SHA256:—
3912	Skype-Setup.exe	C:\Users\admin\AppData\Local\Temp\is-A9TSJ.tmp\Skype-Setup.tmp		executable
		MD5:55364BFEA54A03CCBA0F0400DF3D629F	SHA256:94B0E7DCDE2CBE4543EB28111FC5567EA622437F5A58A5E716BB7CFE0BF8DFAE
2692	Skype.exe	C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json		binary
		MD5:C7F5FE3351BE047C16E869BF7C0C2B91	SHA256:F8B03759A2D5017729A41B7BF8918BE1ABF20F3563DD791E6F93D5ABE6C44142
2304	powershell.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF18ad52.TMP		binary
		MD5:0268C3470C936E6FBAC2945B9E1C2099	SHA256:DF2AF58E8879B48826D8A418ED3B02CC8D484BCFC231C5B7A11BD153ED3998E9
2692	Skype.exe	C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old		text
		MD5:AEAB6EEF48334E4749D630894ADCA674	SHA256:7B1139E4ABA3CF16CA2C097DC19F515B73C934315CC497769B6627C6252AE264
2692	Skype.exe	C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Crashpad\settings.dat		binary
		MD5:3B2AEFD32F61DB8110091B81A16A9AD1	SHA256:27A6D2020F45CD9D3F4DFCF837EC661A1D997B08D23E3CB41B94186C21A50B37

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

No HTTP requests

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
4	System	192.168.100.255:138	—	—	—	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
3668	Server.exe	3.126.37.18:17486	2.tcp.eu.ngrok.io	AMAZON-02	DE	unknown
2692	Skype.exe	13.107.42.16:443	a.config.skype.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
2692	Skype.exe	52.113.194.133:443	get.skype.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	unknown
2692	Skype.exe	23.218.208.139:443	download.skype.com	AKAMAI-AS	DE	unknown

DNS requests

Domain	IP	Reputation
2.tcp.eu.ngrok.io	3.126.37.18	malicious
get.skype.com	52.113.194.133	whitelisted
a.config.skype.com	13.107.42.16	whitelisted
download.skype.com	23.218.208.139	whitelisted

Threats

PID	Process	Class	Message
1080	svchost.exe	Misc activity	ET INFO DNS Query to a *.ngrok domain (ngrok.io)
3668	Server.exe	Malware Command and Control Activity Detected	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

7 ETPRO signatures available at the full report

Add for printing

Process	Message
Skype.exe	[0220/111824.440:ERROR:filesystem_win.cc(130)] GetFileAttributes C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Crashpad\attachments\3a0ee62b-79ac-4cc3-bbd5-f65252e7a91f: The system cannot find the file specified. (0x2)

General Info

Server.exe

87CFFA1480A27B5897CC9FEA84D8F383

C1BA390B8640F9FB72ECF2296216AA13CF244E69

F2F986DCEE9E3181984C43D4D9CCDAF02F2C16852BA7FFCDF0E4657F35C257E2

768:fxgSd6jMiTfj8jLs7FjBtjZyIsLNdeH1cVtsnY8/o/bJ:fx8MiT78jLspjfZy1U1OtsnY8Q/b

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

NJRAT has been detected (SURICATA)

NjRAT is detected

Drops the executable file immediately after the start

NJRAT has been detected (YARA)

Connects to the CnC server

SUSPICIOUS

Connects to unusual port

Executable content was dropped or overwritten

Application launched itself

Reads the Internet Settings

INFO

Reads the computer name

Checks supported languages

Reads the machine GUID from the registry

Manual execution by a user

Creates files or folders in the user directory

Reads Environment values

Reads product name

Reads CPU info

Create files in a temporary directory

Malware configuration

NjRat

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings