Malware Analysis Report

2025-03-15 06:27

Sample ID 240117-plh4wsffc2
Target 100.exe
SHA256 2bdba6391710b72526e5fae2069d571dfb608d27b2270fe90c5c6cb108cf04d9
Tags
njrat hacked trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2bdba6391710b72526e5fae2069d571dfb608d27b2270fe90c5c6cb108cf04d9

Threat Level: Known bad

The file 100.exe was found to be: Known bad.

Malicious Activity Summary

njrat hacked trojan

njRAT/Bladabindi

Enumerates physical storage devices

Unsigned PE

Modifies registry class

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-17 12:24

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-17 12:24

Reported

2024-01-17 12:34

Platform

win7-20231215-en

Max time kernel

225s

Max time network

321s

Command Line

"C:\Users\Admin\AppData\Local\Temp\100.exe"

Signatures

njRAT/Bladabindi

trojan njrat

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\MenuExt C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\100.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1096 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\100.exe C:\Windows\system32\rundll32.exe
PID 1096 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\100.exe C:\Windows\system32\rundll32.exe
PID 1096 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\100.exe C:\Windows\system32\rundll32.exe
PID 2660 wrote to memory of 2832 N/A C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PID 2660 wrote to memory of 2832 N/A C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PID 2660 wrote to memory of 2832 N/A C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PID 2660 wrote to memory of 2832 N/A C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PID 2160 wrote to memory of 3024 N/A C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE C:\Windows\splwow64.exe
PID 2160 wrote to memory of 3024 N/A C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE C:\Windows\splwow64.exe
PID 2160 wrote to memory of 3024 N/A C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE C:\Windows\splwow64.exe
PID 2160 wrote to memory of 3024 N/A C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE C:\Windows\splwow64.exe
PID 1924 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 1912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1924 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\100.exe

"C:\Users\Admin\AppData\Local\Temp\100.exe"

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Svhost

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Svhost"

C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE

"C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE" "C:\Users\Admin\Desktop\DisconnectAssert.pptx"

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5e19758,0x7fef5e19768,0x7fef5e19778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1112,i,2200410791828159884,54091670375739579,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1112,i,2200410791828159884,54091670375739579,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1112,i,2200410791828159884,54091670375739579,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1112,i,2200410791828159884,54091670375739579,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1112,i,2200410791828159884,54091670375739579,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1408 --field-trial-handle=1112,i,2200410791828159884,54091670375739579,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3256 --field-trial-handle=1112,i,2200410791828159884,54091670375739579,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3396 --field-trial-handle=1112,i,2200410791828159884,54091670375739579,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3516 --field-trial-handle=1112,i,2200410791828159884,54091670375739579,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3740 --field-trial-handle=1112,i,2200410791828159884,54091670375739579,131072 /prefetch:8

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
IE 74.125.193.106:443 www.google.com tcp
IE 74.125.193.106:443 www.google.com udp
US 8.8.8.8:53 apis.google.com udp
IE 172.253.116.138:443 apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 api.bing.com udp

Files

memory/1096-0-0x0000000001090000-0x0000000001098000-memory.dmp

memory/1096-1-0x000007FEF5850000-0x000007FEF623C000-memory.dmp

memory/1096-2-0x00000000005D0000-0x00000000005E2000-memory.dmp

memory/1096-3-0x000000001B170000-0x000000001B1F0000-memory.dmp

memory/1096-6-0x000007FEF5850000-0x000007FEF623C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Svhost

MD5 23c4f8ea240f3902587b3da6b3c097af
SHA1 71739a20c3a6830ba814abb0805976d8b83b4d2a
SHA256 2bdba6391710b72526e5fae2069d571dfb608d27b2270fe90c5c6cb108cf04d9
SHA512 dd94ce1b2a287091fea5bd2fde3cc37868ab69d252c98e327744c7165a6079cdce48e99bd48b0fb3d5540551711e03e46e95c2bcf7388e8a177a6eb871313bb3

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 e1a7de8b95d777473aeaddda5fc3b0c5
SHA1 345763939e5dba855fdd459e205f29808ca78877
SHA256 62b4f7ecba7e94088172bcbc2135654c13bbc5cfc33f931af266ed843d1e1667
SHA512 92fe8fa7ceaaf5726ace4ea3f2da3c1ab1035dead42cb54840ff78b7c4d0a33aab5a1c53b505a56cc93d376f7f08e102ce4ad664a8dcba99115dba2999f3d818

memory/2160-32-0x000000002D361000-0x000000002D362000-memory.dmp

memory/2160-33-0x000000005FFF0000-0x0000000060000000-memory.dmp

memory/2160-34-0x00000000724ED000-0x00000000724F8000-memory.dmp

memory/2160-39-0x000000005FFF0000-0x0000000060000000-memory.dmp

memory/2160-40-0x00000000724ED000-0x00000000724F8000-memory.dmp

C:\Users\Admin\Downloads\SelectEnable.html

MD5 25d792779334b807a772a487622c63f1
SHA1 865c2e4b651947ef7e499ab23178e2be7420bf1e
SHA256 b639570cca5bdd62449676e697b30b55c3d0efc148becb5f20ff02c813ac4f6f
SHA512 100faea1e7228eea45f7b58076eeb60350ae0023a21c1e791d0a32037e4b31dc879fe783e9610815c401a1cc6d4158da9db0c200945b5e8715a34714897a81de

C:\Users\Admin\Downloads\SetPublish.odt

MD5 ec890e6d71dc05bfcd73a2465505f833
SHA1 40cd07d693fb03f3e894e8992cd1dba41ffffe4c
SHA256 64293f39ca24f67b2e48bf25103f1e8a4fb206030e3b0864065c509f7b55c3b5
SHA512 046b5167caed81fdccacc15c89986b4d75e39f15d022eb5e4127e2919af96dee965755c41c7560ba4200908b9943b395ed21ded02d6873d3d59fb7404795dd63

C:\Users\Admin\Downloads\SplitRestart.snd

MD5 2464ef19ce808aabf1cc5df0154854c8
SHA1 8cccb49a2be28cb1648bcb201ea2e3b295874a7e
SHA256 d88e950cf48bfd0a7c41a11dab0b507632bdbcd36a36673cb06308fbeda0c297
SHA512 18a312bbac61e4c8cef64c6c4ee810fd7dfd7cbb31be25c0c69a8491afd3aff35f6b6a39550a4620bcf74148b4132a859bc5cfd590ae56200db979b20e9b090d

C:\Users\Admin\Downloads\StepWait.aifc

MD5 2f03d3b71b43f32c7f5e4ea0553d5cbe
SHA1 29413b87f7df2912b67e1e663a431b1d6a024c28
SHA256 ae91c8849b2e3074df2e4ba69f7db9f2ef584afe0906dee8d64ff96d2e8a5d1b
SHA512 05c035730808852332b9fd066ed64d63849136b49b1f57e60500454873983a741846be2def128d4c5ce5ded6c3976a11cc7d17836b0e7d9e6e1f64d5d04b2163

C:\Users\Admin\Downloads\TestRequest.edrwx

MD5 1f908d100c209d58247c3bc28d22d7e0
SHA1 bcd376e6f20c941a7d8028863ac3b972bda62b71
SHA256 2035e0259b5354a620ec812398a7a458311320b5883e53a97ab7c79d6dbb3b36
SHA512 08f445a2f4f99257aec7e2e8adb0c53cbca57c77cf298e1980628688fa5496270715c16af2fb3f1df189cceda352ef47e354d02eef4263816a3bdc8296cc05b1

C:\Users\Admin\Downloads\TraceBlock.css

MD5 aeaffc348a3bf75201847e6089ee44a9
SHA1 b2c054ebe90f009f59adfad18dbeca4a3d66dd57
SHA256 dc75d0596a930f5bd34fa96b81f91887beedf39e8cf95095763b15a3fdd28f61
SHA512 f3d1c15d7ec8c71e8272360bb8fe26a2892c1796784064950d518414fbbca20710f5e9ed074bede35859022051871fa332e51e91e16e7983120ac6c9c81dc64c

C:\Users\Admin\Downloads\UnprotectUninstall.xls

MD5 633271b017fbffef6b89f7b9a4d48455
SHA1 e92dbc1fd85af70db969b08f26d5db8647929a6e
SHA256 40919b2bce0a0098e2fb011af99e23e311819ca09cd82901b7137313bcd3fb53
SHA512 3b691095565641f8da0c173f3c5ebe7a1c9cbe2169cf505f69c8ec3b57632b0e1788a58abfa7708921441552f8c4534a08d006e8acf84953d9c9c92c7421f055

C:\Users\Admin\Downloads\UpdateUninstall.mht

MD5 7ec1b34ab63fec1095216d6ba4fce35f
SHA1 c73d21184dbb1618edd5f1fe9a57e9888bba7a12
SHA256 d538f34cb58f9ac471ac36a4706a8fc2f0bc6819e775e261583b29cbbff996e2
SHA512 5b512170fdd2916076bedb416826900a69686eca2a2b7202b4ae03d448cd1f5974dd1a25b3031c3c3a277f3352c0b64fb0b0ffdeb13be64442dd903b12d49141

C:\Users\Admin\Downloads\UseClear.sys

MD5 30fd80243a45d479ec8c8077d72d5779
SHA1 d1f8c0122a31877ee684aef96d50a5f8f1e3df46
SHA256 82e4382e597f8534f7bbc9e8d0c6e10fa0424c655146ea1dd3c573a850b8a4fc
SHA512 89c34a6d7c893ead047066db5f8eb3d701cc0364bc3e74db710c96af1396d3ec8652d2d7c8f0efb08a83c7084f4eba2e789df10ea15ae2741acd18817025c74e

C:\Users\Admin\Downloads\WriteMove.M2V

MD5 0be7ffd1eff1a92a72c4685888bcdc85
SHA1 c6930233ec122b26d1f2c97b104a26c1f3ff9c3c
SHA256 cbbab716561920db91f93c0729b89e60703d5fbc16d86f376a6195ebb05e3f22
SHA512 a3681e43322fdf1bff7b03e909cc5e56996a90330100de8974f58b13276a1f7df7c2279bc335cd538b7fe94b9bf4b90b31509674c10a23a5da70e6b567417df1

C:\Users\Admin\Downloads\WatchLimit.mid

MD5 67c0c49b86e9cbc54734d231110e45ad
SHA1 8a4fb46f5d471886c206af819ec5e76c0a7d2794
SHA256 4a361211d6224c4b6833826c8eb452067374d16b265d258a4ecfd6da60db1b0e
SHA512 5791fc152502dfa1ae27e40c473cedc916e51e15fbb3509d9c93541ca2912de56b1b6b0f4a1c79e0ff072276bfd886899c2917764fefbb8ef529eb5f1932f8c2

C:\Users\Admin\Downloads\AddCompare.WTV

MD5 cd67457f49971293c5c0bd5cd25c6e94
SHA1 48644a4c93c3cde5a061a6d60df87a3bf7374ade
SHA256 049243b944b34c7dc7450c976f04f14a7c12545e1401516f94e083635f5e42b6
SHA512 511f366a1fde1e36feac0766006e3f2dd6e9af77e311fdef1a7e491d4ccd14aba48afd060fde2e9d6744b36c25ec30bbc00a1c0b42f23acf52143e01a1bf30df

C:\Users\Admin\Downloads\CloseOpen.fon

MD5 4e8a210827eb8bc56870497b46bd0b84
SHA1 bc284d7ef13cfa960a6a3b33b6c38a7cac7f0ce4
SHA256 8d7c4a7c7e53b80e83c31615f3610a8aa106b5ef6842f94c24bd66c0677dc371
SHA512 d1f01670fe73744244dcabafd3c533339eb83205d8f8202f80d33aa30d379c9cfe67954f3ae07c4170fa4156ee14e84e50704fb09e3540c099605a6999daa136

C:\Users\Admin\Downloads\ConvertToInvoke.AAC

MD5 ed1ed8337fc24c4c846e4612907a464a
SHA1 8582ef3b926f28f3ec9b78307393d32ed0423a25
SHA256 7956a6ad315c465874badc486f9e63f3ac164f99fff9578137b01b72e7fe0e72
SHA512 4adf668d703af5f718f28102200fd8397e955e20509c84b4b14f69d3ca039044ceaf1a4e4b7469c10bb76ea3aa5d2a43fac2c21e84887182deeed258b116af64

C:\Users\Admin\Downloads\MeasureSelect.xltx

MD5 337e81fd984e025d9df0bbc7b1d2e06f
SHA1 82fe94d70404dd54a7ee728170d2fb46ae972332
SHA256 970b634dcf35e70346f1a5875abe74131684ebab149483776c3f89cf8fd133be
SHA512 083314b1d5b29542ba1615ed023317fea5fde12221bd2dc57bfcd79968a446335ccb4c7c3bb5c011a645db6813d93ccf61053093dffe72d3349f80f67f0139c9

C:\Users\Admin\Downloads\ProtectAssert.midi

MD5 b2d11e5965b30b57c62bfddecb89c831
SHA1 57a4fd2812b217c4b48f73c4c4db92452117a48c
SHA256 896d6d5f72f417cb5ab5cac3e020b59bbd90b974ef82a9112f2261be97eb707e
SHA512 598c03f4bdc3d47067cfe6bca0e1f812a99aeb7514a5142eba5642e722d8369eaac9b8d2feb3e75a07466715d6491f4ed584645228456816272b49cee1617694

C:\Users\Admin\Downloads\ReadComplete.pdf

MD5 7f82e0f101ea818a1db9bae4745df336
SHA1 8458fe89c4fa3ca8813193c4e39eeec51f71b33c
SHA256 91a3a0534d11a41db5d98bf2664204921cfac7e8c837c649296acd0f9f84afd1
SHA512 38ec7509c25e17499335a9672753d42c80c26876314fdb4e4462dda8a710bee90076aed0b332a58951e5e3c9043b409ae9b8c6c39de5fce2a1eb94a69023e8ab

C:\Users\Admin\Downloads\RenameUnlock.ps1

MD5 f834ce3624d0554343512765b457ac6c
SHA1 a83f4582c12b3868f736d6c5c3c1f0583a5f992e
SHA256 8d6302f0a6a9a02abce192f41a5a8514914c334f2baa73843bc6a81cbbcb8d70
SHA512 8b6be21c9939237b73d5b0cfdf4fdeb863b76103ff5760bc7cbfd4f3548cc43d59c4c0133191927b86ec4aa650ba7e1ce9db3d0b5e075dca9c30954cd8723dbf

C:\Users\Admin\Downloads\SearchDeny.clr

MD5 d63c10a4decee2967ad8a247faaed0a8
SHA1 a365d801dd12b3bb3221438ea0acaec82133f531
SHA256 9efab9c034106a73de9410699c88bb5a04383abfe5ac880017861de260efdca6
SHA512 8bbb00e36dce65247339826df2e1aa71a385672dde022956d959d0ec387af4e1e4bf479212920f494bc7317b58a840adde4ebf379d88ede14f6a0aa33177e4fb

C:\Users\Admin\Downloads\RestartExit.M2V

MD5 d4b552ce0ecb11dcd3eab54848d436bc
SHA1 9c5eb1ba289394ff30efc2e9ed8c2b8e597f700b
SHA256 2281ad4b824ceae3be1e56a6563479b66aae9bc7b819995f13944bce7a1c721a
SHA512 c07e41bbbab4bd6a19199e8c4cc4eb2182fe4ba6c72489024517602595fe503c18be97eda197cb392df5785708f2e7af3b36d95f78e6462ec49f623b1b761114

C:\Users\Admin\Downloads\RestartDebug.m1v

MD5 d844651bab759cc890b8d2e1cb73ee47
SHA1 94a2856140c5ee6cf777b931023323a4f6fe91ec
SHA256 e683454252c89e2a23cd06a2cffacc9daac685d9442e43d0f67813559830bd48
SHA512 f03c8a4699bcbcd84e7a0c303f3afa1c905fc7a2e7b3fe6e28ed291af375773f8e8ae1fc7f45e8bd5b4903c910718449f3589f582affff71cf7470800af0f376

C:\Users\Admin\Downloads\RegisterStep.pptx

MD5 a8c8d13aa871b0a4d248a42275963171
SHA1 1a0b46ba56f728b62be3dd0ddc06762d801206d2
SHA256 dd475e4ba34e1480287ce6daa20ec5f8f821c385f4e20aa05be1a2754ad61b9b
SHA512 bd6ed037ca0bd212720c0de5b52eb59b96b4c14bc871efdc8a3652591bdf31e66fd47d36fbc074fb6bc148a9d5c341184b0113f2631a687d86ee5d2f333c2d04

C:\Users\Admin\Downloads\ReceiveSet.hta

MD5 4c64bc1a23cd43191576b1e5d7b2bc4d
SHA1 36f38e6e39de445c78da3188f6a2401c8bfed1ac
SHA256 8b63b792a87ee7acdb62db2fd8cf076c42deb42e903fa2a54c0aef823d4a36f9
SHA512 a10768c6872c2df1c51ef5d30a7c18e4370aee59b2aed522df5d77d86ae1dce64bb5e673a76406acecc751078796e4543201fe74f401bbf63b9e454f440847cd

C:\Users\Admin\Downloads\ReadRepair.zip

MD5 2d1f1409e174b90d4695fa991c3e2a7f
SHA1 af1eff021fec00a620ab33082357c7dc52e5e6b8
SHA256 f227061bc61e74ffdaf60afef1957e8245beb5e36a9041b96ec2fc51a06c9080
SHA512 3aec76f936bbd38fd7ab60c69fd3fdbaf2cd7e44a41ba82e7e16d41159c04cfa4e28a2f83145d422f3829dc3198b36b745151aeced35f760a989b828dfbda1f6

C:\Users\Admin\Downloads\ReadClear.ppsx

MD5 c76ac5bd0072da147e2b0ff710b0e509
SHA1 c38a9df944202ecffecb4e20a48ef763998f7d59
SHA256 c3de77cfebccee5bba1d9d4e211bf40d6692f29ff6ea0a65fe0437224377e624
SHA512 38d266c09f011051b6d43241554b808cb82de50caae7bec8eb531d316d99a542b5367cf6f590281ef9a0d813628d5850c5b67e6650f5dc22a791a6c91d36def6

C:\Users\Admin\Downloads\PushExport.TTS

MD5 728efbefce1dfc9e5e1e0d705683d0f4
SHA1 afb3cf289723695d6d1aa3b5c618722d9d7c3b53
SHA256 cf36f254defd1c48268a87431028311e8b64b23cbbfa57e992d595f1f79a9c52
SHA512 2f4f16f9ae99fdaa279d622d80310dfee870c9259473e555e22f5ca371d9a34f86ae3f60d2540bbb6572585a07ab1a0d1c63c8eb52c05f667d8a77c384e89e84

C:\Users\Admin\Downloads\PublishDebug.jtx

MD5 576c9aac7b0319217dd1740907ddec98
SHA1 35496b51aacf1d0a7a373073526f681e1455e324
SHA256 6311b01f302d2765c5fa3accc7bbb6e37866b9e3a6c124c0be464cb2253e8bcb
SHA512 241d4098b071bb005e369cedd11adca4cbf1eaf249ff330c582f9559fa2a3de876cdc2d9a5b1409cdc65b7664c32ca762cce1d9e1a8341bb4920ae5a72966e88

C:\Users\Admin\Downloads\OpenFind.ico

MD5 7671e52841aa62cc403bc06900f1bdab
SHA1 c6b1a98c0fccdcee973a067bac0e54a64cc90aed
SHA256 27cd2776a85304504fc472e111adbbf8c1cce7bd77c55c5b76c43c4c4ae31553
SHA512 66f967e48e019eea50f5d2f45c3c5e2ffccb76b2c03e1a29586c51718f3a45239f20e1dd4382f9b7381adba62eb7a6b79f188a6b9fcc28f14f24c0cc74a92c2a

C:\Users\Admin\Downloads\NewResume.php

MD5 c56d577a6dc3b8379d30e3e12fa7d6f4
SHA1 dbe9e4f1e9f6990df5024bd4ccf6c644d73c5b69
SHA256 12b16c7156d107a39beeeeceb44a408870a3d804bd0f427bc996012ffa1d31d0
SHA512 2b14d6111f01739ccfa53aee5e64107f91c0fae15a9f94818da23aa8d56c1b120b6fb672ffe9370bbe7b5682e32847045d54ff9fcb77df1c43e5f7f777b41421

C:\Users\Admin\Downloads\MountFormat.svg

MD5 1745534b93acc13336e9ccd41242321b
SHA1 08ff64673d5532b031d41fced52113eba4a78ef5
SHA256 a1e91b9276cf7404bb34473dcde2db7a2f1e93c8efb98c749ff111def3fa670b
SHA512 294cc9a90e2e6619a62c014232a5077c4e1d2bf88b43fd63960c7b488b6cecc1edb8099be2459172e8d43e53a71758e77419eb9f88633dfc270008fe5a52cdc6

C:\Users\Admin\Downloads\LockUnblock.ps1

MD5 ec34683f5e9d2e77cac87b397985ec91
SHA1 1045bf2e701c2a605c63b94f2bca8ca7612ef4b5
SHA256 c4f5ebd0d36ef6c724907010328693034b4a33135918bcb68d024f4a9d9fd9cd
SHA512 fd4028feb4901b87f6ff9b96f458acab1546a9e7316d1001170181de7b97517e7e03b1feab6b47e59433e021f7aa8ab752b6f0167590eb366f6cf5272bb0a83d

C:\Users\Admin\Downloads\EnableDeny.emz

MD5 aa13c35f20c5af0fc6e60bd96faa29d3
SHA1 6fca5a41a94245098fc2cc1eba84d0393be39c15
SHA256 b6649fff9b438104465059561cced8ee69605a04bddf4ed03dc4b031db0bb150
SHA512 3cb5afec99975dc22969cc31aec8e0b32fd822146b2f0b27b5b9e670fb9c6da343dae5ee7bc6ef88c8ffe3037a4778f5d1b21513fe8f32e0314062bc36827deb

C:\Users\Admin\Downloads\DisableCopy.001

MD5 86ea17eacdca3d209e0b97908dfd5292
SHA1 bdad684317ac4161dcd2e9f1881137875047c8c7
SHA256 86ab51ca0c1081744a181b25f71bb84e553d8f81f0aa1d7821febb3e313a14eb
SHA512 f5c60c06c356e9a953d35e61ecc1c5f23d1d917796518bea1b8eb8b5010f4f06ae2c5651d04ac4f012f39e0bc1ba718375d3834802edf718c1c70501efb168d3

C:\Users\Admin\Downloads\CloseGrant.3g2

MD5 18558302772782ce0ffa34df440f50f8
SHA1 f2466342238dd8db29a07066cd9582baf9ec029f
SHA256 3ba810e5686cdab53f7c65c30068a1f8ef790fe46fc8a831d4be55a8b12f6db3
SHA512 6498deb14f8571d1cb4c24299d12dceda13e3ed14bc5c6bc0e066a916a83b70ab6a9e95de74eb40a6f0f47830a4eb0bfd8e7f4ec5a935a8a366402193b2af46a

\??\pipe\crashpad_1924_LNKPACRATYRHPURG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7ef0bfb4b1beed2663f04d85d0c82b94
SHA1 b56130657eb222cd40d919141d1e5f656b9c5487
SHA256 4352927917a8be1910ecff71c6f05c5151a6a741f9499e9b134ba58781d3493f
SHA512 2472961db034f19c43d7e06350a5f9fd5e8e0d00fca7db6da5cb946f847764af982370857c0183c064fb98a564241edb5c219a2f6afec3b74f594d3bfcd93b2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f927d608ecfe1286d906531b70c4c022
SHA1 8c172c3c0ac5f8a25d274b1a1935278aa8996dc6
SHA256 1a2e0485d01ca15d253ae14d085cb428e910869d2896e5a177d7a7ae0ca02466
SHA512 539f09643fbbb2c87c2cc2629a951dd6e15147fda9eda79b0c8b64af986b5ca38a6f20b929541bbf2e0d3c3b5fe4a93024d2aeea50ac673fa4778f1e1d416296

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4997f51826c7c1de5cec79287607981f
SHA1 84c39962a08f3279c91617064b8aa3f53f9f293b
SHA256 f2d4d3d06caf5dd106fb9fc45a10d4a14e8d6cbf671e02054beb6cb3b506c81b
SHA512 46dcb47456472a61a1ed17ff9c46c726302c906b4a805ba6c89420b3a6a0698f08b1cd973e7dafdc90c89d24fa9ff22185f6f46238b159644cbaf73a4257f3d4

C:\Users\Admin\Desktop\EditOpen.rmi

MD5 4e68feb2e79efd60ffd62beb4c965319
SHA1 05446d98c79e38377113379f3d975816ea2d2f49
SHA256 99f226200095f302fa4e3162001d1f809306bd66bc823adad7a977e0c040a54c
SHA512 1358c8f057e4ccdf6ced817ee5277181de822743407b5e195fc5e4d6a7b9426e8cc1caab6bf8180ee397b5e28863e29f263ad32b524d484396811c75fa302f0c

C:\Users\Admin\Desktop\DisconnectAssert.pptx

MD5 686148c600dbdb32e89d11a4198a017d
SHA1 3d45b5d3e6ec991b7590dc649b8b06acf979db7b
SHA256 017c8b37bfe8e2f1f0db4c10c6a1614fbc5dd5c85751b3be75feeec6fca229bb
SHA512 9f8bb5ff5cc609cbd28e3c250f875b86b12440631fe55cfeef6c65a4dad4eb54b79f429ab64cc1d6b558217224100bed5694389f4b6647461d83a6b9eeef0c48

C:\Users\Admin\Desktop\JoinSuspend.bat

MD5 e1fab299a3082598bd66a1f1ef4028d4
SHA1 60c3019c7f17fa91b3265cb68cae5d82a6805650
SHA256 5f758ed083b6b845a6a59a74204ad5fe3f46e366006bc82cd2cd2e429b32b627
SHA512 00e35432447f493a593af2d9cde6f5e30372df949f7a45fabad0d194c0d56ef36aeb8196ba74db88bad5fd46d6525e24979919313718681547d27d7763f8b83e

C:\Users\Admin\Desktop\FormatInstall.mp3

MD5 495c8e8b8be78a28ae175027fbcc9552
SHA1 b9558469e27f39a658fb9b956736af7d253de46c
SHA256 367ae19d086a5ca4843cf80b1178a7093364ec53e96cafda35b6dfbce840f3ed
SHA512 9c5fccc8b8a6ac963df56ca9e584888d3eedf3ebdb0d8ee61d924134bfbb4bd47de2a8df7eefb803ed035aa0270055ecfdbed74fb530bfb73256ad7e3e5038a6

C:\Users\Admin\Desktop\FormatCompare.dotx

MD5 b6cfd6c85112b50b340f362e3f0a7145
SHA1 ace5e7aad012fac6158a6c7294b9fc1f845f3314
SHA256 3cd080d77190f1331b02b0047edfb8151f66868fceae01ddfab1df06ed694095
SHA512 d420ea02d24a99991386e68ab4a6fabb9fd3786d4ca630e02493d0f3eb4cc9aaa8694ebf1aac22bd0e56e8b87cf2f8139e40a9f664b9747709666682d2ec0cbd

C:\Users\Admin\Desktop\FindExpand.TTS

MD5 30a6b71dd6b50c7fc2971dbf78145ad3
SHA1 b3819af41ac808cd88207397c9907b165e0be922
SHA256 b8db4d99a456e6c3fd52b5275758ce6410cabb45173f00529179b4b36ad34c9b
SHA512 9a94fee2f00530ddbbfba7ad78f7f607c056f75152d0287a3714a696960f72c0c70c02cdeb3efc59275096033f630b149787c54fb368d5128bd80c9e80aa8170

C:\Users\Admin\Desktop\JoinUnpublish.tif

MD5 9113afa948148aba4978fda1ae8d916b
SHA1 f8b8ab04a4b5bb06c7c0886e97b1fe87c5ae31ca
SHA256 f8d77bb74e5cbb71aec1cacb1a980e2b794fa017d50d32460d5b35c2ef2ac615
SHA512 b3a52c7ca0e2e5c19882bf7727436bbf01b9cb5250ad87168edad559f43be564f11f5745564401e365987be1684d67e6b35848050d104d7512450ab6e99d53a2

C:\Users\Admin\Desktop\PopGrant.wma

MD5 a6a7683561a12353e51f77e687ea2ac9
SHA1 b2525ced88081fb6128383b3989d3e231aa6ec29
SHA256 7b6f24bd4d553454089baa24dd38071a7cbb5583afd74fb2123184d28d4f0286
SHA512 cc593e736606d68fead22dfeca6ca841885e1c648f944cb446b5872e72788d2d49028ed88fd67e26a935203026380fe20c0da4638e4af52caaa44afa94b15c99

C:\Users\Admin\Desktop\LimitExpand.3gp2

MD5 2c358dc723431656f86ebe29dc3c86c0
SHA1 de427bf85c15c643192c25d77bde31edfa6f9af4
SHA256 07ffae0b175776a620098fa579de8e351a635c35a09bee79b98da140b4ddab93
SHA512 3ad8d6007f92ef4e94eb99d8d9a22b0fb9a34cc044aa186d75e7063adb07869fcd2d72cc8a98a4298cfb45e620cbe78637755e013a33cd0dc09e5669a2aee9e1

C:\Users\Admin\Desktop\LimitConvert.zip

MD5 d88400a27a6a97e92642c4b615cb0893
SHA1 c2ef5ec329fac7bb70c0927ef917fec77dc31410
SHA256 2b63d63c52261ca110fdef4da493b6ea69723a61d5a499c7efd1b74c4c99ae65
SHA512 a126f60facdb5ea7e94cdb6f05b9545b48d00ffaa3547c6847f7c1be6871a0b0873ce01f19f823c4d6fdd40998cf7bd75643a87f050bc58752e481acfac494c2

C:\Users\Admin\Desktop\ReadRegister.dwg

MD5 32ea5ab992fd577098a5a86c0a1de601
SHA1 53aafacdb2b28d82db5697b8400dc5e559955311
SHA256 ed45786723b2f0ed9bfee05c3cabfeef13badf0eee3d5c9915121b90023436b0
SHA512 a864d2f23912987f1f9527d69be1e8078065f4054997732db4d96b00ca3121628c30a8c32b0f32105cf17362b159a09c32ec43875c36bc7f312d9418c481b240

C:\Users\Admin\Desktop\PublishStep.cmd

MD5 f912108c0a2058cb72f193c04bbdfb6a
SHA1 b2813a6dc275a3b05447f1763c717df9226b65dc
SHA256 20544a4938b73a122f2f20bd091877e39b8d39332ac715ee613d14aec6d87492
SHA512 503a861d98009cc27d26207d59a07f1f9cefe88d9e015485670d9770b2d5afc4ba89442fe15e008398d2ea5347e3a3c1deda6407a45995c83096bec362047272

C:\Users\Admin\Desktop\ReceiveMerge.mpg

MD5 cee779ca55a90e87e4ef27d947878f26
SHA1 fda7bf40f7082cba5dc5a6ad77474683ac75d563
SHA256 e01cfbb5b77714c071cd6ad53500dd7507caa55c61f4cd91b72c9c84b2c28f02
SHA512 2b5af369d988a5706e66fcc31ffbbda4f80e927db6ffdac05157b9b32058aabc80dfbcf253cb5f048f5a97b62a8a461eff494a565944dff49b49a93fb04e7098

C:\Users\Admin\Desktop\RedoLock.dotx

MD5 d85159cfd8c9076dbeeba6db47da479d
SHA1 17ee85f037bb79970eab74ed3e21685d61297081
SHA256 9f6ede5f186162a69dbcdfafec369c1bce24eb036130fd9b4d34f29b76dc7ecd
SHA512 b9e8bf57b5d08e3b67b1f97ff78040d15c11696a200d2bdcf4555190019912466c38b9b44deb3ea03e2f717ef3c413afc00180db4b5cb42692ba072a1e6787d9

C:\Users\Admin\Desktop\RenameCompare.mpg

MD5 d8f801daa8e13220799dabf54cdf4942
SHA1 a91b6d3ba31756431bc4ed468ec2e56a81fc2666
SHA256 ed3225776665d3a648a511372099306ac9f188dd306bc6775584892d7e2ab898
SHA512 16549526503f26ce060b4603bc0127724bb3634bfa03dc57fd852a19feed2156e9357db705c133848d2d8ddcf31012ed27842f14c0b939c7329b8765d5504870

C:\Users\Admin\Desktop\ResetUnpublish.vstx

MD5 54bd8f34afa70202e62deb505ec3df96
SHA1 17e077ffdd847dba9ac8f2123ea3e12c1c944dc8
SHA256 9869f3c4720098042f32bc5e487a52fa01a2d4a849aa5254a9f9ae0533c939e4
SHA512 9123355d39a6d9914b4a233891be15c0675ece8282b2d037addc6321de787e39e3ba44e310095bc0fa868892c65ea49ae28c9c61f945cab54ef145820f869058

C:\Users\Admin\Desktop\RestoreLock.css

MD5 2a84af298291b6ed0b4b2423baa63fbe
SHA1 d18521c148eebdb17dc4e97b05d7d4003c373550
SHA256 4cc74948ede39cb1d69e91b798a09b1c850a002fa8e9b801135efb134bfdbed9
SHA512 90eca59854d12641997f638384e4b924cdbbcbaf5e7487e19fb0ef4e78085659c2dd231e2871b844981a095483dd7a9d420c99fb76111f170be1f14a55fdbe13

C:\Users\Admin\Desktop\StepApprove.dib

MD5 8f2689e490f76140ec4da5742ea0692c
SHA1 8bf92f120cec3d7830893e0c56d2ea3bce98db80
SHA256 022c05f0c852810faada32007ea7cc5b12879d0be4c69482ddb6d18815943412
SHA512 4100a3fa5d94be2afcaf3adad74e32dce3c863029b7edd41b3cf28d7984369c0cfd65436f5196cee0e0d992c29d518bf5afec4edc95a96cef8694ef6a28449c4

C:\Users\Admin\Desktop\SkipLimit.jtx

MD5 d674d2419691207c7ad2e398bbd9516b
SHA1 5d504fb42eeaa1cae5e77ce630d0cefb0507acb6
SHA256 8071a69755b3fc9e361bebf8d529ff4608c6636fd21e8e37343695e312d939ee
SHA512 dbd2933dd486290e1075a47b9c407112666a4191d62d54d6603e5e5954898fe1256cae39d516b9147430a6bc03660e7f0ccc95b0b95d21eaa85d53524f61e4f5

C:\Users\Admin\Desktop\SwitchRequest.i64

MD5 8ed95b639bba05f68c3f38c778dd4f0b
SHA1 6da7dc1bc9956da67a518ff996d405fbb1da342d
SHA256 cb35a73c26d8536969eec8031b5450d8ca7cf1a4ee1b613294a32494e36c2c91
SHA512 302e2859b53b923664d21df71addc4851c774c444ead5e0eccffd01571eee260e55985a6aaee78b5c00b7ff34c5ce6c0af5c679c8dd32bbb180060c6875ee26c

C:\Users\Admin\AppData\Local\Temp\CabB2B.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\TarB3D.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04b2ae1bf93176610e23738aab4a162a
SHA1 42eb157da4d563366fe03c2fae30bd925fb8fb41
SHA256 c7920877c4099e757fc96ded83c111325d5a355f012a9f28658934957f5aee11
SHA512 f48abceb421c0695b157e3fa4c9187de5bc9c5b4fb49819bed55ba0a42024cace512f3d6753310bb266b946a43dd5955fce04443112b83d773c324693b1cb6e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68596c2fe52568430fd477ac82192360
SHA1 8e38fb95f35a02676d414692d586c083547ad1b5
SHA256 b4619024d411014e26c6d01a3d10f77bd45683d61a9307e8073e121b71ee5d10
SHA512 0f0411e348bbdcc07817fe62f8e090d0083f7fe035821ead8ff2b8afda4aac92b71badc04b11d54e7cb5f21fa2cf76947db57776b678faa80d19956a21ca1fc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7c155041bacb0e57c80ec62c89d935d
SHA1 33fcd08ad2e7619e0444d42b1de9bc5a1b60fc81
SHA256 78dbad9121b36320e65723b4803aff49872180692e2d1d99cff3c234fa28aa91
SHA512 2bb0219110186da02c18073d8be164d44fdf303367ae122ccb68119aafcd49cf0a8b6c91035bcddf904ca92fee1d5296655f493cab38be0c21160bfda8df3c7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 899a4b470dab9b839ed969d340f65237
SHA1 b77705713776e90ef80a072deef70d5a85f89180
SHA256 9eec90787af110471162112bcf547acb1ed5e24a5ffc803dc4d48c15ed8e9a92
SHA512 54bb85f20d334d50a0859bec74aaa1c78497927cffadacd45ba49a5c2dddf5fd1a7d648b2ff16814b5f0aa8d9c9e635b0235bcc1d33a70894306f777e58db053

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af9cd91ed0d1de2d08f75b472c65f729
SHA1 b75005bb77071273c85c93fb4829c32bab82aa1a
SHA256 7f8f0157ad9efc07c1f1738a6fa9b8e9bf2e461214485eca42b6c29a23eb794d
SHA512 bfd85f4731228e308ff3a2302582ff8fec16d2344f8bbaea8475bcf396cea09d646e27864f14966f9319ff7752b6a2f0090aa40084bb0845dad2e70ceabeb32e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5baf56681bea5f872afd513e09bfcd05
SHA1 0115d2b148f5cace78f1fe0809045fc09570796f
SHA256 831c3c0c1d7ab6985c671ea7c233d15728a50cbe2b8f4285c0afe329e94695dd
SHA512 c3328d04b1f1dac15ec6b8abde9291ea835abad8bd696b58eed1449822ba66646baf8999fbc16c17c5ab2b7615885f384d722356cb94af1f9993ae7f3421f513

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf9136c0e4a5251ee40c61cae4824b38
SHA1 5d71b808b994bf1774d6df66b8f0a8153cb2cd8f
SHA256 4537b00cc4bcb9d331944e090b7e9f6ea0d142f07f89d28fdbd81d93e53bce6d
SHA512 db7cba35e3604d884d83fecd1e6be25c89c89abf78b5ae7361afd1ffab3c2050081e9e6966fad5894e24cb628494df8e61830d407e3e8e48f460221b0083454f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f33bb0619d462950925b7ccabdfb781c
SHA1 3cb8271ab5107880be36612ced1dac6706aa89aa
SHA256 96b5b216975fc46fc0e7f7341385df21ed001aad7975912e6e95dd99dee7c411
SHA512 ccf57ee7940390ae92d4c96b49dd8bfc5dc907451cbac40f7e69774e51ddc03d9fcfcc0d2112077cb7ec1cad6f8a4f942c5e4fd5cbc726830c0908546c94f781

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c966d8d3add896fc610639e43c60c8ae
SHA1 5b1f2957670d33c0040c07482a1ce896a03469be
SHA256 72e9797449443d52dc857d2157a78fd1517b85e39a9b9620a4d36c1a78e3eb13
SHA512 ad72f5e4b87673d758247c123a9a443b29a6761fb373d0166065b34775e634bdaffb0e26a9c1e01aad722df161e3056e0ba0321344a9077c154029fe46bdf520

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0151abd8d2983f76b68149222834c4bf
SHA1 aad091a8ff261adcb19b44cf5ce6b8be4926cc4c
SHA256 52ceeffcfb733381a59b2bf36757995e42bc0c355baec92973ed6efe69a6979d
SHA512 060789816c6e833e5dd6e71f83b1ffc79344f7b0986d57cab00e067fd77e27d46e7e12a8236daf846bda1e5fcde70c04a2ce9dbda66e907e28ca1e18e1116887

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a7f518c296963c1122424a04c06f0360
SHA1 af7d1fd0911666dee1b64f187258d794c78f26ef
SHA256 a4289866115cd44c8468476e9cbbf66f0d85aff3e5ee41e041a2c7a4b0eba195
SHA512 67bb86fdc66ee9ae9c0c3875224684f79c49ab6df9678bba116fb50683082c2d61ccb10ef72d3d289a2505526ae76e7f9034cadf71ea2811bfb622a5e0f75476

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7c590a70-84e0-4805-b61d-35e199817120.tmp

MD5 afb3a291e13b6def3a9587e99e47cff4
SHA1 b2c02b4d2f2de47fbff9bfdae3e8348a93a70f5e
SHA256 6babe02d8a26367c6be7e35772e1c7cfe35bddd237aff05cc91b35ad6578228b
SHA512 ea927bce080064a967a6a47a3737737e378fa3ff6198dd3a42cb2153defe78e9489cb0b4a2c0e29095f2b2e7adb2fafe1f8fe3197c19466d501c8f460e7e7f19

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-17 12:24

Reported

2024-01-17 12:34

Platform

win10v2004-20231215-en

Max time kernel

213s

Max time network

268s

Command Line

"C:\Users\Admin\AppData\Local\Temp\100.exe"

Signatures

njRAT/Bladabindi

trojan njrat

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\100.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\100.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\100.exe

"C:\Users\Admin\AppData\Local\Temp\100.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 185.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 203.33.253.131.in-addr.arpa udp

Files

memory/2052-0-0x0000000000180000-0x0000000000188000-memory.dmp

memory/2052-1-0x0000000000930000-0x0000000000942000-memory.dmp

memory/2052-2-0x00007FF9A7290000-0x00007FF9A7D51000-memory.dmp

memory/2052-3-0x0000000002300000-0x0000000002310000-memory.dmp

memory/2052-7-0x00007FF9A7290000-0x00007FF9A7D51000-memory.dmp

C:\Users\Admin\Desktop\HideUnregister.svgz

MD5 61b3ad6a4f85f2eeef5dc62ff293f96e
SHA1 be7cbcf0d147b181fd427767452ee5386719bf8d
SHA256 c2837f4c1999cf3a76c4f98a78c7a5415ad06372a6a055492ecc5955f597317a
SHA512 44f8fe42ee44df12a6b1e86c3571c4d3da0a03be6ab2d202dfe41704e85b1f677ef4aa2276f527661c1d34770c842bb6202ef6e8afce16dc8605bca17ceaf663

C:\Users\Admin\Desktop\ProtectUpdate.png

MD5 d5a09cf1e72e23e185c7c86b8bf2d36a
SHA1 c7cdd8c216a5558fe3a9779d7d23424883e68735
SHA256 3d1243d6effbaa8c9ba95b3f4a7dd78466c667585336cbb924f0f540f4bef378
SHA512 daa111bd7db3616778e8d01c8d21657a73c72c8c25d42321652b29723b377d57db1e287a5405645adec8dad525bc687661877dac6b260bf6108c4928e9a8f435

C:\Users\Admin\Desktop\LockLimit.emz

MD5 4d3c2e5f84e809e3762bd1f2d2a47afe
SHA1 6ea1f6f1eace5503caee15f8a19b694effa3725d
SHA256 f7a749a5f91038329ba92ca6e446d15e419b028f1336ba951ddaa3e9fc6d076c
SHA512 bdb030062980748b1b3db0629afde254b5b3f80d151965e272e322a97da5c2bc1157701423e6696e6b7f7bd343612999bd63c43de0121e500e1a2815eb891667

C:\Users\Admin\Desktop\InstallStep.docx

MD5 8fbf4ed2180d2b5ee159038da41db7d3
SHA1 d58da290a0fd44a2cd226e2d018724995937ed9d
SHA256 10e6003aa78afb2a82fc2cb16e15c06f0f30f21e7d84e20de7231173c1a5623a
SHA512 56fd260f5ee8717301219a3a89d991cde7fc1f6bd778f4613f8ac2f2cf21e0ccb9781fea68eb3c81a8a7f22379a4a264fbf3f0a3cd2463d4d9e308b72d697226

C:\Users\Admin\Desktop\RequestConvert.ogg

MD5 366c35a97be2aee1e715a0669913bf78
SHA1 49f332559b92461002b88241321609d0cf7bee36
SHA256 f3d623c7767c3d7d187609f16668fe8b1029b26d69bc8e73d18c55f5661acd40
SHA512 a0d62aecb6ae051ec872cdd7e4fb678e27a31e13217ebb19305b398d0cb630a6c544e7bc0c85d468da4bf114d34e618d7542fa10c2e5333e78e35820c896babd

C:\Users\Admin\Desktop\ReadOptimize.wav

MD5 85863e79e5ddee65011b654b0eaf5583
SHA1 6723648a69fbb99a01cf07fdc98d84c7e6a7406a
SHA256 5bbf57eda30218bbfd0e22a9ae70fe56aca7560c6ebc64d7cffafcb3f12d0c1a
SHA512 33ac71e12d24d5dfdac40ced590cb8f9de3b94146b774ae891e46f09a74d82090e9e7c2aea0847ee454e1d75b3a0a87fa295284e52f00d7de33da4c1aec6d1a5

C:\Users\Admin\Desktop\RestartSave.wvx

MD5 0ad6ab46b12270956661458b3e3c61ab
SHA1 777673f00e3f0fffa1651f0d76c4a22aa2ab37ce
SHA256 cf2c5a38494de11d23653103c0a82a8e2286abb29fa73689cdc006b768eb6fd9
SHA512 194df6028cefa2eba7842503fab044a77534c17c542accddb87d35a1b810173caf92923c79888e7a4b2c82627959f2eb14ba27eb7e64faca8335044b9b7b5966

C:\Users\Admin\Desktop\ResumeOut.mid

MD5 bb452480fbecfa29bdad4398fb3f3216
SHA1 bc3bf38cf80b5422ea5ab00481f81c6d2fb1c100
SHA256 2484bac1b2537f9e46437be9a3bbd11ee3204d2eee76002cd2b5dab8286b5207
SHA512 899693c0053fdd935773da8412518457fb1d9a2fa1778da37478afa2a4b8d8bd7815681a6232138fa68b53ccbf9127a2f6d2d7ceafbe8ff5ad174dc0c0f8108c

C:\Users\Admin\Desktop\SearchUninstall.ram

MD5 7343d462986aad2378d645cb912bfe06
SHA1 0034d3e9098a727417f4434fd41d1ae3e4358e6e
SHA256 08e938bac8c5aeabf39e523a6b3e8a8b810a0acbb678be9b9a75d80033fbc2c5
SHA512 841159e2e89e90938a588d7d08e06d3b60f7101325170c51a0fd87c937ec5415c5f3eafe5edc0724ccfd51b4f3dc972f128fa25c1e76603f9512522687bd3561

C:\Users\Admin\Desktop\SelectMeasure.vstx

MD5 40316117e6c3dddc2dc900ffa61ae1e8
SHA1 599f2b47e168f7743faa7d10dd80ca7efb4f5085
SHA256 4e690ad86bb428122133f91264cd7ef9a41eb34b52c7bd2e0e47aeb580be6556
SHA512 23e3265e72f0fa8d415765da3f528883cfc61d4bb25bf8afdb25db49749e43fcabfdf5721c5878e0437116b4e01079f3c84bf05fc88b174d5841696059548fa9

C:\Users\Admin\Desktop\StartSuspend.scf

MD5 961a42f42359c2dffc2ce9c96a35aa12
SHA1 9112c4b02cc9d3433f2233f8ae64eb938b1cf6aa
SHA256 5e176a236a911e3ac730d3c65011a32476a64754906bb5830cd0109c43bcd92d
SHA512 a52402c205cb3c03c0ef044b8687020a86eec95d1620d659d1cc6fa3cc294e55a51eb0e256ea82cde10f6ffd48021cc14503ec0fb69c597761aafc0a00b87f23

C:\Users\Admin\Desktop\UnlockPublish.vdw

MD5 00f6af75005b6e69e61b3f4ee9fd3d8b
SHA1 2a57073c4ce7f33e17213b9f3c1c1ab0a766c276
SHA256 fa5a870e0d3c577d07f2eee67872edcb4d2587de0cf9788aa59d8ffd3509291b
SHA512 558f972eb8fb79aeb0815f1fcc95c2f6b74df71177d05847299fd5c10e10cbf1b1cee2bde048c624e5788dd58b3b15c46a6e3989eecc7291331c6edb2b2ba21d

C:\Users\Admin\Desktop\SyncApprove.cr2

MD5 d69ec48f32cb34de1ef0b95768bfb1e6
SHA1 573e84a24774e84ed80541cfae0503114dcdb3eb
SHA256 0a54903b2250b264a48b0f78f5e1377ae1c2aaaa6e9a5b06f7d788b4b66b406f
SHA512 30bf6ef9eeea0573902ff30505d8a815f66a426e405b3b13a26147f8a6ef26c2c5187d1fdb4928ff678d91ffb8c67fc1d2432a5f83d85edaa536f2fce40a7449

C:\Users\Admin\Desktop\GrantUndo.wmv

MD5 687efe93d05f6f630245fd2ca9411c64
SHA1 922024ac95f9b165103acac108cd1c3e464f8d6d
SHA256 92e98830e516160d3ed3baeb93fd067a08190faa61267650dd00e3608b6a0285
SHA512 04ec7c1e9bb44f767c9c24f4d20b19066619278ee28e59850fc9f8ff34d05f12b4fea897d08c947f0e7f9ac64efd368922deef19a9f5e9331be85875c93ccf05

C:\Users\Admin\Desktop\FormatSync.pub

MD5 159e1c8f0873e10597c2d8645586e709
SHA1 679753d83a9206eb3ac5816fd102b0904ccbbbc6
SHA256 9c5c0177f893fb7a7e6e6459762fc74b4e5cbc865325e2075b5c205f453d7e59
SHA512 efeef872dbfcae38f2eeb049c28e547f998b1d20a2795673fa5d344870b65c5ba0b918641f8f1bdd0be4b7bb0d102485e76010253b733ee220ea97b0f08e47a8

C:\Users\Admin\Desktop\ExitClear.scf

MD5 41dff783a81a826ea0ea9388e9cd63b5
SHA1 4d49000173ae2ba43b59b20969be396b5b0a6392
SHA256 fc1d6699a0507faaf8176f247dee451a4f4a60d764b0d5592b64a2faef4018ea
SHA512 6762c4425ae6ea8f11d33c4ff91601c3751a3cdcf57130f0fda073c9e3683876ba9c7806e8a58a4a29bac6e8e5081318932874db4f4e5777536c038625b6c224

C:\Users\Admin\Desktop\EnableConvertTo.css

MD5 94a9d5f88b1e831788f55afef0673f12
SHA1 a12000090c63a0b32668fca5e54cf98ca7183e8f
SHA256 64962e1abee88b2d432f90355da3d7d68c1350eec6405d96cc986fe0dbf7d59a
SHA512 4a6a6a63959f5958ed3c4380b5d4a84bc10cf57c14639213f565e35fd122f6fe936b6dc33f9e4d03c8509b6911aaa937717df9ae87e04c0078643536bd2b00e4

C:\Users\Admin\Desktop\DismountRead.wav

MD5 28b9c07bb90034cf94c3fb14d6e6c2a4
SHA1 398d9b1e18ae55baab559fe50acd78ff991c42da
SHA256 ee3c989a9ce6179639cfdc69f8002647efb00c58b765af578eef4765fa3827f7
SHA512 bef1456f0828269cff246e1d695a3bad5e98d0833e057a9d2c0ddba48edf2cf311ca03ba3b3380fedd2dc1ed58b719fc37e005b3e0684e70cf294b4e5e5db497

C:\Users\Admin\Desktop\WriteOut.search-ms

MD5 898eff15f6cb64552a0d8e7739f2ced2
SHA1 129c238435f73cf82ca85505207ebaa6a4b6c815
SHA256 525842177b56d680b578c1814d43ea9b7b0d3721094baf2c2bedbaa67a3045f6
SHA512 49c5c8a8e186bdb3f6c1be5ce1f7c79532a305dd9a3fc093ddd55b0e7b8ca2b85e180ab3e652fc80cd3ad1c977842e38897ad4171b1f2687f2484b87ec824465

C:\Users\Admin\Desktop\UnpublishGroup.jpg

MD5 f5103ac5ed2a16e2e3ca15b2252b1a33
SHA1 e8b3d873be072de29954dca0f2d0bdfdd72f8938
SHA256 8d2f248a4b19500d7f5d09854e1ba35b2e776deea43f8c4a229bcee1797598b0
SHA512 c750bdfa4c99788729d418b169ce5aba0f8115f835b0d6e2bb32f5ef21512282f090ece969c5619e23f90ab0dfb17c74c8101a0418583850adbf626c996b5e4d