Malware Analysis Report

2024-10-16 06:39

Sample ID 240618-jz262avbjg
Target eicar_com.zip
SHA256 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad

Threat Level: No (potentially) malicious behavior was detected

The file eicar_com.zip was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


EICAR Anti-Malware test file

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 08:07

Signatures

EICAR Anti-Malware test file

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 08:07

Reported

2024-06-18 08:10

Platform

win11-20240508-en

Max time kernel

143s

Max time network

111s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\eicar_com.zip

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631716761827813" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "250" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5092 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 4316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5092 wrote to memory of 3852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\eicar_com.zip

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbadf6ab58,0x7ffbadf6ab68,0x7ffbadf6ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1768,i,13211193501500108857,16674061091625831564,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1768,i,13211193501500108857,16674061091625831564,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1768,i,13211193501500108857,16674061091625831564,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1768,i,13211193501500108857,16674061091625831564,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1768,i,13211193501500108857,16674061091625831564,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4276 --field-trial-handle=1768,i,13211193501500108857,16674061091625831564,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 --field-trial-handle=1768,i,13211193501500108857,16674061091625831564,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1768,i,13211193501500108857,16674061091625831564,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4712 --field-trial-handle=1768,i,13211193501500108857,16674061091625831564,131072 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3a14055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
GB 104.86.110.104:443 tcp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 52.111.227.14:443 tcp
US 8.8.8.8:53 www.google.com udp
GB 104.86.110.112:443 tcp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
GB 104.86.110.112:443 tcp
GB 104.86.110.112:443 tcp
GB 104.86.110.112:443 tcp

Files

\??\pipe\crashpad_5092_SLUACMZNSIKVSNJO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e21c368ae7c3b9cfe2eeda4f4dcf42f9
SHA1 d1a6e3eef2845cbc3653165387c15b23788f77a1
SHA256 02118cd73b97a7cf9ee3f58afe23a92cc1ee449595566d73c90db4c8d0c69146
SHA512 fbc27f635dbc76fcaaa397ccbddd3bd020933501e99a03bbee108f0ee37b43ab9bca11c14f8e28a284180377165ba5fe879f5540f7d6a70a46181b7bac46e5ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5a4503e02ac49f5374fefe075ef74c5b
SHA1 e6e8964abc327ed82a61e3a89cb5df1eb8f0541a
SHA256 29e37330a7fdcc62e680bd11e9897bfbee308dafb2db6ea9b6d19e80c0e03987
SHA512 b18d88ddafdfb1fc4960103c26393bf2398269f6b7792df9bce6140535eb7d07aefafa07b900152bc46a9f7ea4b7963de0da6f95116dfe2039d34a02bb3b22b9

C:\Users\Admin\Desktop\GetUpdate.bin

MD5 5acc7b672c830ce378e99a7f6802c02c
SHA1 51044b65b987e9eba1049447b2f248e91c30374f
SHA256 a83bf6807dba95e22d44977576cc4da63dd37aba41fafba1382b35fc0986a84b
SHA512 c95bc2a0232eadac7dcd26d25fa976a539aaeaa8edca8dd75d57bdaf56f2bef9df94be3ea3a5c03330950d95a77a25fc9aa9e8aea4a55a7821081d6ceb2d7f40

C:\Users\Admin\Desktop\LimitRegister.xps

MD5 df7ee0438f006f4640f5e9294cdc7382
SHA1 780607094bf248f51c353b0f5389983c2b82a66d
SHA256 29d83135c415d4df568dcf4a1453d3dbcac8164b6bda5e78c0d98b8263c3ee14
SHA512 d072caa122c3b708c39cb234d1ab6e768171f86e0758c743e670f6e9c51fc442e36961d4471e6247e69f6b77b0e3eef16d3d045ddc3c39b4862b2d7ca9dd7c92

C:\Users\Admin\Desktop\RenameStep.dotx

MD5 cb938d8e3e009d7183acd2c1c75bf9d0
SHA1 fda640970ab4260d133df26e9e84283413fef04f
SHA256 ebd9f890d57788e355569762ca1dc0627a069a059698acee37cb518da14be434
SHA512 c89cc9bf2b93e28fbfecf27c0c3eaaf49444d95044590dda1ad97e920db7103f3881d7156ce23de2601b77431156dba26ed5616463b1b9587883b598940678cc

C:\Users\Admin\Desktop\ResizeCheckpoint.mid

MD5 fa803b61b4c70c9f88d0675ccf67e35e
SHA1 b47bee9045920d7fa78b8b1a307777591a81cc51
SHA256 45bfaaceef6c7dec8001152ff2b29c3f9f3031030685ea71a6348c8715842b77
SHA512 041f806091072fe39bfdf10b8832be8b3325fee0204eaa52b9b0ffc88764881c030428538df3b176701ad18401ae6ba0347b613a8da13c4065ec8b51f700ef3b

C:\Users\Admin\Desktop\RequestRestore.mpe

MD5 ac4baa61d5987d6ba307b837d98749ac
SHA1 ab5c58bda021b9a2370b768a507ccb6059cd0e80
SHA256 33f063af42f3ac01ddd2a668cf52fbc529c62b127fa420933785f6396c234ae0
SHA512 62871cab46d0c653bce171f2786bf096b3181d7556816125b1bab1bafe82575395f68d308020b2414bed957d27ef537f83e2e90f74044367b08d4fedbe93723b

C:\Users\Admin\Desktop\RenameSplit.mp4

MD5 1c22a294701c5726640f392ffd86dfaf
SHA1 d8619fd2fe74f43b80689b5c3e19952686df217b
SHA256 323e9b9363f92ba8cceea9ea5e7df88ea47a888fb2bfcc32881ff2adb0dc6664
SHA512 28a5c7f0a7cd7c4d0cd83dbdd4b34fb753268c23ec44c94a14c1bcf31d6a5b993cd5a25f78e5bf390272a80d82b060834f1e65189cc6635625bdac6da023c0ff

C:\Users\Admin\Desktop\RemovePush.rm

MD5 3aaa0d1b296e790251c04eb35323d19d
SHA1 1853fe6b5bfba46957e608e3839fccdf4216301c
SHA256 ac3780dd19e65f20a834389a18f92b56a6ff543577b7df03d9256f87daafb8be
SHA512 72f13e2091a14ff691dcfd166c2b7e224b9fb266c03ee27b4cdf2ec88e4aa6cb24bbd94a7e87ecfb41b40e7b9738cd86d84cf0b2accb62f0ca8da5b449a9fa3b

C:\Users\Admin\Desktop\PopSwitch.xltx

MD5 75f58eb2661af251a6f31a73b1cfb871
SHA1 cf11e15810d75b6c33d6c4abed1896d9d0552cf0
SHA256 667c9e63dd41e5fe17679364011fa7dfe51ec27bae113a92c176ba26bb316a55
SHA512 30d20c5ee7c96db2947416dbe2302eebf467b59d8d8f9276c489564d31ad8e7077a118aec408f8267932c6e55ed2ad6882830f7a2dbbfdcb6bd586ba64c7f97d

C:\Users\Admin\Desktop\PingUninstall.rle

MD5 7e96c76cdaa3884a90af0f6a008a7188
SHA1 e041035f9b84da0be8622eb4452e05b33dba0025
SHA256 e328cf03ccc6302d8c59bce3e975113274b6138df9d3fa8a5dfa70d86eea47ee
SHA512 76cacdf26cc05d6c2490b0bf66397bb3ea866d3eee91578b8a9166fae1230fc7cfabbc541e121cf31123c033483f415e1ab102e8de1bef76687e216c6915cb71

C:\Users\Admin\Desktop\Microsoft Edge.lnk

MD5 7152d9232c8557b9a2af18eb0e9dcf35
SHA1 beb2ceb4b01da072880c2e07f10fa0cc2625bc6b
SHA256 1bdc99f72d9c413e01b6cd7060f627e70b5863e0da5325b41a9b7001b4e3bfbb
SHA512 82875ac64daaee6180a18afbe14763a77a70d79812b0d374cd4a6a98c3ed30e99a523cdb96d37ebe8b419e81e8aac7aa41152daa5043b2edaaaaff93ca12fdc8

C:\Users\Admin\Desktop\ShowUnlock.raw

MD5 40e9379e85dd23a39cb3f20e86cc49ca
SHA1 2b1bbba051cf19d6be8a36c4f128e834848e307c
SHA256 c6d48bd685e496651f81ca6457c82830ca6e3d95e7547be32b240836afdf8515
SHA512 2a121633d174c79573580703f37ea65ad7a8e09d9a5c8ac2f13005294b284fef99989e2daa141b9d41709a3c506e4b35c15afb8a041fca920df7a996f0d3c949

C:\Users\Admin\Desktop\ResumeCompare.tif

MD5 9bcffc11dd614d3ba6318f03c8669e4d
SHA1 bb88564e02ff67a07e36077f029840c56acd6f15
SHA256 af81d4290ad75d591c5f3d77f841ccf886941941fe81d5bcd967e997bfc591f7
SHA512 5a44ab6ee96ba1ad9977bac68b2e7824fc7face490be6bcab40a4001b963ab00a734801072736ca206a77cbec22b1688015bf7c01d7e42a2e897b83314a5f9a2

C:\Users\Admin\Desktop\SubmitFind.mpeg2

MD5 0af46f976d3a42ea7588b0858c392790
SHA1 7dbf153fc9a47fcd7308b17be365341f481cc91e
SHA256 29bc5497ab46b45fc830583e5e6cb70bf24722fec45f2fba74ed291003a4256d
SHA512 a33dee1d70bd650ba6580ff29c9400f50a707d9e6da6b73b15a0d7a8f6a66443a3cb0476d8a097fb7c0beba2a254105c655279a83efc246cfb72119e96acdd6c

C:\Users\Admin\Desktop\SwitchGroup.eprtx

MD5 0ba81322f1077820208bc9909157e9b9
SHA1 cfb1552250905a50612dcb92af25612f96771805
SHA256 0449fb3df12f8be31f0159df9ff877f8a1f1edb691fef63b97386d47c48c2cb1
SHA512 f154372b4048936f45b1b243dc9230207c7421deadb10081f019da1a4e7ef4f82431674f78d042fa7cad3b83b11b1a098a17a888567727496d7a5a7069f6dfb4

C:\Users\Admin\Desktop\UninstallDismount.xlt

MD5 1ab98046a9afd8a72a8fe1452e3c42ad
SHA1 25a72d7b1d42adb9e18073f38919aebc2e4f3163
SHA256 5ac471cb57a02d8f8183e73fd393eaa189c8e9e16fda9f13a863ba14b3f30f2b
SHA512 67e39efa6e2f33e2ead5a6cb86660cab17bba95048cac1b512db85d6deef7bce7480f00ea0ad1dac0925313e363150901e6728f7d82b16f0e5fe275e687c9de9

C:\Users\Admin\Desktop\UseCopy.reg

MD5 25fbbecd48bcd433711bb55c52e2e638
SHA1 3b2843e7ae9f9dcadd9cc412de42886c69ea0f8d
SHA256 b93fb21837018e454878b8aaf43fe37e4d22b8dc33de29a62511d7130dbb2600
SHA512 f5d32aaf04daf2ebdc05b921b8695e0ce8d325a56a01d6f99f1abdc17e9078d1ea8d569e944fd23e931622a1077637cd332e735269f269093d87bf3593586a0f

C:\Users\Admin\Desktop\EnterWait.xsl

MD5 c4e825c21690b23a44960fde5093dc99
SHA1 ac18093a33cee9180e225894229cbdd823e7ac40
SHA256 72ee51d5d35fa3c25847c523d12a75e391f81c23b6e6e4bc9690046f07532a66
SHA512 33725c9a6b34f5ae470505c2d95b3a1c46ad81beb6da81abaf42df8ab9a5b6bf3636f9070d8ee6ef798a4dcd00bec46e7e45859b892c4f13ad0970739e418564

C:\Users\Admin\Desktop\ConfirmResize.xps

MD5 81e53940ba8d511bed759ee68757afef
SHA1 d4fa49fa06ef9c29777e65a4958b4fd83e765b7f
SHA256 8e189ca118928514f04e38a54da51bd514e8ed8b0d3ae04e8b39b6d1e0b7ec63
SHA512 f284656ea182d5d0ebc8858fd1fa32379a6005bf2597bdb007d33c36a80257b0024367ae50469256a36499e476a2248e01f706491745c2ebc253ac1f10209549

C:\Users\Admin\Desktop\BlockConvert.ppsx

MD5 222fdd31ec9ec5d58e99fcd59dd94ca0
SHA1 47c73d860d6e04672231782ffcfec4d34d3738fe
SHA256 7323f8aa9b367fd992a70d2eb08873d57d34b0d7ca498ab31da5f81cdacc15e8
SHA512 70ec7d2dcc2c2e088763effcd8cbefa70f97bff833c617150152cfa6e67981c913459760316ef7faefa0f2f3809093d9e18bb01cc3d569bf3d978134ec43940f

C:\Users\Admin\Desktop\AssertRestart.mpeg3

MD5 719d35772ab3035d2c7cf2fea2a26bc0
SHA1 338de555097f1b50e4ce1fcf82b0f5294cd88e38
SHA256 6d41110ef0d333dd0a68dcd52348736c627db0a9cae47b5917ffcc724c6fb924
SHA512 cf8cedddc8e36304ff5912fcab28c370af212543ffe4285c189e04205ac84784b055a885347e09bb900bc2d1d012fc4b7fb1cd4e5c3f3174990924621ab4314a

C:\Users\Admin\Desktop\AddUnlock.ADT

MD5 9ad604dd0fa6c82b662c53a0bcb70228
SHA1 45c346596ccc49f4e9eba2e80060677ac1952ab5
SHA256 d6491c8eedee7238b0253aa652814e33c2018b24887336f46fec733c1a8c813b
SHA512 75a0a601c729a5ee8ef52d32cb81baacb019604eae8b84b91973cbf2106607cd8f97121959399f9769c08d90dc99bcf8c9b5cd7d3d436134114b4f54c6ab8b85

C:\Users\Admin\Desktop\WatchRepair.htm

MD5 7632d629fd1462e78ba23cd23325b4c8
SHA1 43e53547b854c49d157ecd2e8a5fbc92f1ef0c69
SHA256 2f0ffafa8a4e08b02b7d298df2d5c47d360f566ab92ed7d4428816a9d4813ada
SHA512 79a60c3135ed179455bee411cf14afea8ce41abcfd2b7dd6def7db52a1677a3fbf95c20e8e0fba74159c52050f85760a3afce4fe8a303ed83b6aa875adec8976

C:\Users\Admin\Desktop\UpdateSave.jpg

MD5 de91847991839d86c1ade6e766a8f1f4
SHA1 a901a09e4649c202a9b3f21fba0fa157f56c32a3
SHA256 7b8b39e00f85169dfdae485eab9ef6633847761ada58b0760e4033eeb629ce7e
SHA512 8aa310abc29199c0b969ad417b9f31fff2bcd743f8318ff46318c99f8224b2143495be83a319f98a9f7fa0c88d7a3aaf086293f59910140099391aed9491acda

C:\Users\Admin\Desktop\UpdateRemove.AAC

MD5 9d49c9970e96baba7d9045077b571749
SHA1 3248a2959a6132fa16a55e97fefdab3552287b91
SHA256 ae5a12e591b492b391fc8aa3eb63a0f358d7292b46e74db51d5d1039abb699dc
SHA512 29c9a0a2ad57a5fdb36d6785bc260fb1ca21f40c532283974f453006506121014e37bec2288f0d67e29f989a49b9c4f064a6d465899ea874d5a957b4f6d2c2c2

C:\Users\Admin\Desktop\UnregisterSet.inf

MD5 51333ea0e4e5a3b91bbc2a2a8f4232cb
SHA1 f41543f77920647464137c11901a4dfee26a6bf2
SHA256 5ee9b72dc0dce4c4439f00201a4b3bce801633fb94197995865be57404de05ff
SHA512 52b0d6f178a88b2200a2c28ce21c5fcad4983e7e24d13fced1dd43daa8338dcec859ab5d803c5af5c063f60704c25e01af0afddb8c28d8bebf87ca633947dbce

C:\Users\Admin\Downloads\JoinSet.lock

MD5 8267623b688f77ade08f890a5fdf9144
SHA1 7ab679a64f1a1d02d94ccf741b09d73644570fda
SHA256 3ca81ffe7b328b1dae58f08e9d9e57a5f18dbf7d15ebdbbae3f8203be96a872f
SHA512 e820ad2d451466517475834cfc875e6fc331b8f82424bfcbd9379347ba60ad223842042ea4d92be41335006b6d44de235921fcc7230f3ce0eb061a95e1f6ab2d

C:\Users\Admin\Downloads\InvokeInstall.m4a

MD5 15da4843159ae4d892f730cb8bd306ce
SHA1 666e4e330a3219921f5f2413c176d9d0717e2bbf
SHA256 16e316a3d65651fb0edc474439aa387455bccdfb31648951c8d77dc9acfb72f0
SHA512 bba6cdb947bfc01745a83871a49c5305d56b18e8dfc4fbda6339542aaee6b383e340a810a4169af3a71a9defef86e10c1081bcf2d1b33f277af0c68853ffe8f6

C:\Users\Admin\Downloads\EnterDebug.m4v

MD5 f68be0a8787883d30826ae8d72582325
SHA1 4391bf0d58134e2b7ca6d679ada5ee5bac835f82
SHA256 8175931e84e73f345e5885a682d6edf444ecafcbc7e38e79d6e2217dfdfdda85
SHA512 8c641f83b676569aeec3857ad3d3445b417eac27b99791bbe40331ac39f15f9e4810ee2282a08b1e07c86823cd833281e798aebb157eec2bb5e9fb3b4a1be101

C:\Users\Admin\Downloads\CloseSearch.asx

MD5 80399f9075a9ea154655c8d2d139aa2e
SHA1 a4f4c787c313b85a07ef53a584550eeb229685f6
SHA256 ea79b086afc40b1ac1216b84172cb45e069e29a2a74e6c3ba55d020b8cac603f
SHA512 db216d920b835609f3d480559538285801820a704eebad61098cdc4566b388859ce9666c3bfed47b85019d3e0f17bd328f3ab6753d21f8f9ab69c8fc5cf0eb00

C:\Users\Admin\Downloads\TraceMove.php

MD5 3d6fe37905d530cc6a9dcf0e3f249d09
SHA1 c050ce2f086de855dd6ef8d4d8d39cdebb1c6314
SHA256 9de5662a443b82e3de5dea415b1d1c78507c291e88f102205a5ea1b306c3b9f0
SHA512 124a3c19737ae640e18a179c1618a6942883ddce3a62e6b63dcb2e1cae1aa70cd5663673de98d59614a000062e9a1f8e3edf1cbf244c3e53d50414072c22e72a

C:\Users\Admin\Downloads\GetOptimize.vsx

MD5 b9fe9f037ac885f4f66fdc2e61a07dcd
SHA1 b1f1d36320cd3a9374497a9ee413edb0a012634d
SHA256 f41a777e98e99c2b7fdbdf079c2333d59491d6381f9114102d9d3c8bdcbfc938
SHA512 4c8275871c21b50d7e65230e1cc8438e55dd940d3a2f75543d3608389f2443e9a561008f45282b56ca0109a4a85aa8f681b197a8551c6e470587320b9dd112ae

C:\Users\Admin\Downloads\ProtectReceive.sql

MD5 89c2a5a42d228e02e166faa4eff1750a
SHA1 1fbd3cd743a4dcc9c42262e283dc4647465d3119
SHA256 56f2475a07850a42899f699aa6ec9fcc944346f742fab3b7328522aef19e2477
SHA512 138669cab8d009564057e7c8ea147335defac64e6819b97c2d544d3336eeedb072e02f323e357a898b08252f153ef8f18fe8ada36bae83798c64fd1799a51ea1

C:\Users\Admin\Downloads\LockUninstall.pub

MD5 c6c8f8620203640591661146d0cb7cc3
SHA1 93c2757b70ee89e009b1d9287b489cb5992607f7
SHA256 304ce10abeb55a12fc6c26395379823530bd495b6413c2965ca70507b4f1b0ef
SHA512 348596a748d17ac83757577d5d493ccac707c3f1aa0bfd41bfaa5e93d22bd18058190f19ecf83e434dacf61105542966032b636d8e587d93981ea457acd021e5

C:\Users\Admin\Downloads\ReadRepair.ppsm

MD5 4c0071529d68343708a59763518d74ca
SHA1 733afdb286f35dae239a04be6f105380e2d5cf85
SHA256 1e5adbc5c9c99af52070025fa9d0cb362ece7733368b4dd9ac2dfe578c6fe134
SHA512 62cc035c997710436d8dee189177838619b95595f0e659d3494d60f533bee5669fd83c7a8baae1008d9a41b80b5d407ab0b28feaa6434e13a43d2b54d0b74e28

C:\Users\Admin\Downloads\CompressUpdate.ADTS

MD5 5ceb0ac65f9e0d1fbf07decd336b3874
SHA1 9307ee60648a6c7b71439fefe0bea399bb54bc17
SHA256 68db04c34a3216c491576e09d6b982cc40df82b35a802afa522249dd607d69bb
SHA512 c0287c75d5183f1f6c1aa27ca10478d62e0bc8539b5e0d965aa0e3e91ab31bb0b8e4125fba906d62f451a7b83f141fb5342bda48aca4867254003175288083c7

C:\Users\Admin\Downloads\SubmitRemove.m3u

MD5 178505362ddfc949fce803f2064bf407
SHA1 9936f5cd77d3aba093a65484303879f966ed6efd
SHA256 89c32aca45934f319c78520cf22609159f3f976d6ba3052552987921fb4d4f1d
SHA512 afc3b81f68f345a1bcfcd1f123f5f930950d39c94ce11dbe872a694a60d2c7a472117349869e62666957b3e33d1991893ff5f0815b04fe7f372a84835ca3734c

C:\Users\Admin\Downloads\ExpandBackup.clr

MD5 9075f66f2cf344fe15a020d1bdfee65d
SHA1 8dadd4f795324d5258eb62d669e6a41ec2a6e8b2
SHA256 56794411b2a3a519f3dd8763a71a7b564cb218b3b450582326a272fe52e9b100
SHA512 b99046d640a3f0b6f1e728b96a00077a2cc5d5ede65c8765e5700588036e74b6edfdf8c90c7e99ee7730a915ac75d40e1a95860e66e963861bdd18af8c12dfb1

C:\Users\Admin\Downloads\EnterImport.xsl

MD5 b00b8a4f084881b63ea04aae668bab4f
SHA1 00cd96c4fdbec8931aa07d8abaa729e10241fdba
SHA256 0f824b8b52ad0bea25b06e876615a1d21a7a07307435e1fcf31f3ea6e31f27ea
SHA512 5238fc56dcec605d797291497050165a80aa56a63300e90df8e2cf1c68dbad46daa1fe1f8c88b3cde02113a046f25c8c29bf75cc65aaee498148bef4932d3972

C:\Users\Admin\Downloads\CompleteUse.pptm

MD5 fe77be5d3a7723394c3b0198b1d2db13
SHA1 42eb2877f3599b0cd64f47bf415ee6aa7feb55e3
SHA256 f34588cebe07b9d7b42c146a3b215ded3d9d98ba6569882f8cf3f0d762011339
SHA512 94e3e65161dc885a11cfe7a90202a9b0e7522375251e2c75f76855af85a371b09cd9f0b28bc9e230267c0b7858cf28739e1e060a3db2a93b0226a0971bdf787a

C:\Users\Admin\Downloads\SubmitWatch.ADTS

MD5 02357ae8abcc5272292e0bd3e30795e7
SHA1 8e20f5463d6432bf14e5454b61a9f8b577363ddc
SHA256 008eab16602cf36f4edad2449c2919f9d6721746acb148289b3697ba5c6a2209
SHA512 0598ccd5a1ab6e739b968288c2d35495118b8f5b8bd139aed151a5aaad3f2dad1a2b24e43eb3805604cf5646bf4d04b4b4032bff1db7120f2a93d4483070d81f

C:\Users\Admin\Downloads\InstallResize.vb

MD5 a2aef170f63fe0d9295b492ae7545e0c
SHA1 ae1705cdfb7ebff45b95405647b037f92abfff0f
SHA256 0e1081d28498d1b932bd7ec7821d67b30dfda3a12b78a1a519a07de0c9e51de9
SHA512 69b44850823bcf44a5c6f4086177184e27fd7b28c62cbdfeb7b7aaba481def9dcafe5d40c75d01fbbe1cc5602edef0b88f5bac26fa6124692b70a143ad076817

C:\Users\Admin\Downloads\SwitchConvert.gif

MD5 623d9569d82aa4fbe8ff177ab6c25f09
SHA1 55fb72eb976f33465511ec64dc18b1d69a977bf6
SHA256 9c2ed72d126e5a24dbcee00654e734df146dace6d71fc82782504bbb71ae9536
SHA512 e668cff42f660e0eee755da503bba18d66bf0c26e968a4134c2c47adf707ce2a3c0350cc8cb266c3359062140c95f28c45039a0c7c098ee183df721a1dd82b07

C:\Users\Admin\Downloads\CompressStart.avi

MD5 2ec7de465b3759ef5fef4e551b1833e4
SHA1 e78560eb83398fda1feb5ee27f9c83b45c400160
SHA256 24aabc4df3f931e8de648a399e3ef90ee95114ba96725c7cd8b9682911e12022
SHA512 80113889bbc70f90f2dc5818c84fda8d4bb825c86462890235c81d56c1655f0d91cce104fdec009c5e5ef26c5f0b3b00d4addcc0f3b4aadbefd266c88fc83476

C:\Users\Admin\Downloads\OutRedo.pdf

MD5 7829df86bc88f5b457647b291aff602d
SHA1 86a89dc6a9a340f913e031e7c94dcd08dc92be64
SHA256 06b6481484b3315910110c1ce0f26715c119446375be195d338415c3c7def4de
SHA512 426329b2d7a8c90c279e0e63b455cc543ee872340ca06acf164abd3cc0216ff6c1188aff7ef73e187a78e4bdb4d3179fbfddec7617381f94386dc7cd2c130003

C:\Users\Admin\Downloads\CheckpointSuspend.mp3

MD5 0b286f7eef2b1233292b00f47ea3d086
SHA1 28d1eed95acf7af6ce7602c88cbbe82d73aff7de
SHA256 48e138651edb7a8f38bf42358200949107c1d4acfc8dc3344f16a246e2787026
SHA512 a41d4341ddf999a14dac268da89dafcf3dc86564449d26f12fed06f9a46f0fbe06f1adb30ccd57a1e85baec2a15c3653aaca494c24e22fbe9a1340a8bd1c54df

C:\Users\Admin\Downloads\SetReset.mht

MD5 a65de3290b0792e092e4018ea72a41e0
SHA1 3169c754527d5fcb18e53b5ff0640a54e7ef0c1f
SHA256 5ee61056c83ba524be480c90316a9d03d178fd4ea73a7f7f49e5850ee48d3ced
SHA512 154528e6252eef90eeef5883faf9f04452ba3642f534e328630a76f68562e019edbb38f5e2cf85b218f2fb41d81d3515076b77388d2fe6df5208677a0f9a067c

C:\Users\Admin\Downloads\PushSync.xlt

MD5 ef1c36dbb63f25de64bad9650ea325b0
SHA1 34a8566a6570f5a92c9cc13bb791f98b620053de
SHA256 4331072971c73da3f7c15d0098599adf56a4424944dc64e8c8b283953f4cfb94
SHA512 77157d76c6a85b6953fb95a6801e8dfdb20ce1a82e9cbfa2aac439e3697fbc1907dae94dd42109825152ab82c561cf12cc9751f7aa3861ba0eae31e0ebde564c

C:\Users\Admin\Downloads\ConvertGrant.mpeg3

MD5 294ba0aead1649596997bb7cc70eafc7
SHA1 1a1030994597f14dc71eac8fb494c99bfd4eb9fc
SHA256 77246cc8eaa80ff45c011399470e3c253cf3fedee1992b805cd9716bc631b293
SHA512 945ea378e8045f01613d89cead40fc345a877bd9c3b90d7d28712e73e354d820ac98abc09a8dd581739b9971bd1a80a069b225874cf10f62078f7917577ec8d1

C:\Users\Admin\Downloads\CopyRepair.zip

MD5 9f9fde270c1ee6cc50d360a25f8aef8f
SHA1 765e1be869b846fc74516e76f6f484ed09193fad
SHA256 9404fce1ae070aae979f2c7d94f2431fd6d5c9ebc7ee017139af5848d5ee47a2
SHA512 fddcd5df177f2ada4c97dfad08d74aadc08a5dd1fd068d33f2bf6f93db15628bb6a7f53be23ca45b3e55e619578e2669e095acfcc1ba691f9b3054403e8df2ee

C:\Users\Admin\Downloads\UnlockRegister.clr

MD5 4d4f457f70936cadb1f8280803b067a9
SHA1 a84048e8276e71e310b957acb00bb6eea8779517
SHA256 f0251fa7e692d30d2514341cc0514637a2709f84564f8362992f4008fb2f29c1
SHA512 0afe5ffb4c82a7fc687c8e277e4fdeca72142d46f0d39029ceb271552f93ed235ee1653eafbbea89b6d74e17535d5cb73e5ea32b9ec0d67eacd2458f8c239c2f

C:\Users\Admin\Downloads\UseUndo.7z

MD5 2175def59c5e7d97ad9bf0fd1356064c
SHA1 bce279b61c5ec26fd96f7cc49e9795fecd324591
SHA256 345988b4ddacb16d4bfc1d51d914f4ff2ad5e9f5472ba3cb4ab09fbe315da6bb
SHA512 aaadf383ebce7eaaf1187ed79ddd9a92b40b532043fd6eef1133907e689be929f5a950cbe6b8b9a761dc81dcb338b4ac3bcb1d4940254be51d6b3340fc3239e1

C:\Users\Admin\Downloads\SkipSave.inf

MD5 52fda8ba58f9bc54b86e872a7366151a
SHA1 b0a074bbd477f856ba1d799d64a4d88bf4bdddfa
SHA256 0ded8a33f56abff842117d4546186d3102ad5524f0981653c9a25aa46bbfda75
SHA512 0a072a567ac5ad4437a48e759957848eceabdd657d25a9838759409e2d5277f16c115a84de0136f34ccd91143da1deeeae588a8789f73647cec43afd170f88d0

C:\Users\Admin\Downloads\CopyLock.xls

MD5 fee5c538c92fa5d06855f915e919e190
SHA1 962eb531aff18f653d4e7beca8c73c23a19be137
SHA256 550eed45415ac1dd8bb730f3e158275ed2c3a6b522c6c127f7cd91d2791666bf
SHA512 06661f5b8a2a76d3f31b6478e47138787d808482b2b0c273aea99b05766d312bd40d04eba50680754b1220937fe6e4f68f34b83874134499267f066ef3f8a4e0

C:\Users\Admin\Downloads\TraceBlock.csv

MD5 573267e42ea3dda5dd118bec96475ce3
SHA1 49caa1a3cc64e6d6f32e81425a336d4607780cb9
SHA256 2216658639bd938a8a1a6444c9b12314b182279419f97ac364e95c9e4299fec6
SHA512 3eaa3f18c20d67b8737c61ba0e17481251201fd4a565114313c7d48ad8b92bdeaf02f2a5a1056f5ac0ef47aeb5133a215b20ce17801ede85cd9fede0e4a2eed8

C:\Users\Admin\Downloads\ConvertToJoin.wmf

MD5 5bb261508d1ac7b55766ed4f5b2186ff
SHA1 26146c14103d6ac7ce405f34d34ced9213855929
SHA256 2171821f1a11e9e5bb30086887f2d7a20236894b8c38c7613ac9f658f72c83c2
SHA512 057ea23125e575c8818b49815bc5a7ca706b81437c3f8edbbc57cc54c544dc749f2b5cebb9801e43bb64e53b7fd94c00a3b840ea91467572bd0df6a64741fb26

C:\Users\Admin\Downloads\SetJoin.ADTS

MD5 d66ac18122af761deff62766ac42f9f3
SHA1 448b0b262b762b2c33dd3fb197be55fdbcf9616e
SHA256 f19299773cec980b414e205d5173c4b5e2ddbaf4eb87fad8a827f768fce66316
SHA512 c9cf6565b7a3d1395c2928861fa55d832694a7c542bebdea2ffafc3555cdec18453f2586a6a1b44dd10ff8823543090d2b2d6b1b59165e940065eba71dbceaba

C:\Users\Admin\Downloads\UndoInstall.mht

MD5 48f790dbd820ec836b88a49dabca070d
SHA1 8db29d5b48ae6a361cf4aae4688c998f289c6f53
SHA256 2677a975d31eb9f364e370d19abbef273d7f29eda85261292dd9abbc9e94e842
SHA512 e67ff24e3cd220dd40c22c0191dd10aa44d2eb5d75e3e164fc0180fa303c4526a26db68f806818c1c2b7d04d07def0c27d174fa1e4509f00c1393c6b7b4b3b49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d4e3011c6e7ea984925726b8ea6092ec
SHA1 79f080447c0906b3650a19d493593519cb933cdf
SHA256 f11d52bb94ef00f5e037dc7d97cc36a941c448a8c13884e8988e8183c71b1291
SHA512 840bf46fc08c9e1a2ec0208fa613196dace19e203bbd9c1b94eb6d5adf273c298002bc7cc28cc051a2e80c5c9b9539f4d777ee321101980b6e4827d51a383092

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5d6cae623b93113969a92837efe41b1c
SHA1 9e506054d35c568205765859e5373b93143d5069
SHA256 7282cc2ce731427c53c593903a5f2eefccf501ee5d1e788062de907aada402fb
SHA512 429aa88c2b4708baf949655932e8cdc57542f0a3ef831431ebce2e89861da0d764c781f54712abbffe5b1c4ba9335620b016ce15a68ce078e663dd911c59d9a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 48085e5ba96b59502eb30916e4b3d951
SHA1 6924dfb10b3091b795623f19432c3fb0c6b9b284
SHA256 dc19aecfdb38b8f2e2dd81bc5c0a894dcfe954ea1b4367dd33ffe31397ecdb78
SHA512 b201e94f0ea41e3048a497fc59c2853069c06b1a34e4352aa1bc7642d3139e5bd15352ceb89814c1eac684706365eba10d4c9eed96d46c209ca648f1c1abf3e6