Malware Analysis Report

2024-09-22 06:29

Sample ID 230407-v8vzvsbh21
Target https://go.microsoft.com/fwlink/?linkid=2171764
Tags
bazarbackdoor adware backdoor bootkit discovery persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://go.microsoft.com/fwlink/?linkid=2171764 was found to be: Known bad.

Malicious Activity Summary

bazarbackdoor adware backdoor bootkit discovery persistence spyware stealer

BazarBackdoor

Modifies WinLogon for persistence

Suspicious use of NtCreateProcessExOtherParentProcess

Suspicious use of NtCreateUserProcessOtherParentProcess

Bazar/Team9 Backdoor payload

Modifies RDP port number used by Windows

Downloads MZ/PE file

Sets service image path in registry

Blocklisted process makes network request

Drops file in Drivers directory

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Checks computer location settings

Registers COM server for autorun

Checks BIOS information in registry

Checks for any installed AV software in registry

Checks installed software on the system

Writes to the Master Boot Record (MBR)

Installs/modifies Browser Helper Object

Drops desktop.ini file(s)

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Checks system information in the registry

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: LoadsDriver

Enumerates system info in registry

Uses Volume Shadow Copy service COM API

Uses Volume Shadow Copy WMI provider

Checks SCSI registry key(s)

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Runs regedit.exe

Uses Task Scheduler COM API

Modifies system certificate store

Checks processor information in registry

Kills process with taskkill

NTFS ADS

Modifies registry class

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

MITRE ATT&CK Matrix V6

Analysis: static1

Detonation Overview

Reported

2023-04-07 17:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-07 17:40

Reported

2023-04-07 18:25

Platform

win10v2004-20230221-en

Max time kernel

2188s

Max time network

2007s

Command Line

C:\Windows\Explorer.EXE

Signatures

BazarBackdoor

backdoor bazarbackdoor

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Suspicious use of NtCreateProcessExOtherParentProcess

Description Indicator Process Target
PID 2036 created 464 N/A C:\Windows\system32\taskmgr.exe C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe
PID 2036 created 464 N/A C:\Windows\system32\taskmgr.exe C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 5348 created 3244 N/A C:\Users\Admin\Downloads\MBSetup-E188FB74.exe C:\Windows\Explorer.EXE

Bazar/Team9 Backdoor payload

Description Indicator Process Target
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\DRIVERS\MbamChameleon.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET331F.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET34D8.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\mbamswissarmy.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET6E09.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET6E09.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET3330.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET337F.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mbam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\drivers\mbae64.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET6619.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\mwac.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\farflt.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET34D8.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\Downloads\MBSetup-E188FB74.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET6619.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET331F.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET3330.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET337F.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies RDP port number used by Windows

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMChameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\MBSetup-E188FB74.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\Downloads\MBSetup-E188FB74.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Windows11InstallationAssistant.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation C:\Program Files\CCleaner\CCleaner64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation C:\Program Files\CCleaner\CCleaner64.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Windows11InstallationAssistant.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup-E188FB74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-0.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
N/A N/A C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
N/A N/A C:\Program Files\CCleaner\CCleaner64.exe N/A
N/A N/A C:\Program Files\CCleaner\CCUpdate.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_66\bin\javaws.exe N/A
N/A N/A C:\Program Files\CCleaner\CCleaner64.exe N/A
N/A N/A C:\Program Files\CCleaner\CCleaner64.exe N/A
N/A N/A C:\Program Files\CCleaner\CCleaner64.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
N/A N/A C:\Program Files\CCleaner\CCUpdate.exe N/A
N/A N/A C:\Program Files\CCleaner\CCleaner64.exe N/A
N/A N/A C:\Program Files\CCleaner\CCleaner64.exe N/A
N/A N/A C:\Windows\Temp\CC-Updates\Update-a6a0f7c173094f8dafef996157751ecf.exe N/A
N/A N/A C:\Windows\Temp\CC-Updates\Update-e70de386ebc763932a181fc37a2ad042.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds241456546.tmp\Update-e70de386ebc763932a181fc37a2ad042.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_361\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_361\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_361\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_361\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_361\bin\jp2launcher.exe N/A
N/A N/A C:\Windows\Installer\MSI5B17.tmp N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
N/A N/A C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7FF5B93B-2D82-4FE9-A865-C08D7CA32612\dismhost.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0059-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0165-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0296-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0301-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0307-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0146-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0330-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBA}\INPROCSERVER32 C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0002-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0115-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0359-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0074-ABCDEFFEDCBA}\InprocServer32 C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0216-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0105-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0129-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0182-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0047-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSI5B17.tmp N/A
Key deleted \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_CLASSES\CLSID\{CAFEEFAC-0018-0000-0168-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0300-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_CLASSES\CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0155-ABCDEFFEDCBC}\InprocServer32 C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0214-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0092-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0079-ABCDEFFEDCBA}\InprocServer32 C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBA}\InprocServer32 C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0341-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0195-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0278-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0013-0001-0044-ABCDEFFEDCBA}\INPROCSERVER32 C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32 C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0362-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSI5B17.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0105-ABCDEFFEDCBA}\INPROCSERVER32 C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0294-ABCDEFFEDCBC}\InprocServer32 C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0236-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBA}\InprocServer32 C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0078-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0048-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0090-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Windows\Installer\MSI5B17.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0127-ABCDEFFEDCBC}\INPROCSERVER32 C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0366-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0103-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0094-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0233-ABCDEFFEDCBC}\INPROCSERVER32 C:\Windows\Installer\MSI5B17.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0202-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0097-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSI5B17.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0131-ABCDEFFEDCBA}\INPROCSERVER32 C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0295-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0269-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0134-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0172-ABCDEFFEDCBA}\InprocServer32 C:\Windows\Installer\MSI5B17.tmp N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CCleaner Smart Cleaning = "\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR" C:\Program Files\CCleaner\CCleaner64.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Antivirus C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\Software\Avast Software\Avast C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Avast Software\Avast C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir Desktop C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Avira\AntiVirus C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\AVAST Software\Avast C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Antivirus C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Avira\AntiVirus C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\Speedup C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Avast Software\Avast C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\AntiVir Desktop C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir Desktop C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Avast Software\Avast C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\AVAST Software\Avast C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\AntiVir Desktop C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Avast Software\Avast C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\Speedup C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\Software\Avast Software\Avast C:\Program Files\CCleaner\CCleaner64.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\PCHealthCheck\desktop.ini C:\Windows\System32\MsiExec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\F: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Windows\Installer\MSI5B17.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Windows\Installer\MSI5B17.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Windows\Installer\MSI5B17.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files\CCleaner\CCUpdate.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files\Java\jre1.8.0_66\bin\javaws.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files\CCleaner\CCUpdate.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files\CCleaner\CCleaner64.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\CCleaner\CCleaner64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\CCleaner\CCleaner64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\CCleaner\CCleaner64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\CCleaner\CCleaner64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\CCleaner\CCleaner64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\CCleaner\CCleaner64.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\LogFiles\setupcln\setuperr.log C:\Windows\System32\cleanmgr.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1401C7EC8E96BC79CBFD92F9DF762D_E35D496D1CD0B884BEBCAFED0FE61600 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
File opened for modification C:\Windows\system32\LogFiles\setupcln\setupact.log C:\Windows\System32\cleanmgr.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DA3B6E45325D5FFF28CF6BAD6065C907_FBEAFB4EE7383EC8E0A3A2C1EC7FCEAC C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\WindowsAccessBridge-64.dll C:\Windows\Installer\MSI5B17.tmp N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1401C7EC8E96BC79CBFD92F9DF762D_E35D496D1CD0B884BEBCAFED0FE61600 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\WindowsAccessBridge-64.dll C:\Windows\Installer\MSI5B17.tmp N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\572BF21E454637C9F000BE1AF9B1E1A9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DA3B6E45325D5FFF28CF6BAD6065C907_FBEAFB4EE7383EC8E0A3A2C1EC7FCEAC C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\WindowsAccessBridge-64.dll C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
File opened for modification C:\Windows\system32\LogFiles\setupcln\diagerr.xml C:\Windows\System32\cleanmgr.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\572BF21E454637C9F000BE1AF9B1E1A9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\LogFiles\setupcln\diagwrn.xml C:\Windows\System32\cleanmgr.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\229169D96B9C20761B929D428962A0A2_FC65190A8D1232A1711F16F9F20C5149 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\addinutil.exe.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\229169D96B9C20761B929D428962A0A2_FC65190A8D1232A1711F16F9F20C5149 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\TabBar.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ast.txt C:\Windows\Temp\CC-Updates\Update-a6a0f7c173094f8dafef996157751ecf.exe N/A
File created C:\Program Files\Java\jre1.8.0_361\bin\j2pcsc.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\CCleaner\Lang\lang-1025.dll C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
File opened for modification C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\5d9dcda2-4058-43a0-8ea0-3e6310fa6010 C:\Program Files\CCleaner\CCleaner64.exe N/A
File created C:\Program Files\Java\jre1.8.0_361\lib\security\blacklisted.certs C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\logger\libconsole_logger_plugin.dll C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\GetCurrentDeploy.dll C:\Users\Admin\Downloads\Windows11InstallationAssistant.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\CleanControllerImpl.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\qml_winextras.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\CCleaner\Lang\lang-1038.dll C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
File created C:\Program Files\Java\jre1.8.0_361\README.txt C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bg.txt C:\Windows\Temp\CC-Updates\Update-a6a0f7c173094f8dafef996157751ecf.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\resource.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_es.properties C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\ToolBarStyle.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\ScrollIndicator.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\CCleaner\CCleanerBugReport.exe C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_10_p010_plugin.dll C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\Label.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-crt-string-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_361\lib\management\jmxremote.password.template C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\fonts\LucidaSansRegular.ttf C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\TableViewItemDelegateLoader.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\ScrollView.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fa.txt C:\Windows\Temp\CC-Updates\Update-a6a0f7c173094f8dafef996157751ecf.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_output\libcaca_plugin.dll C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Qt5XmlPatterns.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\Label.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe N/A
File created C:\Program Files\Java\jre1.8.0_361\bin\api-ms-win-core-file-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\AUTHORS.txt C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe N/A
File created C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_th-th.htm C:\Users\Admin\Downloads\Windows11InstallationAssistant.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MBAMShim.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Java\jre1.8.0_361\bin\server\Xusage.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Java\jre1.8.0_361\bin\java.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\HorizontalHeaderView.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\TabButton.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\qml\ColorSlider.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\Dialog.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_dummy_plugin.dll C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\deploy\ffjcext.zip C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\Control.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Windows\Temp\CC-Updates\Update-a6a0f7c173094f8dafef996157751ecf.exe N/A
File created C:\Program Files\Java\jre1.8.0_361\bin\javacpl.cpl C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lv.txt C:\Windows\Temp\CC-Updates\Update-a6a0f7c173094f8dafef996157751ecf.exe N/A
File created C:\Program Files\Java\jre1.8.0_361\bin\jaas_nt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\CCleaner\Lang\lang-1109.dll C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Extras\Tumbler.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uk.txt C:\Windows\Temp\CC-Updates\Update-a6a0f7c173094f8dafef996157751ecf.exe N/A
File created C:\Program Files\Java\jre1.8.0_361\lib\classlist C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\js\ui.js C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe N/A
File created C:\Program Files\CCleaner\Lang\lang-1059.dll C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
File created C:\Program Files\CCleaner\Lang\lang-2074.dll C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\e580b65.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Debug\sammui.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\DataStore\Logs\edb00005.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\DataStore\Logs\edb0000F.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\Installer\MSIDB6F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\DataStore\Logs\edb00003.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\DataStore\Logs\edb00009.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\DataStore\Logs\edb0000D.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\System32\cleanmgr.exe N/A
File created C:\Windows\Installer\e6470d0.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
File opened for modification C:\Windows\Debug\NetSetup.LOG C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\security\logs\scecomp.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\Logs\DPX\setupact.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\Installer\MSI8F33.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\DataStore\Logs\edb0000A.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\7FF5B93B-2D82-4FE9-A865-C08D7CA32612\dismhost.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe N/A
File opened for modification C:\Windows\Debug\PASSWD.LOG C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\Logs\MoSetup\UpdateAgent.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\Debug\PASSWD.LOG C:\Program Files\CCleaner\CCleaner64.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\DataStore\Logs\edb00007.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\DataStore\Logs\edb0000E.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\security\logs\scecomp.log C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\security\logs\scesetup.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\Logs\CBS\CBS.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\DataStore\Logs\edb0000C.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\DtcInstall.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\lsasetup.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File created C:\Windows\Installer\e647000.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5785.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e6470cd.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF4E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Tasks\CCleanerCrashReporting.job C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\setupact.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\Installer\e647000.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8649.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI94C2.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE7D5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Logs\DPX\setuperr.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\DataStore\Logs\edb00006.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\DataStore\Logs\edb00008.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File created C:\Windows\Installer\SourceHash{26A24AE4-039D-4CA4-87B4-2F64180361F0} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID2A4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE66D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{804A0628-543B-4984-896C-F58BF6A54832} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Tasks\CCleanerCrashReporting.job C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Program Files\CCleaner\CCleaner64.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log C:\Program Files\CCleaner\CCleaner64.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\System32\cleanmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\System32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\System32\cleanmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\System32\cleanmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\System32\cleanmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\System32\cleanmgr.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000008ccb747e6bc781e30000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800008ccb747e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff0000000007000100006809008ccb747e000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000008ccb747e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000008ccb747e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004 C:\Windows\System32\cleanmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\System32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015 C:\Windows\System32\cleanmgr.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 C:\Windows\System32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015 C:\Windows\System32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\System32\cleanmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\System32\cleanmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\System32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\System32\cleanmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\System32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 C:\Windows\System32\cleanmgr.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000008ccb747e6bc781e30000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800008ccb747e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff0000000007000100006809008ccb747e000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000008ccb747e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000008ccb747e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004 C:\Windows\System32\cleanmgr.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004 C:\Windows\System32\cleanmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\System32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\System32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015 C:\Windows\System32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\System32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015 C:\Windows\System32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004 C:\Windows\System32\cleanmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\System32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\System32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 C:\Windows\System32\cleanmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\System32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 C:\Windows\System32\cleanmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\System32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\System32\cleanmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\System32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\System32\cleanmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\System32\cleanmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\System32\cleanmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 C:\Program Files\CCleaner\CCleaner64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\CCleaner\CCleaner64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\CCleaner\CCleaner64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\CCleaner\CCleaner64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\CCleaner\CCleaner64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 C:\Program Files\CCleaner\CCleaner64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\CCleaner\CCleaner64.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor C:\Program Files\CCleaner\CCleaner64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\CCleaner\CCleaner64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\CCleaner\CCleaner64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\CCleaner\CCleaner64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\CCleaner\CCleaner64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\CCleaner\CCleaner64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\CCleaner\CCleaner64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\CCleaner\CCleaner64.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\CCleaner\CCleaner64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\CCleaner\CCleaner64.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Windows\system32\quickassist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\quickassist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Windows\system32\quickassist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Windows\system32\quickassist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Windows\system32\quickassist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\quickassist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\quickassist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Windows\system32\quickassist.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\quickassist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Windows\system32\quickassist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Windows\system32\quickassist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Windows\system32\quickassist.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Windows\Installer\MSI5B17.tmp N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Windows\system32\quickassist.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "22" C:\Windows\system32\quickassist.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Windows\system32\quickassist.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\DOMStorage\remoteassistance.support.services.microsoft.com C:\Windows\system32\quickassist.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\remoteassistance.support.services.microsoft.com\ = "0" C:\Windows\system32\quickassist.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\microsoft.com C:\Windows\system32\quickassist.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_361\\bin" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Windows\Installer\MSI5B17.tmp N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "22" C:\Windows\system32\quickassist.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\system32\quickassist.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\microsoft.com\Total = "0" C:\Windows\system32\quickassist.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\CCleaner\CCleaner64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Windows\Installer\MSI5B17.tmp N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\remoteassistance.support.services.microsoft.com\ = "22" C:\Windows\system32\quickassist.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Windows\system32\quickassist.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\MICROSOFT.COM C:\Program Files\CCleaner\CCleaner64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_361\\bin" C:\Windows\Installer\MSI5B17.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44D1B085-E495-4B5F-9EE6-34795C46E7E7} C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\CCleaner\CCleaner64.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TypedURLs C:\Program Files\CCleaner\CCleaner64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" C:\Windows\Installer\MSI5B17.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\remoteassistance.support.services.microsoft.com\ = "0" C:\Windows\system32\quickassist.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_361\\bin" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_361\\bin" C:\Windows\Installer\MSI5B17.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\DOMStorage\microsoft.com C:\Windows\system32\quickassist.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_361\\bin" C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Windows\system32\quickassist.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Windows\system32\quickassist.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\remoteassistance.support.services.microsoft.com\ = "22" C:\Windows\system32\quickassist.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\Compatibility Flags = "1024" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\microsoft.com\Total = "22" C:\Windows\system32\quickassist.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\system32\quickassist.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Windows\system32\quickassist.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\DOMStorage\remoteassistance.support.services.microsoft.com C:\Windows\system32\quickassist.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\microsoft.com\Total = "0" C:\Windows\system32\quickassist.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0023-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0337-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0349-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0098-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_98" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0075-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0109-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0328-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0190-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0133-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_08" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0137-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0232-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0149-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0037-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0089-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0279-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0020-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_20" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0197-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0161-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0358-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0143-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0156-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0210-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0092-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0132-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0287-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_287" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0082-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0094-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0345-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0123-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0146-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0017-0000-0272-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_07" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0091-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_91" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0169-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0036-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_36" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0346-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0332-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_33" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0206-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0090-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0367-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0081-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_81" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0189-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0217-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0297-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0364-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0014-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0301-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0018-0000-0218-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0089-ABCDEFFEDCBB} C:\Windows\Installer\MSI5B17.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0014-0002-0057-ABCDEFFEDCBA}\INPROCSERVER32 C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0145-ABCDEFFEDCBA}\InprocServer32 C:\Windows\Installer\MSI5B17.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0305-ABCDEFFEDCBB} C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1861D707-8D71-497D-8145-62D5CBF4222F} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0219-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0216-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0233-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0367-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0171-ABCDEFFEDCBC} C:\Windows\Installer\MSI5B17.tmp N/A
Key deleted \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0307-ABCDEFFEDCBA} C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.cda\shell\PlayWithVLC\MultiSelectModel = "Player" C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0125-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0353-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0023-ABCDEFFEDCBC} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0084-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0181-ABCDEFFEDCBC} C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0242-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSI5B17.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\INPROCSERVER32 C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_38" C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0165-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0366-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB} C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0105-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_105" C:\Windows\Installer\MSI5B17.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0177-ABCDEFFEDCBC}\INPROCSERVER32 C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0185-ABCDEFFEDCBA} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0041-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSI5B17.tmp N/A
Key deleted \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0301-ABCDEFFEDCBC}\InprocServer32 C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0014-0002-0077-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0199-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_199" C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0344-ABCDEFFEDCBA} C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D57ACF19-30E3-4B7E-BCDD-6EEB8E57AF27}\TypeLib\ = "{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EA248A19-F84E-4407-ADD3-8563AFD81269} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0278-ABCDEFFEDCBB} C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0213-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0206-ABCDEFFEDCBA} C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0202-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_202" C:\Windows\Installer\MSI5B17.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0018-0000-0243-ABCDEFFEDCBA}\INPROCSERVER32 C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0018-0000-0354-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_354" C:\Windows\Installer\MSI5B17.tmp N/A
Key deleted \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0078-ABCDEFFEDCBB} C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0159-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0014-0002-0096-ABCDEFFEDCBA}\InprocServer32 C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0104-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_104" C:\Windows\Installer\MSI5B17.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0142-ABCDEFFEDCBC}\INPROCSERVER32 C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0300-ABCDEFFEDCBA} C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.xm\shell\ = "Open" C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0341-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_341" C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0047-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0068-ABCDEFFEDCBB} C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBA}\InprocServer32 C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0128-ABCDEFFEDCBB} C:\Program Files\Java\jre1.8.0_361\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBB} C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0354-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_361\\bin\\jp2iexp.dll" C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0071-ABCDEFFEDCBA} C:\Windows\Installer\MSI5B17.tmp N/A
Key deleted \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_CLASSES\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBB}\INPROCSERVER32 C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32 C:\Windows\Installer\MSI5B17.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0155-ABCDEFFEDCBB} C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0206-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_206" C:\Windows\Installer\MSI5B17.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{CAFEEFAC-0017-0000-0225-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_225" C:\Windows\Installer\MSI5B17.tmp N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f1030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf50f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 110079.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 722426.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:SmartScreen:$DATA C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 528458.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 623137.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Runs regedit.exe

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\Windows11InstallationAssistant.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Downloads\Windows11InstallationAssistant.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Windows11InstallationAssistant.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe N/A
N/A N/A C:\Windows\system32\quickassist.exe N/A
N/A N/A C:\Windows\system32\quickassist.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\system32\quickassist.exe N/A
N/A N/A C:\Windows\system32\quickassist.exe N/A
N/A N/A C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
N/A N/A C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
N/A N/A C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
N/A N/A C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
N/A N/A C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
N/A N/A C:\Program Files\CCleaner\CCleaner64.exe N/A
N/A N/A C:\Program Files\CCleaner\CCleaner64.exe N/A
N/A N/A C:\Program Files\CCleaner\CCleaner64.exe N/A
N/A N/A C:\Program Files\CCleaner\CCleaner64.exe N/A
N/A N/A C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
N/A N/A C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe N/A
N/A N/A C:\Program Files\CCleaner\CCleaner64.exe N/A
N/A N/A C:\Program Files\CCleaner\CCleaner64.exe N/A
N/A N/A C:\Program Files\CCleaner\CCleaner64.exe N/A
N/A N/A C:\Program Files\CCleaner\CCleaner64.exe N/A
N/A N/A C:\Program Files\CCleaner\CCleaner64.exe N/A
N/A N/A C:\Program Files\CCleaner\CCleaner64.exe N/A
N/A N/A C:\Program Files\CCleaner\CCleaner64.exe N/A
N/A N/A C:\Program Files\CCleaner\CCleaner64.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_361\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_361\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_66\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\CCleaner\CCleaner64.exe N/A
N/A N/A C:\Program Files\CCleaner\CCleaner64.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3612 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 3828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 3828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://go.microsoft.com/fwlink/?linkid=2171764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch https://go.microsoft.com/fwlink/?linkid=2171764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffc48ac46f8,0x7ffc48ac4708,0x7ffc48ac4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,15544578812979673698,6864087299592951602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15544578812979673698,6864087299592951602,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,15544578812979673698,6864087299592951602,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15544578812979673698,6864087299592951602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15544578812979673698,6864087299592951602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,15544578812979673698,6864087299592951602,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15544578812979673698,6864087299592951602,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,15544578812979673698,6864087299592951602,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15544578812979673698,6864087299592951602,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15544578812979673698,6864087299592951602,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15544578812979673698,6864087299592951602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7f5fc5460,0x7ff7f5fc5470,0x7ff7f5fc5480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15544578812979673698,6864087299592951602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15544578812979673698,6864087299592951602,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15544578812979673698,6864087299592951602,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,15544578812979673698,6864087299592951602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8

C:\Users\Admin\Downloads\Windows11InstallationAssistant.exe

"C:\Users\Admin\Downloads\Windows11InstallationAssistant.exe"

C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe

"C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe" /SkipSelfUpdate /SunValley

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=2169346

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xd8,0x110,0x7ffc48ac46f8,0x7ffc48ac4708,0x7ffc48ac4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,15550579738000274870,10081452662841296133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15550579738000274870,10081452662841296133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15550579738000274870,10081452662841296133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,15550579738000274870,10081452662841296133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,15550579738000274870,10081452662841296133,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,15550579738000274870,10081452662841296133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,15550579738000274870,10081452662841296133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15550579738000274870,10081452662841296133,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2220,15550579738000274870,10081452662841296133,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15550579738000274870,10081452662841296133,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15550579738000274870,10081452662841296133,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15550579738000274870,10081452662841296133,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15550579738000274870,10081452662841296133,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault3a818f6ah1594h49c6h94f1h5275d591cb77

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffc48ac46f8,0x7ffc48ac4708,0x7ffc48ac4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,12331654620398253230,16930667032219388637,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,12331654620398253230,16930667032219388637,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,15550579738000274870,10081452662841296133,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,15550579738000274870,10081452662841296133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:8

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\WindowsPCHealthCheckSetup.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding A0A95D88C488B6FD1A241295F4567FC5 C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Windows\system32\quickassist.exe

"C:\Windows\system32\quickassist.exe"

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding B84D192A232158DFD8772BF5DE89C464

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding C55270E23ADD9906F55E44933E19CE0A C

C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe

"C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe

"C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc48ac46f8,0x7ffc48ac4708,0x7ffc48ac4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x30c 0x49c

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6180 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,1297887014853199436,9623090597737763969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8

C:\Users\Admin\Downloads\MBSetup-E188FB74.exe

"C:\Users\Admin\Downloads\MBSetup-E188FB74.exe"

C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe

"C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\certutil.exe

"C:\Windows\system32\certutil.exe" -f -addstore root "C:\Windows\TEMP\MBInstallTempabb77c7dd57c11edac28e27224d40471\servicepkg\starfieldrootcag2_new.crt"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"

C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc48ac46f8,0x7ffc48ac4708,0x7ffc48ac4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://links.malwarebytes.com/link/installed?prodVer=4.5.26.259&prodCode=MBAM-C&lang=en_US

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,13620665816605716664,5288819447439999521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,13620665816605716664,5288819447439999521,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,13620665816605716664,5288819447439999521,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13620665816605716664,5288819447439999521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13620665816605716664,5288819447439999521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status on true /updatesubstatus none /scansubstatus none /settingssubstatus none

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-0.exe

ig.exe reseed

C:\Windows\regedit.exe

"C:\Windows\regedit.exe"

C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe

"C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe" -showresults

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-0.exe

ig.exe reseed

C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe

"C:\Users\Admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc48ac46f8,0x7ffc48ac4708,0x7ffc48ac4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1

C:\Windows\system32\quickassist.exe

"C:\Windows\system32\quickassist.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4044 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4044 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5268 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x30c 0x49c

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,13605786740299426080,16156483598132674909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8

C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe

"C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe"

C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe

"C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Program Files\CCleaner\CCleaner64.exe

"C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC

C:\Program Files\CCleaner\CCUpdate.exe

"C:\Program Files\CCleaner\CCUpdate.exe" /reg

C:\Program Files\CCleaner\CCUpdate.exe

CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\54184456-faf1-41fa-bff1-dabde5d385f3.dll"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc48ac46f8,0x7ffc48ac4708,0x7ffc48ac4718

C:\Program Files\CCleaner\CCleaner64.exe

"C:\Program Files\CCleaner\CCleaner64.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14461812168945859002,13259411888574545862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14461812168945859002,13259411888574545862,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14461812168945859002,13259411888574545862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14461812168945859002,13259411888574545862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14461812168945859002,13259411888574545862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14461812168945859002,13259411888574545862,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1

C:\Program Files\CCleaner\CCleaner64.exe

"C:\Program Files\CCleaner\CCleaner64.exe" /monitor

C:\Program Files\CCleaner\CCleaner64.exe

"C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC 6.10.10347

C:\Program Files\CCleaner\CCUpdate.exe

"C:\Program Files\CCleaner\CCUpdate.exe" /reg

C:\Program Files\CCleaner\CCUpdate.exe

CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\1aef4de8-8375-4083-8e43-808506ce1151.dll"

C:\Program Files\CCleaner\CCleaner64.exe

"C:\Program Files\CCleaner\CCleaner64.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\CCleaner\CCleaner64.exe

"C:\Program Files\CCleaner\CCleaner64.exe" /monitor

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\unsecapp.exe -Embedding

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\4fd59fcc7673432290177c664b84cc40 /t 6076 /p 464

C:\Windows\Temp\CC-Updates\Update-a6a0f7c173094f8dafef996157751ecf.exe

"C:\Windows\Temp\CC-Updates\Update-a6a0f7c173094f8dafef996157751ecf.exe" /S

C:\Windows\Temp\CC-Updates\Update-e70de386ebc763932a181fc37a2ad042.exe

"C:\Windows\Temp\CC-Updates\Update-e70de386ebc763932a181fc37a2ad042.exe" /s REMOVEOUTOFDATEJRES=1

C:\Users\Admin\AppData\Local\Temp\jds241456546.tmp\Update-e70de386ebc763932a181fc37a2ad042.exe

"C:\Users\Admin\AppData\Local\Temp\jds241456546.tmp\Update-e70de386ebc763932a181fc37a2ad042.exe" "/s" "REMOVEOUTOFDATEJRES=1"

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 77AA6A9E83CF09B9F61E95F98C8E2858

C:\Program Files\Java\jre1.8.0_361\installer.exe

"C:\Program Files\Java\jre1.8.0_361\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_361\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F64180361F0}

C:\Program Files\Java\jre1.8.0_361\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_361\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking

C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe

"C:\Program Files\Java\jre1.8.0_361\bin\ssvagent.exe" -doHKCUSSVSetup

C:\Program Files\Java\jre1.8.0_361\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_361\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files\Java\jre1.8.0_361\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_361\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_361" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM2MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8zNjFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM2MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Program Files\Java\jre1.8.0_361\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_361\bin\javaws.exe" -wait -fix -shortcut -silent

C:\Program Files\Java\jre1.8.0_361\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_361\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_361" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM2MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8zNjFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM2MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzYxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding E6755E9F164428248FD23FC1F3C7E27C E Global\MSI0000

C:\Windows\Installer\MSI5B17.tmp

"C:\Windows\Installer\MSI5B17.tmp" ProductCode={26A24AE4-039D-4CA4-87B4-2F86418066F0} /s

C:\Program Files\Java\jre1.8.0_66\bin\javaws.exe

"C:\Program Files\Java\jre1.8.0_66\bin\javaws.exe" -wait -fix -shortcut -silent

C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe

"C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe" --stopservice

C:\Program Files\Java\jre1.8.0_66\bin\jp2launcher.exe

"C:\Program Files\Java\jre1.8.0_66\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_66" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNjZcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF82NlxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF82NlxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF82NlxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNjZcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzY2XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNjZcYmluXGphdmF3LmV4ZQ== -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\msg.exe

msg * I hacked you :)

C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -u auto-update

C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status off true /updatesubstatus none /scansubstatus none /settingssubstatus none

C:\Windows\system32\help.exe

help wputil

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding ACA0CA499F271EEFC6067DCF20DB9A45

C:\Windows\system32\help.exe

help

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 34DDFCBFB85BE2A00C5799BE8454B9A6 E Global\MSI0000

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding BDAF3C9A0846B1ED149708CE481427D4

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 9647731031C896325A79F532279F0A28 E Global\MSI0000

C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe

"C:\Windows\Temp\CC-Updates\Update-7fddbac28a9c85c79fe08e2d6506e535.exe" /S

C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe

"C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe" C:\Program Files\VideoLAN\VLC\plugins

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /s "C:\Program Files\VideoLAN\VLC\axvlc.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files\VideoLAN\VLC\axvlc.dll"

C:\Windows\System32\replace.exe

Replace sethc.exe cmd.exe

C:\Windows\system32\sethc.exe

sethc.exe 211

C:\Windows\system32\EaseOfAccessDialog.exe

"C:\Windows\system32\EaseOfAccessDialog.exe" 211

C:\Windows\System32\sethc.exe

sethc.exe

C:\Windows\System32\sethc.exe

sethc.exe

C:\Windows\system32\taskkill.exe

taskkill /?

C:\Windows\system32\taskkill.exe

taskkill /s TrustedInstaller /U

C:\Windows\system32\taskkill.exe

taskkill /s system32

C:\Windows\system32\help.exe

help

C:\Windows\system32\winver.exe

winver

C:\Windows\system32\reset.exe

reset

C:\Windows\system32\reset.exe

reset system

C:\Windows\system32\reset.exe

reset /?

C:\Windows\system32\help.exe

help

C:\Windows\System32\cleanmgr.exe

"C:\Windows\System32\cleanmgr.exe" /D C

C:\Users\Admin\AppData\Local\Temp\7FF5B93B-2D82-4FE9-A865-C08D7CA32612\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\7FF5B93B-2D82-4FE9-A865-C08D7CA32612\dismhost.exe {B298868B-AAEF-4144-B8D8-4CBA96683D58}

C:\Windows\system32\lpksetup.exe

/s /r /u de-DE es-ES fr-FR it-IT ja-JP

C:\Windows\system32\lpksetup.exe

"C:\Windows\system32\lpksetup.exe" -Embedding

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:3

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3852855 /state1:0x41c64e6d

C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe Update /Queue /Delay

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe Update /Queue /Delay

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\bootim.exe

bootim.exe /startpage:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 assets.msn.com udp
DE 2.16.241.97:443 assets.msn.com tcp
US 8.8.8.8:53 76.38.195.152.in-addr.arpa udp
US 8.8.8.8:53 97.241.16.2.in-addr.arpa udp
US 93.184.220.29:80 tcp
US 93.184.220.29:80 tcp
US 8.8.8.8:53 download.microsoft.com udp
US 8.8.8.8:53 58.250.217.23.in-addr.arpa udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
GB 23.44.234.47:443 download.microsoft.com tcp
US 8.8.8.8:53 47.234.44.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 123.108.74.40.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 aka.ms udp
NL 23.206.100.182:443 aka.ms tcp
US 8.8.8.8:53 download.microsoft.com udp
GB 23.44.234.47:443 download.microsoft.com tcp
US 8.8.8.8:53 182.100.206.23.in-addr.arpa udp
US 52.152.110.14:443 tcp
NL 8.238.178.254:80 tcp
NL 8.238.178.254:80 tcp
US 52.152.110.14:443 tcp
NL 173.223.113.164:443 tcp
NL 8.238.178.254:80 tcp
US 8.8.8.8:53 254.7.248.8.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp
NL 104.85.1.163:80 tcp
US 204.79.197.203:80 api.msn.com tcp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 remoteassistance.support.services.microsoft.com udp
NL 23.222.42.120:443 remoteassistance.support.services.microsoft.com tcp
NL 23.222.42.120:443 remoteassistance.support.services.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 statics-marketingsites-neu-ms-com.akamaized.net udp
NL 173.223.113.131:443 www.microsoft.com tcp
US 8.8.8.8:53 js.monitor.azure.com udp
NL 173.223.113.131:443 www.microsoft.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 mem.gfx.ms udp
DE 23.32.238.128:443 statics-marketingsites-neu-ms-com.akamaized.net tcp
US 13.107.237.67:443 mem.gfx.ms tcp
US 13.107.237.48:443 wcpstatic.microsoft.com tcp
US 13.107.237.68:443 js.monitor.azure.com tcp
US 8.8.8.8:53 s.go-mpulse.net udp
NL 173.223.112.132:443 s.go-mpulse.net tcp
US 8.8.8.8:53 120.42.222.23.in-addr.arpa udp
US 8.8.8.8:53 128.238.32.23.in-addr.arpa udp
US 8.8.8.8:53 67.237.107.13.in-addr.arpa udp
US 8.8.8.8:53 68.237.107.13.in-addr.arpa udp
US 8.8.8.8:53 48.237.107.13.in-addr.arpa udp
US 8.8.8.8:53 132.112.223.173.in-addr.arpa udp
US 8.8.8.8:53 c.go-mpulse.net udp
NL 173.223.112.132:443 c.go-mpulse.net tcp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 download.microsoft.com udp
GB 23.44.234.47:443 download.microsoft.com tcp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp
US 204.79.197.200:443 www.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 95.101.74.148:443 r.bing.com tcp
NL 95.101.74.148:443 r.bing.com tcp
NL 95.101.74.148:443 r.bing.com tcp
NL 95.101.74.148:443 r.bing.com tcp
US 204.79.197.200:443 www.bing.com tcp
NL 95.101.74.148:443 r.bing.com udp
NL 95.101.74.148:443 r.bing.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.67:443 login.microsoftonline.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.237.68:443 www.clarity.ms tcp
US 8.8.8.8:53 c.clarity.ms udp
HK 20.205.115.81:443 c.clarity.ms tcp
US 8.8.8.8:53 w.clarity.ms udp
US 23.96.124.156:443 w.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 www.malwarebytes.com udp
NL 13.227.219.61:443 www.malwarebytes.com tcp
NL 13.227.219.61:443 www.malwarebytes.com tcp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 genesis.malwarebytes.com udp
US 34.193.143.115:443 genesis.malwarebytes.com tcp
US 8.8.8.8:53 176.122.125.40.in-addr.arpa udp
US 8.8.8.8:53 api.demandbase.com udp
NL 108.156.60.39:443 api.demandbase.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.19.187.97:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.19.188.97:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.144.98:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 www.estore.malwarebytes.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 munchkin.marketo.net udp
US 8.8.8.8:53 static.ads-twitter.com udp
DE 23.32.238.152:443 snap.licdn.com tcp
NL 199.232.148.157:443 static.ads-twitter.com tcp
NL 23.206.91.189:443 munchkin.marketo.net tcp
US 157.240.5.10:443 connect.facebook.net tcp
US 104.16.125.175:443 unpkg.com tcp
US 8.8.8.8:53 r1.visualwebsiteoptimizer.com udp
US 35.245.208.72:443 r1.visualwebsiteoptimizer.com tcp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 cdn.linkedin.oribi.io udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 analytics.twitter.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 216.239.34.181:443 analytics.google.com tcp
US 157.240.5.10:443 connect.facebook.net udp
NL 142.250.102.155:443 stats.g.doubleclick.net tcp
NL 142.250.102.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 805-usg-300.mktoresp.com udp
US 104.244.42.195:443 analytics.twitter.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
NL 52.222.139.81:443 cdn.linkedin.oribi.io tcp
US 192.28.144.124:443 805-usg-300.mktoresp.com tcp
US 192.28.144.124:443 805-usg-300.mktoresp.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.malwarebytes.com udp
NL 157.240.247.35:443 www.facebook.com udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 172.64.144.98:443 privacyportal.onetrust.com tcp
US 216.239.34.181:443 analytics.google.com udp
US 8.8.8.8:53 www.estore.malwarebytes.com udp
US 8.8.8.8:53 www.redditstatic.com udp
US 8.8.8.8:53 cdn.bizible.com udp
US 151.101.1.140:443 www.redditstatic.com tcp
US 152.195.58.59:443 cdn.bizible.com tcp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 scripts.demandbase.com udp
US 8.8.8.8:53 alb.reddit.com udp
NL 13.227.219.121:443 scripts.demandbase.com tcp
US 151.101.1.140:443 alb.reddit.com tcp
US 151.101.1.140:443 alb.reddit.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 api.company-target.com udp
US 35.190.60.146:443 id.rlcdn.com tcp
NL 13.227.219.127:443 api.company-target.com tcp
US 8.8.8.8:53 cdn.bizibly.com udp
US 8.8.8.8:53 www.microsoft.com udp
NL 173.223.113.131:80 www.microsoft.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.216.159.22:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 ark.mwbsys.com udp
US 3.230.137.231:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
NL 52.222.139.16:443 cdn.mwbsys.com tcp
US 3.230.137.231:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
NL 52.222.139.63:443 cdn.mwbsys.com tcp
US 3.230.137.231:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
NL 52.222.139.14:443 cdn.mwbsys.com tcp
US 3.230.137.231:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
NL 52.222.139.14:443 cdn.mwbsys.com tcp
US 3.230.137.231:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
NL 52.222.139.37:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 iris.mwbsys.com udp
US 34.226.98.217:443 iris.mwbsys.com tcp
US 8.8.8.8:53 keystone.mwbsys.com udp
US 3.209.35.119:443 keystone.mwbsys.com tcp
US 3.209.35.119:443 keystone.mwbsys.com tcp
US 8.8.8.8:53 keystone.mwbsys.com udp
US 3.209.35.119:443 keystone.mwbsys.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 100.20.255.82:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 links.malwarebytes.com udp
NL 52.222.139.104:443 links.malwarebytes.com tcp
US 8.8.8.8:53 www.malwarebytes.com udp
NL 13.227.219.111:443 www.malwarebytes.com tcp
US 8.8.8.8:53 versionhistory.googleapis.com udp
NL 142.250.179.138:443 versionhistory.googleapis.com tcp
US 8.8.8.8:53 genesis.malwarebytes.com udp
US 34.193.143.115:443 genesis.malwarebytes.com tcp
US 172.64.144.98:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 www.estore.malwarebytes.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 scripts.demandbase.com udp
US 204.79.197.200:443 bat.bing.com tcp
US 157.240.5.10:443 connect.facebook.net udp
NL 13.227.219.12:443 scripts.demandbase.com tcp
NL 199.232.148.157:443 static.ads-twitter.com tcp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 iris.mwbsys.com udp
US 44.207.153.143:443 iris.mwbsys.com tcp
US 216.239.34.181:443 analytics.google.com udp
US 216.239.34.181:443 analytics.google.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 35.190.60.146:443 id.rlcdn.com udp
US 192.28.144.124:443 805-usg-300.mktoresp.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
NL 142.250.179.138:443 versionhistory.googleapis.com tcp
NL 52.222.139.104:443 links.malwarebytes.com tcp
NL 142.250.179.138:443 versionhistory.googleapis.com tcp
US 8.8.8.8:53 prod-www.malwarebytes.com udp
US 18.65.39.119:443 prod-www.malwarebytes.com tcp
NL 142.250.179.138:443 versionhistory.googleapis.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 keystone.mwbsys.com udp
US 3.209.35.119:443 keystone.mwbsys.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 3.227.148.26:443 sirius.mwbsys.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 3.227.148.26:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 crl.comodoca.com udp
US 104.18.32.68:80 crl.comodoca.com tcp
US 172.64.155.188:80 crl.comodoca.com tcp
US 104.18.32.68:80 crl.comodoca.com tcp
US 8.8.8.8:53 www.microsoft.com udp
DE 88.221.169.152:80 www.microsoft.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
NL 142.250.179.138:443 versionhistory.googleapis.com tcp
NL 142.250.179.138:443 versionhistory.googleapis.com tcp
NL 142.250.179.138:443 versionhistory.googleapis.com tcp
US 8.8.8.8:53 hubble.mb-cosmos.com udp
NL 52.222.139.35:443 hubble.mb-cosmos.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
NL 142.250.179.138:443 versionhistory.googleapis.com tcp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 3.227.148.26:443 sirius.mwbsys.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 remoteassistance.support.services.microsoft.com udp
US 8.8.8.8:53 statics-marketingsites-neu-ms-com.akamaized.net udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 www.microsoft.com udp
NL 23.222.42.120:443 remoteassistance.support.services.microsoft.com tcp
NL 23.222.42.120:443 remoteassistance.support.services.microsoft.com tcp
US 8.8.8.8:53 s.go-mpulse.net udp
DE 23.32.238.89:443 statics-marketingsites-neu-ms-com.akamaized.net tcp
NL 173.223.113.131:443 www.microsoft.com tcp
NL 173.223.113.131:443 www.microsoft.com tcp
US 13.107.237.68:443 mem.gfx.ms tcp
US 13.107.237.48:443 mem.gfx.ms tcp
US 13.107.237.48:443 mem.gfx.ms tcp
NL 173.223.112.132:443 s.go-mpulse.net tcp
US 204.79.197.200:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 95.101.74.134:443 th.bing.com udp
NL 95.101.74.134:443 th.bing.com udp
NL 95.101.74.134:443 th.bing.com udp
NL 95.101.74.134:443 th.bing.com udp
US 8.8.8.8:53 aefd.nelreports.net udp
DE 23.32.238.129:443 aefd.nelreports.net tcp
US 204.79.197.200:443 www.bing.com tcp
US 8.8.8.8:53 www.ccleaner.com udp
NL 23.222.50.136:443 www.ccleaner.com tcp
NL 23.222.50.136:443 www.ccleaner.com tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.19.188.97:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 s7.addthis.com udp
US 104.19.188.97:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 cdn-production.ccleaner.com udp
NL 173.223.112.118:443 s7.addthis.com tcp
US 8.8.8.8:53 s1.pir.fm udp
NL 95.101.74.136:443 s1.pir.fm tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.144.98:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.237.48:443 www.clarity.ms tcp
NL 20.50.2.53:443 mstatic.ccleaner.com tcp
US 8.8.8.8:53 widget.trustpilot.com udp
NL 108.156.60.63:443 widget.trustpilot.com tcp
US 8.8.8.8:53 amplify.outbrain.com udp
US 8.8.8.8:53 s.yimg.com udp
NL 87.248.116.12:443 s.yimg.com tcp
GB 96.16.109.182:443 amplify.outbrain.com tcp
US 8.8.8.8:53 cdn-uat.ccleaner.com udp
US 8.8.8.8:53 c5.adalyser.com udp
IE 54.229.49.22:443 c5.adalyser.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 8.8.8.8:53 tr.outbrain.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 66.225.223.63:443 tr.outbrain.com tcp
NL 142.250.102.154:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 w.clarity.ms udp
US 23.96.124.156:443 w.clarity.ms tcp
US 8.8.8.8:53 privacyportal-de.onetrust.com udp
US 172.64.144.98:443 privacyportal-de.onetrust.com tcp
US 8.8.8.8:53 bits.avcdn.net udp
DE 184.30.25.22:443 bits.avcdn.net tcp
DE 184.30.25.22:443 bits.avcdn.net tcp
US 8.8.8.8:53 analytics.ff.avast.com udp
US 34.117.223.223:443 analytics.ff.avast.com tcp
US 34.117.223.223:443 analytics.ff.avast.com tcp
US 8.8.8.8:53 service.piriform.com udp
NL 23.222.19.11:443 service.piriform.com tcp
US 8.8.8.8:53 license.piriform.com udp
NL 23.222.19.11:443 license.piriform.com tcp
US 8.8.8.8:53 shepherd.ff.avast.com udp
US 34.160.176.28:443 shepherd.ff.avast.com tcp
US 8.8.8.8:53 ip-info.ff.avast.com udp
US 8.8.8.8:53 ip-info.ff.avast.com udp
US 34.149.149.62:443 ip-info.ff.avast.com tcp
US 8.8.8.8:53 emupdate.avcdn.net udp
US 8.8.8.8:53 emupdate.avcdn.net udp
DE 23.32.238.145:80 emupdate.avcdn.net tcp
US 8.8.8.8:53 ccleaner.tools.avcdn.net udp
US 8.8.8.8:53 ccleaner.tools.avcdn.net udp
DE 23.32.238.154:80 ccleaner.tools.avcdn.net tcp
US 34.117.223.223:443 analytics.ff.avast.com tcp
US 34.149.149.62:443 ip-info.ff.avast.com tcp
NL 142.251.39.110:80 www.google-analytics.com tcp
US 8.8.8.8:53 ncc.avast.com udp
DE 23.32.238.107:80 ncc.avast.com tcp
US 8.8.8.8:53 www.ccleaner.com udp
NL 23.222.50.136:80 www.ccleaner.com tcp
NL 23.222.50.136:80 www.ccleaner.com tcp
NL 23.222.50.136:443 www.ccleaner.com tcp
US 8.8.8.8:53 s7.addthis.com udp
NL 173.223.112.118:443 s7.addthis.com tcp
US 8.8.8.8:53 s1.pir.fm udp
NL 95.101.74.136:443 s1.pir.fm tcp
US 8.8.8.8:53 cdn-production.ccleaner.com udp
US 8.8.8.8:53 s.yimg.com udp
US 8.8.8.8:53 amplify.outbrain.com udp
NL 87.248.116.11:443 s.yimg.com tcp
DE 23.218.209.87:443 amplify.outbrain.com tcp
US 66.225.223.63:443 tr.outbrain.com tcp
US 8.8.8.8:53 ipm-provider.ff.avast.com udp
US 34.111.24.1:443 ipm-provider.ff.avast.com tcp
US 34.117.223.223:443 analytics.ff.avast.com tcp
NL 23.222.50.136:443 cdn-production.ccleaner.com tcp
US 8.8.8.8:53 license-api.ccleaner.com udp
NL 23.222.50.136:443 license-api.ccleaner.com tcp
US 34.117.223.223:443 analytics.ff.avast.com tcp
US 8.8.8.8:53 service.piriform.com udp
NL 23.222.19.11:443 service.piriform.com tcp
US 8.8.8.8:53 license.piriform.com udp
NL 23.222.19.11:443 license.piriform.com tcp
US 34.160.176.28:443 shepherd.ff.avast.com tcp
US 34.149.149.62:443 ip-info.ff.avast.com tcp
US 8.8.8.8:53 emupdate.avcdn.net udp
US 8.8.8.8:53 emupdate.avcdn.net udp
DE 23.32.238.145:80 emupdate.avcdn.net tcp
US 8.8.8.8:53 ccleaner.tools.avcdn.net udp
US 8.8.8.8:53 ccleaner.tools.avcdn.net udp
DE 23.32.238.161:80 ccleaner.tools.avcdn.net tcp
US 34.117.223.223:443 analytics.ff.avast.com tcp
US 34.149.149.62:443 ip-info.ff.avast.com tcp
NL 142.251.39.110:80 www.google-analytics.com tcp
US 8.8.8.8:53 ncc.avast.com udp
DE 23.32.238.120:80 ncc.avast.com tcp
US 34.117.223.223:443 analytics.ff.avast.com tcp
US 8.8.8.8:53 www.ccleaner.com udp
US 8.8.8.8:53 license-api.ccleaner.com udp
US 34.149.149.62:443 ip-info.ff.avast.com tcp
NL 23.222.50.136:443 license-api.ccleaner.com tcp
NL 23.222.50.136:443 license-api.ccleaner.com tcp
US 34.111.24.1:443 ipm-provider.ff.avast.com tcp
DE 23.32.238.120:80 ncc.avast.com tcp
US 34.117.223.223:443 analytics.ff.avast.com tcp
US 8.8.8.8:53 healthcheck.ccleaner.com udp
US 8.8.8.8:53 download.ccleaner.com udp
GB 23.44.232.115:443 download.ccleaner.com tcp
US 40.71.11.133:443 healthcheck.ccleaner.com tcp
US 8.8.8.8:53 verify.ccleaner.com udp
NL 108.156.60.65:443 verify.ccleaner.com tcp
US 8.8.8.8:53 softwareupdatechecker.live-everest-media.net udp
IE 34.247.172.147:443 softwareupdatechecker.live-everest-media.net tcp
US 8.8.8.8:53 softwareupdatechecker.live-everest-media.net udp
IE 34.247.172.147:443 softwareupdatechecker.live-everest-media.net tcp
US 8.8.8.8:53 softwareupdatechecker.live-everest-media.net udp
IE 34.240.213.229:443 softwareupdatechecker.live-everest-media.net tcp
US 8.8.8.8:53 sds-cdn.live-everest-media.net udp
US 151.139.128.10:443 sds-cdn.live-everest-media.net tcp
US 8.8.8.8:53 sds-cdn.live-everest-media.net udp
US 151.139.128.10:443 sds-cdn.live-everest-media.net tcp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
FR 23.65.205.24:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 www.java.com udp
NL 95.101.74.137:443 www.java.com tcp
US 8.8.8.8:53 versionhistory.googleapis.com udp
NL 142.250.179.138:443 versionhistory.googleapis.com tcp
US 8.8.8.8:53 sjremetrics.java.com udp
FR 13.37.25.97:443 sjremetrics.java.com tcp
US 8.8.8.8:53 analytics.ff.avast.com udp
US 8.8.8.8:53 sds-cdn.live-everest-media.net udp
US 34.117.223.223:443 analytics.ff.avast.com tcp
US 151.139.128.10:443 sds-cdn.live-everest-media.net tcp
US 8.8.8.8:53 assets.msn.com udp
DE 104.126.36.43:443 assets.msn.com tcp
US 34.117.223.223:443 analytics.ff.avast.com tcp
US 34.117.223.223:443 analytics.ff.avast.com tcp
US 8.8.8.8:53 analytics.ff.avast.com udp
US 34.117.223.223:443 analytics.ff.avast.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_q5exlbrt.yxg.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3980-142-0x000001F437D20000-0x000001F437D42000-memory.dmp

memory/3980-144-0x000001F434EB0000-0x000001F434EC0000-memory.dmp

memory/3980-143-0x000001F434EB0000-0x000001F434EC0000-memory.dmp

memory/3980-145-0x000001F434EB0000-0x000001F434EC0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5a10efe23009825eadc90c37a38d9401
SHA1 fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0
SHA256 05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5
SHA512 89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

\??\pipe\LOCAL\crashpad_3612_CBWAWUMNIQEFFSKP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c1a3c45dc07f766430f7feaa3000fb18
SHA1 698a0485bcf0ab2a9283d4ebd31ade980b0661d1
SHA256 adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48
SHA512 9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 22ca622fe2c026a0635bac1901ce6834
SHA1 c39aef185d9087cc6af0db5e5c827749b2756db5
SHA256 6b5cb2d17a651c9d341c4f02971494c98f6ab23de2261d5cfed7adabdcbe79c8
SHA512 27313737b6328e1d78adf719085419bb71df8fb4005557d3727651db95554a85d54dfcdfef77cd87afcb7a464665a12bf2c66184f1dc9a4a34ae3421f95184cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 5edab6d3ffbeee247ccb4423f929a323
SHA1 a4ad201d149d59392a2a3163bd86ee900e20f3d9
SHA256 460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933
SHA512 263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

MD5 7ad5c802f4ac007be8ef57c0ab1fdac6
SHA1 6d41cc7ee25ed75490844f7161421bb89c530c78
SHA256 37d4d6b25aa2d7608bfcf8a63ef17343b4993f2689ef17f164875404ea91e0e1
SHA512 2f139e8f5fb7422aee518c5d81e8d0de7b0ab3537bc4f6c530c71a65d595127ece08410955ca72443563adccbd11c2a74f6bc1658f4f3bfb4fd063857b948fef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\Downloads\Unconfirmed 623137.crdownload

MD5 d0182a3594e6da6486ae01af030b0e23
SHA1 67487b93d8313fd2ec326516cf4ac4a91a585de8
SHA256 c5c5fb530d0eea0d717c70aac04679d2d6fabcfefeb9f9845ad03f3daebb4b45
SHA512 f3eb45779658a3a680f85f6f0581fe231b4cb38d190f1754e8a796ebdb8cafe90d6418c3e11aa1d456947c485ce02df6cfc3bfc05dcd998e46a737d6175f38d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 baca9a6f2ad0c94deb4d138436c35ea7
SHA1 5865788a927a3a383c8fc0ecd8ff375d865040d2
SHA256 0e25db35a3c1612b492a1709081ff93889c111ed64b43c4254f4d5ec3d20369a
SHA512 47fb1d6113adf6e74954833be2ac6fc10583468de3db88dc4f11867ac40af31a3e4b7f77d6079642b9e6550a8f0bdd57004542dcaf82c955a1c5d34eafed3056

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b09e16e7d7aa6b7f8f4b310d65f8817e
SHA1 c6e4e4c313e2ee5fd6ffabf75f6ab75a21ee761d
SHA256 a5bb7b6c27d893a5e77faad7367cfeaee69b5b63083a4f2366650386ee6dc6f9
SHA512 1306de46f380658deea8036c694240594c159eb5ab4eca2f3142fd3c250b6b8a9437955a334683a22a48f8c17560a6b5866be10cf59a56c036e6111dc5109102

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 813ea2e2c5ce9a52310a4d2eac8ab857
SHA1 d04184d4524db3b50fce21dea657b03eb31b6c25
SHA256 77f13cd76e5f7c991e759552f34aaa8a31ebd3dbc4d1e8eba3f0fc25e5b5815b
SHA512 3b5b5a6bf89430389df12e5778e4937e0dd9f0d15cf1eb35f055b60328d573868420698b91c38260d586bdf5a8e67385427b5ba4d1d8621b59b451b8c07ae324

C:\Users\Admin\Downloads\Windows11InstallationAssistant.exe

MD5 d0182a3594e6da6486ae01af030b0e23
SHA1 67487b93d8313fd2ec326516cf4ac4a91a585de8
SHA256 c5c5fb530d0eea0d717c70aac04679d2d6fabcfefeb9f9845ad03f3daebb4b45
SHA512 f3eb45779658a3a680f85f6f0581fe231b4cb38d190f1754e8a796ebdb8cafe90d6418c3e11aa1d456947c485ce02df6cfc3bfc05dcd998e46a737d6175f38d5

C:\Users\Admin\Downloads\Windows11InstallationAssistant.exe

MD5 d0182a3594e6da6486ae01af030b0e23
SHA1 67487b93d8313fd2ec326516cf4ac4a91a585de8
SHA256 c5c5fb530d0eea0d717c70aac04679d2d6fabcfefeb9f9845ad03f3daebb4b45
SHA512 f3eb45779658a3a680f85f6f0581fe231b4cb38d190f1754e8a796ebdb8cafe90d6418c3e11aa1d456947c485ce02df6cfc3bfc05dcd998e46a737d6175f38d5

C:\Users\Admin\AppData\Local\Temp\WXUA751.tmp\appraiserxp.dll

MD5 14555f41df6f971982c4706166858f2c
SHA1 6e12567f9356cff0cb93ec09f519d480a8003eb1
SHA256 10212fd4a6fe83017cc7a4dcbf6759f225fd91296b6b46651b281f1c24100682
SHA512 e0acf3a1c45de0f013b1f5226bb21c4b0bd7cbb411b0533c382b1f24a5a93c29fa22851ed5f484c0b90314d1c1b4679b352472f50a0fb5148ffd9fe11ef3b727

C:\Users\Admin\AppData\Local\Temp\WXUA751.tmp\resources\ux\EULA\EULA_en-gb.htm

MD5 31a548cd6e0569db0d8d5a766ea2c003
SHA1 eca3cba694915df5dddd95790eacc20dda1fdacf
SHA256 74a5b919aab524487a9a6b55a2de78d133e8e16c00367a82002d6c9a55d9d34a
SHA512 1cb8910b557550b5db5cc46ac325b0924cef6915e30b4daa33975f21d02d521cb0bf8c53723e03bc875928bfb5b30d8f6013d1c5887013fa6b3db084075d7561

C:\Users\Admin\AppData\Local\Temp\WXUA751.tmp\resources\ux\EULA\EULA_es-es.htm

MD5 4bce0923de384170225f162240731eb9
SHA1 21cfe6b950885981d560002f04ad328fe3797b8e
SHA256 1bd1d819ef445a5b51929b03ce31ccdb697ba862ccbb603d5440fa89fc585238
SHA512 0f2e69e51b28507bf93523dcc8e715dfa3784913f729d242f0efad5e0ce1a3220d80ffe68f47c4de83ff71a0af29225e98ab0c83425ad52db6c41394a8802046

C:\Users\Admin\AppData\Local\Temp\WXUA751.tmp\resources\ux\EULA\EULA_fr-ca.htm

MD5 93246f9e40f56dd432768a4b525ac39f
SHA1 9bdd2cc9209ac9520d8ac78f21fdb69b045c4cbe
SHA256 921b5d35eaa56c62640a4bf37d131fbe8c73deb2d189d01ccce4a451d90759d9
SHA512 14b66b268d84e5f90523cffb8a5608c05e928a4e791e61543efcb4897528e40c936c1b54288a93494e9e88c17f1b6343bcf99612bb44bfc5cfc2926d4037f4d8

C:\Users\Admin\AppData\Local\Temp\WXUA751.tmp\resources\ux\Microsoft.WinJS\css\oobe-desktop.css

MD5 5ad8ceea06e280b9b42e1b8df4b8b407
SHA1 693ea7ac3f9fed186e0165e7667d2c41376c5d61
SHA256 03a724309e738786023766fde298d17b6ccfcc3d2dbbf5c41725cf93eb891feb
SHA512 1694fa3b9102771eef8a42b367d076c691b002de81eb4334ac6bd7befde747b168e7ed8f94f1c8f8877280f51c44adb69947fc1d899943d25b679a1be71dec84

C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe

MD5 54d18916bf2fa02164b117fab93fcc79
SHA1 296bf3a56e6e6854cd9b934112c809676c70a514
SHA256 0c7786a4ea569624531103d08679648715acfccdfdf813d5a8464fb1da63a0f7
SHA512 b5801b70e48d1d812456870ea0995f4f7a4d4121bde03ce15848d7b60d26a9e2dee335fe54b266d27020ef6a13fc3a754574c9a9869630924d43ca03055d82a3

C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe

MD5 54d18916bf2fa02164b117fab93fcc79
SHA1 296bf3a56e6e6854cd9b934112c809676c70a514
SHA256 0c7786a4ea569624531103d08679648715acfccdfdf813d5a8464fb1da63a0f7
SHA512 b5801b70e48d1d812456870ea0995f4f7a4d4121bde03ce15848d7b60d26a9e2dee335fe54b266d27020ef6a13fc3a754574c9a9869630924d43ca03055d82a3

C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe

MD5 54d18916bf2fa02164b117fab93fcc79
SHA1 296bf3a56e6e6854cd9b934112c809676c70a514
SHA256 0c7786a4ea569624531103d08679648715acfccdfdf813d5a8464fb1da63a0f7
SHA512 b5801b70e48d1d812456870ea0995f4f7a4d4121bde03ce15848d7b60d26a9e2dee335fe54b266d27020ef6a13fc3a754574c9a9869630924d43ca03055d82a3

C:\Program Files (x86)\WindowsInstallationAssistant\downloader.dll

MD5 159fd8a9bc26e44e0bf5a9a11efd8893
SHA1 41f778d6732157350d826bc7020739650333b1c6
SHA256 73a9a0e3bbcd078cc7241ff67360c9583e42d592207f488248bca469e3c2eb7e
SHA512 231f45dead7cba14d40f34b340b00f516facf08f52d177bc16a06ba2ed40292dbfb84725c7c0b47bdea04c3d570ba055e9a7d5090214ff1b25c6384be8fd91bf

C:\Program Files (x86)\WindowsInstallationAssistant\Downloader.dll

MD5 159fd8a9bc26e44e0bf5a9a11efd8893
SHA1 41f778d6732157350d826bc7020739650333b1c6
SHA256 73a9a0e3bbcd078cc7241ff67360c9583e42d592207f488248bca469e3c2eb7e
SHA512 231f45dead7cba14d40f34b340b00f516facf08f52d177bc16a06ba2ed40292dbfb84725c7c0b47bdea04c3d570ba055e9a7d5090214ff1b25c6384be8fd91bf

C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\default_sunvalley.htm

MD5 66b63e270cc9186f7186b316606f541f
SHA1 35468eeefc8d878f843bbf0bb0b4b1d43b843cdf
SHA256 00f8f3e4534146858326d6d2524f3360dfc9e5d149e207d61cabac17ad7a5f9f
SHA512 b9d1b4b201cabf087a44d958584ecb1c110807b9bd9865f1e76bf9d989d7d000ee84f07558bcae5e05d11f7121fe2c402fcf916b00ff5d8eac7eaf05e21a29f2

C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\default.css

MD5 7f5fcac447cc2150ac90020f8dc8c98b
SHA1 5710398d65fba59bd91d603fc340bf2a101df40a
SHA256 453d8ca4f52fb8fd40d5b4596596911b9fb0794bb89fbf9b60dc27af3eaa2850
SHA512 b9fb315fdcf93d028423f49438b1eff40216b377d8c3bc866a20914c17e00bef58a18228bebb8b33c8a64fcaaa34bee84064bb24a525b4c9ac2f26e384edb1ff

C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\loading.gif

MD5 1a276cb116bdece96adf8e32c4af4fee
SHA1 6bc30738fcd0c04370436f4d3340d460d25b788f
SHA256 9d9a156c6ca2929f0f22c310260723e28428cb38995c0f940f2617b25e15b618
SHA512 5b515b5975fda333a6d9ca0e7de81dbc70311f4ecd8be22770d31c5f159807f653c87acf9df4a72b2d0664f0ef3141088de7f5aa12efc6307715c1c31ba55bb6

C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\logo.png

MD5 afeed45df4d74d93c260a86e71e09102
SHA1 2cc520e3d23f6b371c288645649a482a5db7ccd9
SHA256 f5fb1e3a7bca4e2778903e8299c63ab34894e810a174b0143b79183c0fa5072f
SHA512 778a6c494eab333c5bb00905adf556c019160c5ab858415c1dd918933f494faf3650e60845d557171c6e1370bcff687672d5af0f647302867b449a2cff9b925d

C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA.css

MD5 b81d1e97c529ac3d7f5a699afce27080
SHA1 0a981264db289afd71695b4d6849672187e8120f
SHA256 35c6e30c7954f7e4b806c883576218621e2620166c8940701b33157bdd0ba225
SHA512 e5a8c95d0e9f7464f7bd908cf2f76c89100e69d9bc2e9354c0519bf7da15c5665b3ed97cd676d960d48c024993de0e9eb6683352d902eb86b8af68692334e607

C:\Program Files (x86)\WindowsInstallationAssistant\resources\ux\EULA\EULA_en-us.htm

MD5 31a548cd6e0569db0d8d5a766ea2c003
SHA1 eca3cba694915df5dddd95790eacc20dda1fdacf
SHA256 74a5b919aab524487a9a6b55a2de78d133e8e16c00367a82002d6c9a55d9d34a
SHA512 1cb8910b557550b5db5cc46ac325b0924cef6915e30b4daa33975f21d02d521cb0bf8c53723e03bc875928bfb5b30d8f6013d1c5887013fa6b3db084075d7561

C:\Program Files (x86)\WindowsInstallationAssistant\appraiserxp.dll

MD5 14555f41df6f971982c4706166858f2c
SHA1 6e12567f9356cff0cb93ec09f519d480a8003eb1
SHA256 10212fd4a6fe83017cc7a4dcbf6759f225fd91296b6b46651b281f1c24100682
SHA512 e0acf3a1c45de0f013b1f5226bb21c4b0bd7cbb411b0533c382b1f24a5a93c29fa22851ed5f484c0b90314d1c1b4679b352472f50a0fb5148ffd9fe11ef3b727

C:\Program Files (x86)\WindowsInstallationAssistant\appraiserxp.dll

MD5 14555f41df6f971982c4706166858f2c
SHA1 6e12567f9356cff0cb93ec09f519d480a8003eb1
SHA256 10212fd4a6fe83017cc7a4dcbf6759f225fd91296b6b46651b281f1c24100682
SHA512 e0acf3a1c45de0f013b1f5226bb21c4b0bd7cbb411b0533c382b1f24a5a93c29fa22851ed5f484c0b90314d1c1b4679b352472f50a0fb5148ffd9fe11ef3b727

memory/5452-684-0x00000000078A0000-0x00000000078A1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e60091fb928b4f68c11cfe91c15d520d
SHA1 e2a72637d72d9de6fbfe1cdb83e883c9a2b4e5ca
SHA256 8dc92c763f3b512d6edb670a6037f71ebe816a50f1f934f43bdc74db5766af42
SHA512 bfaf420e2b0595622a43aff169b1d9338715b0d859f4d0e4a71a726679daba9ae307d49a30943390f88a7f4c90de530a34f36a4e182a76289c64ba6fc34d7e8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0c48a986a7b587abb4da5a17c89b23bd
SHA1 0187230786f4b00600d806bcdaa0ad81455c04b5
SHA256 c269eeb89b4d8b4e4c8e5f6ae8a759b095983631edc25147bbdcf38693649ed3
SHA512 170334fdd2adb615342044d62eacbdc7ce22baef569f1b2999d1af2d55df91fdc37035bb3a1d8a06e88485ef99f9bf13c4896417145f3fbcd036a8be9e58b0b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cfa0f230a5ffafca88276878235c17e1
SHA1 98898c05a79ba52954b877173686ddb2635f3ab4
SHA256 3cfadcd39752eb0024dfe3932b8afbf867af80a2cd00fce9b3d8e46ba56387dd
SHA512 6e1820c979beb51554c2a97dd1e575d5c710f679837f8190cae646782c4f0c537a3cdc8aba18fc8aaeff33bc8bcb1ee472423c308d05d519cfd8d4704311e0fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4c7eb8599cb69ab9c2c93109119c1546
SHA1 ceb70768ad5f085994636ccfac0e123a0e9b66bd
SHA256 386fbed2ec27163dd16df71e9d04b30581431b75e43673ec879bf08740587642
SHA512 b5e758bb90e9adebff06f6189925acfb1a5dda3dc4c6f744ae8d8c9d708541f16abd630127d9a3c249115c4dabbeba432f39ee6b03e530632a0f3826193f5bc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4c7eb8599cb69ab9c2c93109119c1546
SHA1 ceb70768ad5f085994636ccfac0e123a0e9b66bd
SHA256 386fbed2ec27163dd16df71e9d04b30581431b75e43673ec879bf08740587642
SHA512 b5e758bb90e9adebff06f6189925acfb1a5dda3dc4c6f744ae8d8c9d708541f16abd630127d9a3c249115c4dabbeba432f39ee6b03e530632a0f3826193f5bc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0c48a986a7b587abb4da5a17c89b23bd
SHA1 0187230786f4b00600d806bcdaa0ad81455c04b5
SHA256 c269eeb89b4d8b4e4c8e5f6ae8a759b095983631edc25147bbdcf38693649ed3
SHA512 170334fdd2adb615342044d62eacbdc7ce22baef569f1b2999d1af2d55df91fdc37035bb3a1d8a06e88485ef99f9bf13c4896417145f3fbcd036a8be9e58b0b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cfa0f230a5ffafca88276878235c17e1
SHA1 98898c05a79ba52954b877173686ddb2635f3ab4
SHA256 3cfadcd39752eb0024dfe3932b8afbf867af80a2cd00fce9b3d8e46ba56387dd
SHA512 6e1820c979beb51554c2a97dd1e575d5c710f679837f8190cae646782c4f0c537a3cdc8aba18fc8aaeff33bc8bcb1ee472423c308d05d519cfd8d4704311e0fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 6ab589ba935f59e7d391e1445eda0441
SHA1 d77c61585fbc1ec3d2c96162cc88524a0b4e19f9
SHA256 ac337c44f659ea998e58327a35bd2e97536af087e7dc61d217c08bdbb4159b33
SHA512 35770bdd3e57543a88d21cc3c36c203259e5b6fe4dcd9ba1037026819488300ff5ee74efcc5a0f2b52aeb7c68b7479137c15ebf39ae676d64a8f031fd7c68ec4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 5e0d162b93d74f562d0043a24ad78f22
SHA1 5697d27794fca0338cd3971b2e206eb0afbb0664
SHA256 fd540e4e21bb89f04754776868b39ca83676a3522d9b8b9ce7c1dfe0f0051cc3
SHA512 d690297dca86a9e8a623d586f9df50a31c4b049f337dfcb5733ca03b4a89f6731bad11195977b80a550bc3df56cac7daac41cebd5aeb76168ac81f46254acae3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 ec774905f9be2012ab9b36f6f0dead52
SHA1 5413f3eb40b4827fd08ec86ed8f1253b43ddce22
SHA256 439bae9cf551f55676fe14752866af93a8a127fdbd9d4a582dd165df1f08be62
SHA512 0a7094e2f3906ca2c14c6d6de4983f41344bec54c2d952548ca13eecfa4fb0664e23ecd659608642be67ccca9510d46dd47a72b03f3b0588b19f08e4ad297a1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 d8d6461261ae74cd7a5bfaa337c2aece
SHA1 e83291f03f24ecfd997a56c925dc964ef627bc42
SHA256 c5f43ddf5ba0183ff08f5bbba7ea988a5dedfa6c54223e2c6c47fae2febad2e0
SHA512 b64b1392c4138d20129fcdcd43e10e58c2b79837d017d6aa7eccf2684cdd88d3702ff26f2a9f3871793e98bd199cfa0aab919fe23ab1f38aee80c9a6269406ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

MD5 f44dc73f9788d3313e3e25140002587c
SHA1 5aec4edc356bc673cba64ff31148b934a41d44c4
SHA256 2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983
SHA512 e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

MD5 e8d39dabcfa40334ee2667374059d308
SHA1 c93479e52b18a4b3f7cd2c6c1c4b66f621b7d8b3
SHA256 336b5dce85c51189387cf9392e737d7e3111207c0b9ca9a19eb87c0f292ccd46
SHA512 bdaa4560f1ca3deacda2335528705f4fadb444cf785a2e747bcd347ac4c2d8c1019ead33a1c426aebed6bef3c69b47930a4d5137bb5f210cfd3ebc1aa2ee33ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 4d43944f10e413e7381e4a7471a52751
SHA1 99b421b56260ecb37c975aac1ca3bc2e840772a8
SHA256 5458697a3dadf1bd29a9bea31d614c40705826c1081caa9a56e8b619110247b2
SHA512 1d050f7c59879681e3f3c76ca91d1b7df4e335322187d720989d86d14df8672ceb63bcb7b1125bce70b413c13f6977be4748243b545b2fa816816898cd989777

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 d525f2467316857696753054aee12bc4
SHA1 6c6d776b6d1ebe3a09e982452e6b97192660e2f6
SHA256 e81d112287e30f57033e713b92e3fa7d1183ddf9e23e81a23113c373379e296f
SHA512 827a834c76e7a2ce031b5c1f644a856a91b3673c47f21002e684e4fbddb8f5bbfb219d41ab3b331d2caf9d1c2a71bea3f18cf36279df58145aa63a8e7ad8db6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0546df19c7db5009272baec2c2fb6a62
SHA1 3a8ebacd3467a886dfec8d4c6d5ceeda90f3825d
SHA256 45001310161749481636913d74c55d77ab02112b7d238ee8bf9f5c0f3febf053
SHA512 70cae37117c408d3dffb1149b12aaed8f0ed66c27b364f53e6635a2c525f64c7f552956f09dc0895503c61a4f41362fcb7687f97e1da24a8017d0bdd8ff52835

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 a9851aa4c3c8af2d1bd8834201b2ba51
SHA1 fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256 e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA512 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 f27cc2afd4afdd855aa529a701b5d179
SHA1 d4ac9b737b69d1f3385e9dd5ed6a470b89b2208e
SHA256 0cef31046c7aa86529d042399c833a4a743866820ed469cafcbedd9fecf37109
SHA512 ca9a9a519410f694188178d90ea05f39dd6adf48625abac4eccc321d7d7b2b091db71421f31bb55bdcc5c7e57986c97d06f38a1b946a0b1bbd8e5f0be0de14fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 49693267e0adbcd119f9f5e02adf3a80
SHA1 3ba3d7f89b8ad195ca82c92737e960e1f2b349df
SHA256 d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f
SHA512 b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 a62d3a19ae8455b16223d3ead5300936
SHA1 c0c3083c7f5f7a6b41f440244a8226f96b300343
SHA256 c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e
SHA512 f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 406759a960eaed278f77e8c48502b7c9
SHA1 55f8bba3a9e5da7711f6b8a56e62f9c231f11000
SHA256 bc833a39c79fc61256cb5ecb89444e15a47f9c80546d03fcffbd86a37d8f8f6a
SHA512 e077fb78faf2090bd5b1e9d5e068ba1c0b4df30e6f74c6ce48485eba416f50b9cd653000e7ffc2cbbf5711d805dae2516e71a2fcb6e318822bad8823e8fba688

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 cf9235406c3c0258f14a44eb4107d9a0
SHA1 c50b3dc1216686b8155a8f21654371ab90a2ad5b
SHA256 0a0d1c1c4ad6d3ba30cc734236a9c4d6b4e02783e4d3a0405931384efd1817be
SHA512 815942714017ffbcf30cd264d9902b0894145a8f0757c0da282f75cb1fb8cd1974142bb02f7152262c169a9fd34ae41fbe59a860f0f10db8b395d3149b41d6c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c85cf70be4d643a20bc1399b1ccb9615
SHA1 30609234e98fba01de0a79eebb881de8d4ae6af8
SHA256 0e6f7e6d541dd03533e27d772772c036563aaebe238bb2b3860024c16d07ad0e
SHA512 e36602244c18ac77551e536ccd32b6a63c62035b68dfdd86765d349bf7485c8b238fdbbaa403efbba5f929c6da509ff60cd9416b82f8c786afedc3f955dd06e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

MD5 c85cf70be4d643a20bc1399b1ccb9615
SHA1 30609234e98fba01de0a79eebb881de8d4ae6af8
SHA256 0e6f7e6d541dd03533e27d772772c036563aaebe238bb2b3860024c16d07ad0e
SHA512 e36602244c18ac77551e536ccd32b6a63c62035b68dfdd86765d349bf7485c8b238fdbbaa403efbba5f929c6da509ff60cd9416b82f8c786afedc3f955dd06e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

\??\pipe\LOCAL\crashpad_2968_WAZZVAXIVNLAGJVH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 2f31d453339b0ee5fa2958d9df08fda6
SHA1 214952b8304fa1a4d0d0ddc5ec59fe7692d7b2a5
SHA256 6e9ac4cca79727eef5fff5528ce1bf6a929317c6140c20eeed8df730463eda57
SHA512 c21232f3fa81912101ad559ef0e7449168e4270bcafd624f6085b13be8082b5deeec6d43321c6d6f9f2d009997dd74dd464eff5126ea3f5c6ccbc4fc08d49970

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fbc812473cdc2ca2225b1908c0f3580f
SHA1 4b29e35d71ad60a096f1cb911926ee00476112c0
SHA256 cb2b09b58d0829ff36126622e87b9eb8adcbd7e3316a34aaaeb249e9b05775b9
SHA512 8f2d55c36524249439c8b461416433ffad4f77315b043aaf6b8670a69bc161de56b706ca7752718e3fb0a552eed4a61e5b80ac1373f2e11e3e03334b80489941

C:\Users\Admin\Downloads\Unconfirmed 110079.crdownload

MD5 19f9f47364bed03c75d1d252e37abcb6
SHA1 5ce9a73a810d5d7b4fd20354c26193c64cfc8ee2
SHA256 e03116d3adc17172613d80ea0c09316a56c296644e1fad29b80c901045815123
SHA512 640d7d723251bd7c2c9baf35994fbfb3aca07553060100c3d809cf724e9f4bba6b195b770138968e4b7277e6750ffc46c6d5934c6eae8950b1664364b9eab0bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ccf6032750dafbba401681f3628e1c24
SHA1 06a6c804b062663b66f3ff1f5eb998a81fa0d66e
SHA256 0646f7621e3b64d9212a0a379d410e66fcc056a0709fe36426220cfe14c85472
SHA512 21d6fe98f30e7fc95387c7d380e72fbf2658e635736d3f2b562898c7f6120a459469bde89a5e2f7e2eb4ba6acac4388cebc277e158600cede14762af9f0624ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0a7907bda6f46e1a0556ad7f95581db0
SHA1 35095d78eb67c5c3c5658b61d08164017aba684a
SHA256 07d7b0f3659de078802f1f2adaab2597007564f4c092ad67efad71ae0b5cb4f2
SHA512 bf43c8aa19b58024f0cd067879cb64b0dcc599627eb70f84668559f2b6cd814b062ef2644359b1f0c53a35134e9faeb39ccf9f6963e8e2f92a2ceea9153f4d57

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 613f73116e6dfe63c0ae22de1d940efc
SHA1 a0a661c80d635805f1bc63bf520e9b4492eb3076
SHA256 2256b34ba78f3428aa1e0821f7f7fae6e502c14f8f45735c3d4537c3fa3a3917
SHA512 cf8a0ada3e9f67950be1ca105dc24762f32041486d3b59fc6057ce95e0423ce6847caa9e6a98ee90c7d77aaa376556321a8e0390498e57e168583318fe6bb728

memory/4252-964-0x000001C9DB290000-0x000001C9DB9B9000-memory.dmp

memory/4252-965-0x000001C9DB290000-0x000001C9DB9B9000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 008bc3660ff7d59f81a6a8120c469310
SHA1 e032ad8fbf2a51392b6a6274b10a3e78741496ef
SHA256 1437765464d601130c48167b813998dcffed04407a69a1df3fcc066ec28653c3
SHA512 e669af89ce2f68f290a9df8ac2f743a02a0a4cf566c1a3e164752945a7fcf3e919a41c48dd917e35543ee6cf1e83a9597e2c1036a2f7b090f7ce1f8bb3e9a927

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9223ddf9c5f6740074da0b51fcea1a8d
SHA1 88de41029802bb60d4aa5ede29785d5765a384fa
SHA256 ff338dd9949cdbe39758a0162f97be799eb8da8bee08154d0d278c0d00a4b69e
SHA512 7cb44c111b805472ae628dc670c58f0edd94611d8f060f65a5a9973b91508788508048bf8ccd5bb734d706a10f4d7841f8e8ebb5c3c223d9231b035199809398

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 97cde25301476c2da752241d149437fa
SHA1 d967fdd36d028ab224009c1e32cb356904f53f66
SHA256 d7ae143ca0bf1fd3b9e74afbdf58ffd5fd4302344fef462d3cc7ef49202037f6
SHA512 f50d873127f9e222dfa2e2c6e2e43061bba424e69bcd523c2bcb5910588a7249d5db355dfa5174a099f07fc612aee46f5144f0476a4c302c032cbc6714944f0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1b94cce4-a834-4424-b694-5619ca9da9c9.tmp

MD5 a52077e0a50095f3adb4ff7db77f74e8
SHA1 a3cfe162c830705182d2ad556896abccaf4ea24f
SHA256 79455e22357ca6541213ea222ba466d4d56c4d14838d412ddb3c6c349699403e
SHA512 f9a2de24442efa25b3c98cafc88318f4ac9438edb595a21c4a428612132b586fc1e87235485267033e208d68ce65e92a4dcca8c724e5554d5907d3b2f54f1935

C:\Program Files (x86)\WindowsInstallationAssistant\Configuration.ini

MD5 4fbef54f1973ec7d9484668e95657435
SHA1 36072b5eeba0ab74e5ddeb8dbaa58c0818efec96
SHA256 8c0b1ccd67e2f916cab23ea1b658dc6c4670f9090df8e622770ca75ebc0fd15d
SHA512 5a75513620973c2eec856dcb31182834353124a6e9e5d5446839a33fbea3b515431107d3a31d7d640f109b4f2e022f308becebf90bb8ae970bd20958d63ae283

C:\Users\Admin\AppData\Local\Temp\deviceReport.xml

MD5 c6f00a9352321a44aa0e00767402da2f
SHA1 b64169875e3b0dab418464dbcde7890bd766a828
SHA256 dd0110745f423f80e21278b2a2efc580e014a3c10656942adcd5df26bf12fa85
SHA512 2dc9375d3d939673a7169dc04ff7a482e0aa98e20e7618998b29e858ca66b95c6f5f45bbb80a027181c79167243fecf3b0234a77570ed3f7b62dd8ba4e2228a0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AKIJ0XQU\remoteassistance.support.services.microsoft[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Config.Msi\e580b66.rbs

MD5 622e05217d7d6a961c5885ca2958439b
SHA1 b1176d628ac07899bf3389671606aaa0ff5d8974
SHA256 97f58d02cd9ad244f4e59f607af9eff271146ce196701bbb272f653e7d4b7054
SHA512 7573243c966c89ea60797e7c93a0cd34cba839ba56192f0ff26e4038dd0da2621f347a2ff2f9a7997afcfde244abede5e912887f12b7f490d55855e64ab97b41

C:\Users\Admin\AppData\Local\Temp\MSI41A9.tmp

MD5 c8c7e2df180b421ec0b643c05df5295f
SHA1 c4dc789c9bda2bd189a4ea561c91c7803a2f3ded
SHA256 f147c579b9ce7ab1ee2c1906bb01b78ec324afe4bb5515d6f1276a529cf47fa9
SHA512 96d88e818bae3d651e54e3b1c129d4442fe080b13b8b956156abfce5499ea7f2d31e4a9488525a33ee8ba64d699cc0537744a1e8cfd1ab238e553e0bf2f4c11f

C:\Users\Admin\AppData\Local\PCHealthCheck\PC Health Check.lnk

MD5 6bbd9de889472af2a61232dc12b4e473
SHA1 7202d00dac5934672db3164309ad103caf6bff41
SHA256 1eab1a75ed949b245b3abad1e1b52da3e20c81ab3ef31f359f27bde35c1c8385
SHA512 98c62af5f81d84c67ad976650f7ea943bf783bf857cfe62ee2567832d198422a9183d9780a7e99610bcdbf85bb80a17681b4ed65cc40ce1f9484a0132741df49

memory/5676-1392-0x000001875D670000-0x000001875D671000-memory.dmp

memory/5676-1393-0x000001875D670000-0x000001875D671000-memory.dmp

memory/5676-1394-0x000001875D670000-0x000001875D671000-memory.dmp

memory/5676-1399-0x000001875D670000-0x000001875D671000-memory.dmp

memory/5676-1398-0x000001875D670000-0x000001875D671000-memory.dmp

memory/5676-1400-0x000001875D670000-0x000001875D671000-memory.dmp

memory/5676-1401-0x000001875D670000-0x000001875D671000-memory.dmp

memory/5676-1402-0x000001875D670000-0x000001875D671000-memory.dmp

memory/5676-1403-0x000001875D670000-0x000001875D671000-memory.dmp

memory/5676-1404-0x000001875D670000-0x000001875D671000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0ebe90a9-f5c4-40ec-b264-e23c85dc4a97.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9280960b3bc2ba68b7b1ef97ab501850
SHA1 6b992adce0c86586916bdbc184b54b01daa20c25
SHA256 33986cf1eee31a987001390bd25068e00d78f34c068fb649662c99c0ea7a8a90
SHA512 c62c29c130f26c6d11698c44e07ff4ade2304cc5db90552a3fec4018eeced70b13391f2611f4dd17e716e835dad7cf2bf2aa2e8a8514ef877a67459dd6a1f989

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4a7535d4b87f8f10a7c32ea2338ac8a7
SHA1 d39f100f5cdd971941e3f414db1603054b3709b3
SHA256 4ac72eacd98e6361ad3bd2768c81cb9bf5d6bf1a6b5971258ead4c65308ae5b7
SHA512 1564db5b07e04e45f421ebe85883da6dd6d113b134f337b55b458d6e62b53e785e38f9bbdd3198b0f94a949481afbd00d5399859ecfb2b394aed177e8779440e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 818ce7d3494b5d929e689353ae643c3d
SHA1 58db0b97f9edecd5a5abc423bb3faf55041aabfb
SHA256 34aced77a54f57477ae504880fa15039be47e71fb3bf67a3e664de26803a36d4
SHA512 b021b33c27c9746ece77535160cc99e34a6f33382e0f6fbf9f2b422533cd09a4b551bcd3be5c9d7657a3cbb2f52da647237f221b295e95b21930c4f6fe5a8368

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 927bdab452c6e74a24ed4c042c480d98
SHA1 be80cf67a88c6fe7674e169186dce4fdd514d1dc
SHA256 9c3c84dfd74e20deb9dd99859a60315ea76cf055e647eb1e445dc3abc7f97211
SHA512 21e9b366bb3b70e242ab0dc2f3faf6016f1157c3c19b3b386a0d52231cbba53fcfd75f67ed4c984b90f0e1b54da9fb0aaf75445c60d448fe6b9a6b3c0d66a794

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3f737577113288a892b139418c76becc
SHA1 4452d443add980f6343fcfde26d15f0191aa7b97
SHA256 25cd039af80f0f74f3702b19396bbb57fea626613bfa6b051927219575833c79
SHA512 25cd20e152967e4f7105f594ce7d06c1a2ea0062e9d76ec4cfb152d6068632fb6a06b06c888c3b0c4ab523e7ef0348b03e93df7c55f8fec17e36f18e116bb763

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9113b44b31fea8923ab0745c9390e821
SHA1 e69e2addaaae16e40622f584e106dfffd3a684a7
SHA256 c74b002d5068cf3185b447be8f15c9888d364c805caf8a13e0a0f4468c917b6f
SHA512 19afe9697a88c709e4142d6ae368d8f5fe848c50efd350033f02bcfc4fedd5d07500d7ffc79fba23afb70cc83bed3db057b80ba30f25d9566756f1d3c6051277

C:\Users\Admin\Downloads\MBSetup-E188FB74.exe

MD5 1ed0d8b2214a5d067d5422145689f747
SHA1 e671419cc7957c1118b9bb84251a40c03351f07f
SHA256 06a4bacdae17ad89c8fc93fc4ebf6603ca406e8bcc51f3fd32f700d18436be56
SHA512 e2a686efcb1bcda6b55c5d10654124fc2b27c426a979929a1e9de171794745abc9f0cd9dbd302a4e02d95269c7abee5dd051c1687e8f794da317b3fc4bf665b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e28ea45b448620887cca9097c0e89dc3
SHA1 4b03a7a1db000e6f909a5023e8358daf65118242
SHA256 69e5419d769cf01639a9c0e1312e0efbe8b7ec9917ddb9047fe222d8b9db7887
SHA512 41b3cd1b2d8f116dd2a2e8c29ee538e1aec99f68070b3d6ea9e58cdc088d9c827d9b662114bbfa9893b7139edb1d27453aa4a56d14434f894030790245928f7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 443a8646993c22d367ad90b5a2dd196c
SHA1 bc003e885bfdd989273eb8b8ee3d2c005768763b
SHA256 f450745f60f2e96f8bf5a9602393c28c2392c678fadab1bd8d496b6a5511c31f
SHA512 a90dc6bfdc25b6b5866a0a0506d54a5d8a279b7828a45783d976b28e1458477d0ad0408f7ee642ba98d76145237667d69adc2dd0f8c75249b699489288cf62ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 69c246cd5620f61bf062b91c7776114a
SHA1 d79ee4ead2fc26933314db86e51949fb169041ab
SHA256 4f1b203a072750f7733ecc907473d721aafff62a91af02ba84a8365e572603a4
SHA512 808f52b5b746b14bf3fa03d1d7bf1503885467d4054dc1d43d8ee1708028900a71e02c6287394cc5577b5b73f881f6a6d47ee41dc4de772c712b52cf3acd8cc0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0e5c3c9853cd8dd88a5ef16826a51cdc
SHA1 420707325f94d16476e43ea4d517ca3dd7b44e1d
SHA256 93b3ef80679b18a662903e3bb1708adfa463e69108a4c118a70aa831d3e56dbb
SHA512 a9d963dd6be81ff05deee07c75f8a6887299e5513b1335cd515720399b60bcaef1f2db368eaee7ec87e6136721ecf7710c17f907e5769f20e4915c19c5b7cc13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e4f8adff052bcd9de660254e33733f67
SHA1 4ae483041944fef792b1a9385ea167feb0d9d0bd
SHA256 576d4fae1d4a36fb23b4966cd678f801bd03edd1171ab28a02694115a9d6a28e
SHA512 ff5a9264cbf2c6a860c4a28e37062ae8f4f527be99c17d78b01ce6c3a12ff454e085869a9021208d162391140f696240fbccaa9c64d9c2e5f7e79f748c3143c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fb3b825e357daa9f07f37bb6dbc0dd74
SHA1 613c166ea169af06c72e823f49dd0fafc7a7233a
SHA256 b6d53fb1d4199c8e1f4aa5b0dc3783a3f8b6abf26621863f93c21fa3d9ec9858
SHA512 aecf9053b662636ec2691d3005707fb8b34de36e23dd0da20c58b95efe0e4c8a38de7c680f835fc37bb279659ee1f19053cca2dd23fee56006325e94536fd713

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fd4cbdd40dd48b6c6c3911f2d2f0000e
SHA1 be19cf7ad504a5e08ac61258ab28f00c37b1282c
SHA256 a1944aa1177c4b21be043933c08f88895bb35d8e36d9aacb0f3b23f1396a69ec
SHA512 c4f599f6ba5ecd6f1c04f3a18019faebb2a19a9ed6b13adc52919f8963572ec7b049d0a9e9d6757311bd85361f85b8b913d010e5c71e335c70b5a0e5b18cd478

memory/5292-2017-0x0000015A2EF80000-0x0000015A2EF81000-memory.dmp

memory/5292-2018-0x0000015A2EF80000-0x0000015A2EF81000-memory.dmp

memory/5292-2016-0x0000015A2EF80000-0x0000015A2EF81000-memory.dmp

memory/5292-2022-0x0000015A2EF80000-0x0000015A2EF81000-memory.dmp

memory/5292-2023-0x0000015A2EF80000-0x0000015A2EF81000-memory.dmp

memory/5292-2024-0x0000015A2EF80000-0x0000015A2EF81000-memory.dmp

memory/5292-2025-0x0000015A2EF80000-0x0000015A2EF81000-memory.dmp

memory/5292-2026-0x0000015A2EF80000-0x0000015A2EF81000-memory.dmp

memory/5292-2027-0x0000015A2EF80000-0x0000015A2EF81000-memory.dmp

C:\Windows\Temp\MBInstallTempabb77c7dd57c11edac28e27224d40471\servicepkg\MBAMService.exe

MD5 df6a796460b0f70a9a42cb1ab98e7ffd
SHA1 657c2c3cdef7325c6331f377fe0227760f6bde1a
SHA256 676f3c56d6e5c8dddd7f01d5d10baad352683a2cb8b9bd4ce526a7629fc8fa43
SHA512 21b399a76845f81ceabc60d2225ddea30296f3ecd52a3668e60a51d9593c9444596b8ec041b53ae8d8f6f18ee54ab23db8678945e832355e9e76a6fbbfcc0b87

C:\Windows\Temp\MBInstallTempabb77c7dd57c11edac28e27224d40471\servicepkg\mbamelam.sys

MD5 9e77c51e14fa9a323ee1635dc74ecc07
SHA1 a78bde0bd73260ce7af9cdc441af9db54d1637c2
SHA256 b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0
SHA512 a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

C:\Windows\Temp\MBInstallTempabb77c7dd57c11edac28e27224d40471\servicepkg\mbamelam.cat

MD5 60608328775d6acf03eaab38407e5b7c
SHA1 9f63644893517286753f63ad6d01bc8bfacf79b1
SHA256 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59
SHA512 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

C:\Windows\Temp\MBInstallTempabb77c7dd57c11edac28e27224d40471\servicepkg\mbamelam.inf

MD5 c481ad4dd1d91860335787aa61177932
SHA1 81633414c5bf5832a8584fb0740bc09596b9b66d
SHA256 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3
SHA512 d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat

MD5 69b658fbeec3172c7399a81fca80be51
SHA1 8f7b19f9428f3e53702209715d244f2516b7385d
SHA256 80f5bbe171839f4bc52616af01fe90931f72cba73c0008119e3046281c765b51
SHA512 8f609422356246b8f88f88545fc496ad18829241ce52ad05a764342c9ba7fc39d0bd2f5025d8a1dfc050389c6724d5d7d313c1d230a5074ab1c0173472e2fb09

C:\Windows\Temp\MBInstallTempabb77c7dd57c11edac28e27224d40471\uipkg\QtQuick\Controls.2\HorizontalHeaderView.qml

MD5 d8c9674c0e9bddbd8aa59a9d343cf462
SHA1 490aa022ac31ddce86d5b62f913b23fbb0de27c2
SHA256 1ef333b5fb4d8075973f312ef787237240b9f49f3f9185fb21202883f900e7d7
SHA512 0b86ec673133f6400c38b79f9ba4f7b37ce5afdab1a2e34acbf75019e2590cc26b26d323ddc1567c91375053c9c8593be0615389db8eb1a8d1eb084ad4200b82

C:\Windows\Temp\MBInstallTempabb77c7dd57c11edac28e27224d40471\uipkg\QtQuick\Controls.2\Imagine\VerticalHeaderView.qml

MD5 829769b2741d92df3c5d837eee64f297
SHA1 f61c91436ca3420c4e9b94833839fd9c14024b69
SHA256 489c02f8716e7a1de61834b3d8bbb61bce91ca4a33a6b62342b4c851d93e51e0
SHA512 4061c271db37523b9dea9a9973226d91337e1809d4e7767e57ac938d35d77a302363ed92ab4be18c35ba589f528194ad71c93a8507449bf74dd035acf7cdb521

C:\Windows\Temp\MBInstallTempabb77c7dd57c11edac28e27224d40471\ctlrpkg\mbae64.sys

MD5 95515708f41a7e283d6725506f56f6f2
SHA1 9afc20a19db3d2a75b6915d8d9af602c5218735e
SHA256 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6
SHA512 d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

C:\Program Files\Malwarebytes\Anti-Malware\uipkgver.dat

MD5 74c6677020fc6b6c867aab117078bf5f
SHA1 8c46db37dc0b39eb963d4144539c8b591e122400
SHA256 cdbb9bc874d71e154c71b68b1fe959913d286036dac11e226e5620c919ba9708
SHA512 3f9db8d9bb25322f8d8e750750bf92dbe6ac63d686eced65cddfcd61178cf0e947118a491058414d4d2cbb4892e39815565669aee0dfdda23aece72d278292d0

C:\Program Files\Malwarebytes\Anti-Malware\version.dat

MD5 58d40b73ada2211add27d1dd37249cdf
SHA1 927afd2476c0f2fdc61ed2b79b3bed7b06a7848f
SHA256 b4da49d539b25655eeeb11b6bbe4328e5582a36801d7a98b8693e0bf5ab4b40b
SHA512 e83915d0335ded6acefc81ef4b51369079ef3cb5204e5b36c4544792cefea0f3caef417d126aa7b77b61fb5f731005d704c7b0f1bcc7c14aac4b9eab6ef5c8db

C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

MD5 5de6761dfaf6bff8a566a80bad9c0aed
SHA1 7c513bf3de55d4a397b3f41e538fa4988c41820c
SHA256 74f655918435255fc9d1cc9a7be6750df82f5a5dc4d3e422c5fd40e686826d9e
SHA512 87d9a3a5a4d8153273b3504c86a3a54a693ce8f0b23c3ac7719bdc646b516d59aae4f4f25c4d16d7c3860111029f20dcc13be19c44cc8edc6ed05fac7e86a491

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 8bd4370a9f1d051866092b421ecd7945
SHA1 2fc90ddb7e8f17554f43da17f5f0d77ac1d4bb75
SHA256 81056795bbca0c60df095a7ca11306ccf5061622ccfb76495a8d9dde8c000919
SHA512 07b8f775f8f25bf64465233cd3804e1acdd46ba3eb4284f16ae3b80fbce07876b1abf6c4e9a2216e5c8cc00e9f5a3dcb9b0cdfa3662c340b0e40f88dee23ccc0

C:\Windows\Temp\MBInstallTempabb77c7dd57c11edac28e27224d40471\servicepkg\mbshlext.dll

MD5 b7e5071b317550d93258f7e1e13e7b6f
SHA1 2d08d78a5c29cf724bc523530d1a9014642bbc60
SHA256 467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064
SHA512 9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 b73728b7600fe179160ca75568d73ac4
SHA1 68d8200499e90b4c0a609787de90c447396bb1c8
SHA256 16b1e74d480b1c8a06ac8bef2d2e45e9c1ef857fd309b72fe5b0c8e65c2d9c44
SHA512 7edf953db1e047e3403fbfa43873f1698d0862fe470041fe1252a2a191ae920a0a6a371daa410fce972ab8dc47bf363fab34611a799f60ab6f3523d1fd37f432

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 ffc17d984d220b654394874d4b98b3b1
SHA1 4e89aee1ce850869caa5bccd6c47a0f99667c6c0
SHA256 a4533252801ac77e7818afaf7e252bc6051c7bda1ce7915adfcb6973b0f96e12
SHA512 d6d28eafad6e51a6308731f542d963ff89474756b7ec47fa063e9b23f95145074b79ff59f729ae02e61e1a36d573659284f6cb9f7f441676ed522c45fa84d145

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 529b7c9122b57930a16803a7e6e5bacf
SHA1 a12e92ba215b1856db0802bae60f8c703f445cca
SHA256 e5068616df00f1b32dcbad55023b5207c6549a8645cd1bbe5e26f163e7f25c4c
SHA512 9b72c8f7796a7441890f7a9d1be028047c537b1c89ecede8ca8523f0aeac869373122219678f0e9c8f1e1bd6926e0e80d9b61e4f2b5f7cbd53434bc27e91556e

C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat

MD5 9466779ef3a5e0fed21a03a75909108d
SHA1 9935604440836181d5dbff6a8c5e2ffab8f2a9e1
SHA256 e9b59328920da7d2e77b9e0bcc0618a6fa4e6f73e0e3082df4f6eca051f2ddf5
SHA512 5427380937f8b41c91e1b4792941347a152c72284094aa637dbdba56896a2bbf448b37bb5a5cfb9d77ad305690e3fb4d7beaa5eac45218e7d5d3c64fd9c9fc90

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

MD5 b58006f5ca1fa91eca8b0dea290e600c
SHA1 e8399c118302ee3330e3bc3c6ae292b90d1654c4
SHA256 f1121805170ad019ce8354bc7bb3989bceb0d1c37a5442255aea82c15397028d
SHA512 0ea324e196f4297c3584181ba7ce4ee1142488db4792c7e892f268fbb8221723fac755d585c22b5772d24530294713413dfd4a059331d7e7586d09de76d3cec9

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 fe004b9682a887741227811ed3b2c044
SHA1 9b9ae4434fbb30f7085a37d8c50179e16f02f7c3
SHA256 42c79d2766ddba81892e334d2ac9fb52dd7d017cb1c2fee664805d34828da251
SHA512 c8670512524a22ed0a43e38296b9169e5b95d4b2913895ba573bf20c5c72e26f122ec2a9d717fc1e74776413d901802ccc92367989280a36ce4fff63bd960ec6

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

MD5 f2b7267bbe2d70a06247da5c66aa4872
SHA1 50563918a81c9d4ad66803b5d8d3837b8c06cd1f
SHA256 2bc5adfbb9d73c82bc16f19c40f239ea7b2453dcba51b3c90839d0cf094e3f76
SHA512 9fd7dd831e6fcbca92c4f3ad0a19aa769c7746353156c6d83bfcd8c577db7720376c96360d1894eb145eb3297eb286def0adece3be8cf4bdce7929bf599a326a

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 396433154d189142b2f22f66ccc9144a
SHA1 276ab6b1f379e28875438dc9a883f01a1eeb1b06
SHA256 cbd367007cf56b3497612fa2a405f022bf938c5383180222b2b425cfcfeec850
SHA512 fb32779a7c35b79f5e18d70cffc8551a8a5c6f6fff4bd9d7dad00f3a0268007ad8cdbb71e8374015f4de344c216e12facbb5726e40cecca916dcff64ca1a2336

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 43c8cd5f4f0ae709aa5e23e70b15a206
SHA1 968fa916f41c6a46b5baa10024b1be003ad0a964
SHA256 bf2fda646b57ff7c86c5651ae440c640c6baf1ec5abf101838a0a2571df74f17
SHA512 27580c1fff434f56c104072a30fe98bec58de293d922b35f9fa3db6e15bbb2a5a778f78ef0d9257f7af953b9f1c10802b6549329ad4f5c8fc443a610066b9ec0

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb

MD5 2f7423ca7c6a0f1339980f3c8c7de9f8
SHA1 102c77faa28885354cfe6725d987bc23bc7108ba
SHA256 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55
SHA512 e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb

MD5 546d9e30eadad8b22f5b3ffa875144bf
SHA1 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d
SHA256 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f
SHA512 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

MD5 c70babdb770d788864a123c74440a3fe
SHA1 09d34d6b5b45443d1afef1c6481846450713bc5c
SHA256 cd0dd4143aeb39b32ba5320af1f79e272c2a601df8684edced0bf4601d3d9b94
SHA512 0fc6887f63fbec35f7bc457385dc2791e06e79726a5e1e35441df05956ace62b321759b50b411df7d038094a239cff119f8659a22257bb75fd0e4f2a7d81a938

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb

MD5 3b6a3349c1b7b5b51f2c9b6547565010
SHA1 7e462057e984b67517ea18ab8052dab7754ff761
SHA256 04de4fbb5cfa86903d49ac7235122b5fd302245318aec0cf5df1a365e8f4d9fb
SHA512 bdd6208927d1263365f66823ef30e92ec649fd8e329b2d80ed419606f2f1e2679febd99b67bc893d2e21fe43be1badc8b0d905b3c74692da5fcf75b3af7e0579

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb

MD5 8b6c251dc30e650c5db33d757ab8197e
SHA1 714315ce6df0eec6fc84ed9a895ec3b9625536e1
SHA256 5f32c14a77409404e6c2087a6668020b55168d8d1eeb817188844f0224bda01d
SHA512 e24ae7549441523951319159da6b6680b97dfbcfd82f25c24067f1f2e139afa9f0fb0d4a878cb85da47e5fdb6c65ef201a18e99ebb1dc7e610aa4f0f3393fcc3

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb

MD5 139463e2c959cb40c3cd45d9fbde3d9b
SHA1 366d67d10d35cc969de0119c43793944810eaf21
SHA256 db2c789d5b6879a3a3ba9bae5a928be8f930ccca617daff4f2d14d148a232808
SHA512 1a37f6bf3cc837a6582cedee5e72ec5af19dd9707015ca1ad12d20da6d5ab26efad8bf79ddecf3eb8e75f0c9b06edc7f9a6a0319e130496c10ef43713e0426b4

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

MD5 1eff53d95ecaf6bbfffe80d866d8e1dd
SHA1 d7ef7d7c77fd04b2c0eb8c16bb3cd08057f6742f
SHA256 6dd748f7ca56125cbe158fa3612f08e7312ef58ad5375e6b7ab5532cc16ca0ac
SHA512 c59b8e6f0b238a247e64b9c7bb42213dadac1dada63542830a6292361174c935c0c662b2d1aed3fb6100cc4993297b1eaf25e328f2b4613458c4ffca63b9f02d

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat

MD5 10f23e7c8c791b91c86cd966d67b7bc7
SHA1 3f596093b2bc33f7a2554818f8e41adbbd101961
SHA256 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc
SHA512 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt

MD5 aef4eca7ee01bb1a146751c4d0510d2d
SHA1 5cf2273da41147126e5e1eabd3182f19304eea25
SHA256 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f
SHA512 d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat

MD5 799d50de0c4444521c761c0a0af26c67
SHA1 732e40c58bc6078ae1ba66acbf72df6abf472808
SHA256 0203f4685d76cf93371a3fd7309a59faa27eb9d12d27cb006cfe131cb31baf6e
SHA512 9d10a865f383feb35e3f2d568b47576747294cc07a337ff9043a2a24867075c6dcadd96e34d0fe754866d4015daa42ea260529898f04914262231c0ee03f00a8

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat

MD5 2263ede8aa94930fae3492f244a759a5
SHA1 c53f500135095e5fa2c0378c2ff6f74bf0da6b82
SHA256 f974948ef34a051c9e3eefe7b432ce6d807981c3213b2bfffbbb2b5d0613c52f
SHA512 a90b2681d5f49b75519fd51d83aa002bd8ffa6b3fc3f04fb37f37168acaffbb1a7b0265a478847369f201eacf29286c6bef5e9d0e81817e5f73d30f5050472cd

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin

MD5 544a36063346eeb1e751030008a9f7e3
SHA1 b5c44a037d16bfd5cfe0e6ba9cb770111b3aac82
SHA256 33a822063dc53b5a693b5920f6a14bf4c9c1905c08b3257b7621c9f0c41d39d6
SHA512 fb86ef1c271d10da364654b244253a4492b8331d69e2a71479671a44f613b88a72822b5a849159b63b7b28c7cbe0c6b7ed35f82cf749a598b23676fae70f279c

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm

MD5 e0eee5953568d8864339b89232e632f1
SHA1 951e3c6823da31ab9ed3148b8d2601db6c2b2207
SHA256 4b094a90792d83bd326f88977c5e104a0d1fd6f76c91b76c34ea339d3858ca44
SHA512 aa42891c915656d674549aca638db0e6693209238400b6d81dfe9235c3ccb80a36d09e810c10b7bceec41f16b920f14fa1e49ddc1bacb53b6efb24b8e7b1d82d

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

MD5 a0c8362555e8e9e9c04474775cd80e99
SHA1 506e08856dc484df5675c78d9b376e084c51fd82
SHA256 f2477ea901bf68173ad9fd125fcdc883ef98a6a4496d9e3bf8b991e1695269ea
SHA512 dfe1660b29b513932ff424cb9e4d9c76062ab76157758fb3bcb6b4bcf37c3f058bfd64fd53c00d640cd1a17ede474be6eb1acfe18d9395d80565b05603185f70

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

MD5 d908bf36449a1c0b6cec38c21339bd19
SHA1 1b52f19d0228868cfa20c83b3f87924c9ace1976
SHA256 448db797df9a8ac2a9450cbf439190d97db78f1cc27b4d2d77a1ff5817d919be
SHA512 113f0c90b8dd406ee7298026675c576f2458d1234e8aeb158a0bb9e82bd652f2f728f0ae09cd82e641b80c5799c8cbffc4b88857055c3e7f4456c9d172bb0daf

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

MD5 1ed53171d00f440f29a12f9beb84dac4
SHA1 4d9a1e3579b0999f1ab2fa818b588411e9ee920c
SHA256 e659e687a872050f9e65d78992d16bd9b393cf3f8e8c94e0e15fb42b7065327e
SHA512 17161cfc672d1b996b8af4ebac17f9a8a3807f38c9a23e2e5b4dadcd9a21c3a64faec9bf59147022a9df88b80f89300f1b537091289bd7a42806bd206a317e6e

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

MD5 f712ebc5aa4cc78b7f1a0c8810ce7db4
SHA1 48899721fbcd93b7d5440ce269b7777a62582eab
SHA256 46d6f6dad272240bcdcfc0d5c42f88a2784a5ebf31bb284555cf260b21e8a4d1
SHA512 20ea70c3b4e3cdd3727207b9b13e54332bee15ca18cde5228c7f93982310d77e5f6ebccd1a8251ad4d8cbf9ac6646bf7f5856f1c82d3b3ef2390fa779ec06017

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

MD5 f4bcae29120428ab0d1b72acc375d7fe
SHA1 0970f103d74c634a91afd69388ab692f2df4819a
SHA256 f6e63c104b5a3714a035d2272e4663b0d9599c405bb31e7f9e7e108205707d4a
SHA512 078c4a5a15882ad74eaae3539bb787f28a5b3bb18e8b3a33bf44cfaf98d7dae05bf73245193ad2d3075686b6405c25a6cecdad3d6bb36ffa8b3da5812ae675b0

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll

MD5 888b794737cd78e918486cd2a4116c65
SHA1 335aa063439ee8c2242591dd4cfe6c9bc28531fe
SHA256 2194ea4af98e6ba23e14ac60860a6c727f4694a9d904025288997ad05f0859bc
SHA512 f6a15dc86a89adcbf9ea6b96eb7d5671a2077696ef4cacf88c36d7c73c5f28d96f4a257ae8672981a24907e0583bb15c01dfe09ee1ac5837ffa693d5668dbbeb

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 07bd6e786dfe07a53dc906b99dc7aefe
SHA1 72555043c39eb8a0d3dc75048c19b2fc3012e8ab
SHA256 f757562e2bf7fd697bccc1b8387ea699f5deb52c8577380299cefe3df619cc4e
SHA512 ce9f3e1f9f4b4f1804292c6e69274c4d7a9315bf7a29ec2c805f6e2fa397c22e67620597db918b0866f91c44c47c490ba746bfc6236014fb9a1f9e735113e0d8

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 c92c7fc4f2e0ccf0a85727187a8dd843
SHA1 386cbd02b5c495f7f6ac0837c81ecaf44022d0d1
SHA256 fc04c8254c23be65a18ee0e5134c0c8f1c141714a8023d4ac356f2cd72613c67
SHA512 53b40b96d81d35522ba7e1ca62e80927d2fe020369f37cf154c317ad67b2ad8e34a70a8296ebc52bce3ce347fe88cc0592751b7d1cf106895ec79d87ee2ea051

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 c2707af294da024216d1cadbd1c684c9
SHA1 bd2b68195d31d1e2e80e017cbe80ea0f2fbf17d8
SHA256 fcda49fc1048e969cef7ef312bc8a96ea1bf8d66ef6d776dd60cb3a488d6f46e
SHA512 03c87903f144279991fda4f6e9923099eefd240f60e7c1619ee2745be2308af0ab4b9e8c7674fee9a69e19322e1dcbe23089ff2e66bb77d2c39983ef8efd5489

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 c7fb6293d83a77d1180f421659548c76
SHA1 c9dad1f4be42b08b924a8984972c7a59d865f310
SHA256 dbd710842a000bc19063df7c88a6ecc24b17ba1aa8a65490581c9067804d96ba
SHA512 cf433d473a15bfa89dabc9afd5cc948751bc3cbc342204ff6f7b7c4291c598d093dbe318cce8f3c3e071a35b14a7e982a79e69dfc6eb89cab0feba9484b0704b

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 f2176b49d920c15b4bfed9988b1fdb61
SHA1 3a81db64f5f36c1b3592efc34086f9de50c894c5
SHA256 a39a3192fd44fd49270c96c8b066f2764cbc233fd68b094d47ce2a685005ec78
SHA512 2e7f6fb19ca9735aa05a5db774d5f57217b86ea95cda1e61f935546a2ddcb8b769de4f422b017518002d4d5ebefcb4eec8ef3bb730a87e5032d84a1e4ae11ce9

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 c08e68bbc0f7f98a2b7f9e22430429ad
SHA1 00c60bafa8dfe37d0cd34665f899eb44b5afabac
SHA256 3f06bb101ffdc2e8f14c3a715a617463acf94cb7e93b10a643a2eb46527436cf
SHA512 d0b7225c1da08b5abf832ba06c8308871a08091d91b8481000a65e7f63ca4773c89aef5a5c36d12272e6ab8128f2087790ef5f3585d06d0d6a3dfbe3b1b942ca

C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys

MD5 1dc6d344ee9b6b024ba23278891db9a5
SHA1 519b792d11daa2bf9d127f69cdd603a236576e04
SHA256 823e1c7321e177b006c1f3fd1ec8b99607a12d2c3c321f3a6cbbcf7030b6c240
SHA512 fb96c4ede03c3aa729d2ea5a72c5f14029f6d69a79b6e0d5449e371bf3acdbbd1cb2079e8bbac3a3140a257c71018bc7a2a31a45ad5c8b65382e67cc3431ab6a

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 f70798bd737ea3998e3804e797ca54f3
SHA1 4f21b3238b70d3067b1b3e47289174847b6a766e
SHA256 7c9fc1d619f0e2d11d041279fa6d5b66a77d0ef278908ef450ff0b102c0fbf3f
SHA512 8117ef0f9d6b3a382ff254d05e80ae2e6f57d4bc2f01944a4c7e96106f7bfbb0a9f047c9a472c5e25e13ee643bc7857161b3b399e2919c8635f23da94d0c0e9d

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys

MD5 6a21162e1c8a9f65787b14bc439eb077
SHA1 1bf68b253edd6cae098144e24e09b4e22178784f
SHA256 8b7990e1c676f53918e41f6b18b20179d77e598352d9243b05e2ea22b2d9e4fe
SHA512 a0dafe66479b9e68ebf04a7e2fa7c7cc352fb075356b7eccebee7af527393711e3cb36c7ff6466a5e28b17d1d003c1c49ef176b448f5de36a7c8177c9c8808c4

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak

MD5 fbbd8463e64e6cee525bd2ab8dd6e505
SHA1 cd513ac652dec2d465c0d1be6420d1d21008084c
SHA256 b4934f3eadad224573703c2e43ab72e697846c04eaf05b9433df8f280f9d2d2f
SHA512 4622553f18b475536a75aa8439fa602e53064f1831b708eec4e74aff7200f801b537cb9e655255427f1bfa411e5542df99a8b3589818e59f565136ebd6ca4ceb

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak

MD5 38e6ff5f9dc4dbbd825140549c0e9f80
SHA1 013703d76c4b984eff67184883983e7206b10971
SHA256 bd8bf2d7ac13e8392f86dbfee52af30f716a4ed33d59d0b1c887ef090c5e74f8
SHA512 db6f7f2a28fbe65a5568096fc0c714da8bc2cf248716255eb2b58e894deda9a661eb25abc7a52c6c0303bac6f5640797126e9ad79cbb0699a6da1cc911fee56b

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 0ccd429389bec4821c307d534c8ddeb1
SHA1 66401078e83a521168d44b7773724fcd735aa09b
SHA256 be632300f02d68dbe979072b6ec8a37b808bc86ba646d5aa86b188898f81cd32
SHA512 8801f2e8117d52abaa43f62bc1bc2b4d84dc9a60bf60d2bf6a5d346f4d68728815f5122e97da8ef73fe170e68697ed1036c67c053a3036b05aa8f0657df0e13d

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 4fbc26f5894bd8f4cdd91d99a3b66e9d
SHA1 745a496033c0ede346cc51d47750d1f44192ee68
SHA256 0b6e7eea03b3e716170009cb9ee064efb1a38c90eb41b48edba9e703c429c6b6
SHA512 2c596130a30865be6446e107a3bc16d4fad0e17689e78e28a0803675b931c2a76f56fba10fb675a06a0efdd0ab358b787dcfa44dfa65042e517bb53e1b99aad1

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 5e64b1912bfa4f83645fb8aa1f19e278
SHA1 bcdf2bf0b60ca613bb955b2e48ad646bb828cbdf
SHA256 aac5ca23a7a50aa7f1284a312a2a3c4980bffea65179b12ed97957b13e7a1917
SHA512 e81cf918e07ebb8c2988e8e619e9d35b1af64367090407a708235eaeb4daac23cf795f459298336edf54d2874ec18e375bd597fcf257ee46a3784fa263ac0d51

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 7e38a35903d08487c153ed4cf82ae16e
SHA1 90d1872f14572b16a6abb38bab2ec8b73858fb6c
SHA256 f6c5dfd4f019ba6a76827083014a457c0dc0abbc3117a8133fbb42493ad69d6f
SHA512 097728f585b5c6a48c0d44971e1e6439a79181c8f2e456f2bcc30380c85cc3a6d27eeff07543af2d05ef259be699b82f4a8eef3f161cad0244ea96eaa029b92f

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 57f7eb0e5c366364d7d5c46ab7d45172
SHA1 dda4650a9347d4dd564d12674a36f4600082ef80
SHA256 e3b1f0b0fce26f01da43fc88bdde2c611ab7e39098af485ad7508a49621915c8
SHA512 82d81d5cd4c17df8f254932d6cacde59ebb0cbfb9ff572505f5b9fd27dcfa0b976e779a84a16f3ffc235a2a14593703659ba951f12649859b8e52ac7807984e6

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 da6787d8ecc0f754feb2a813f2bc7072
SHA1 944ca544a1697b67d5131267865766a9c761306b
SHA256 30ca28ec3e239232047652053da026dd2add45b4975e304c986412af6b4f87fe
SHA512 c6c9245547123733e5a6d7453ae10bebbdb357b1bc667ad665396236039874273a3d378a4f755ebb58cfb9629afd9c17d827955e1060181331721015dcbc923e

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 3b3575c3863975dfe573e9939bf0e08a
SHA1 3e6b75042a8ae62a5ac27ee49bbe6261d35e1a66
SHA256 76ad5ac6189b2e0eb96068c0ec299ca17c55a01473116ac6c09ac8ef33754550
SHA512 1dc27d35a794738a4d749a859c759d8d06feb78bb8d29f7915876326263e220b64b8937dbda967028e75ae6efc0ff258866c6d9df425b4c43e864aa8060a5bc6

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 97b7917331f546c710c1bcb808a937b9
SHA1 52ad82b3cd1b553df480c451a1f23e02d9db47f3
SHA256 1ead8286447e630e45462e9a35b195429fc9d7b54544f9ca9c1e39d6a2a4347d
SHA512 f3f9a3c0b5d1bfb5a9d0cba514ded410e07ac9e9a264cd0aa938dd8fa9ce8e87e1296b2703e57dc47743228565aa6b04bde9d3bfbf69483e5f1f8ef0327bbcf3

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 d05c80afb78d10f8e6c4ce14306c862e
SHA1 ed92320c4c9c3f585c047da0f07f13b24472a113
SHA256 445241ccf747831458f334bacec3a73c9b60e0533512ccb2fe1967f5cb6f999a
SHA512 a54573dde08644637423e72f8af416cca3e8a6509969e5ce343390f0c6490d863604348c44c30367114da5e8cab90a1031f4e87575f9ab18145fe0a576043eb6

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 fb7251e88fd98e18e022f36fdcadb307
SHA1 881ab282f8df101b863ece2d7f0aeb0e4fac09c5
SHA256 777d4cdd4509d3575ccfb6c1bd15b0ddb80fcb2725042229151ea8695f66436d
SHA512 67f32c3d1ea0c47e7efd852858305ad3c6009f03b0f1b846c4aa00b1f670fe29f1e90066bb95f22bd41de4c7665b048f64e83b5fc35f188aa539403cabdfcc63

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 2c0116f2941231b7fcf0ece5cc411c43
SHA1 035d9bd8316503b4bbb7d6bac8e5aebf4674ed57
SHA256 97a68dce4004f2c967f9bcf41b7e12d2f8561c72c9251156ca85459b244defc3
SHA512 42630799e21d8ac5eb1ce89ed02fc2657fe11f1880f0bbeef7d32e9bc7d75e2c5f4e62f239728149e1584be3870d707a0709ebb2c14c43f43d58fced06a8249b

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 736e7011fb5d4efc1444ad2dae48984b
SHA1 606f42be6ca8f2e737d688d028f2ccb460dcfd19
SHA256 f56857c32928a1f3d45f438ebfd1b6ee5542b4487ee51584a04b97c160b58504
SHA512 697c3a2820576ad0305ebb7a0795b00d9cd377d0b74651e67889617dd183aa911b83892ec7c16ff63fa21a5af754abc17967a2b1d20b6a7d95a2a716db1d5ff2

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 4d498fb34b90cdd1b2c34210f27e9ed9
SHA1 a8af68c7c11beddb28de0b95f178bd44d4f0c1bb
SHA256 01d26d98a86dc07eef2e29881a74ad808395dc3f7d740b0d67a3ed031d0c8108
SHA512 8f0f17ba84c08fbd4f9e861fae4ac843aad9b8754fc54cf22c6907bc2b762c63d65584fb32a76b4f62b48f8969bea08e17f2e7d278f922b3ae33ff7fd642a5f7

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 c7c3e2301ec9bf1ed55d7658229fe58a
SHA1 fc450d08527f96c6f710c9be1e1db03b925a0c07
SHA256 e64dd8219cedfa217cd1e4e7e6bc862b21fea806a31232bd25645cf66731564f
SHA512 11f0ed13c1594af9f24c7e14c94c35f2c7add2743b08f377a1d03d63e2c1c353173919bab628490b757b245bba7c9c800cf27523f0aef57783e33e1af15077d8

C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

MD5 0eae912523483b77c66ebefaa361fbcd
SHA1 28fc9c46b610ab4b94ee4e6d0c33d5b155fb5175
SHA256 cc3c1308301e3916a9bdc0c00aaaefc5f4e5207b4626364500d30d7d977d3a9f
SHA512 d302b81a4f7bd9a8120e437b9448b36760cde3ec061b971895cb7ebe08ed7c502428302effec80c895237719323bddec585526665fc7cd8e2beafb67d7abfb1e

C:\Program Files\Malwarebytes\Anti-Malware\mb4uns.exe

MD5 bafe0316a997b14cdfd91ea213c67542
SHA1 5f15257200374c7f3fc7e8858578cf2edd1fc58f
SHA256 08ef4e9363d8117bef551cb3ebc1370c066ecfecd10781b64a6510b7d2d8247b
SHA512 931fa97c40e7a8822dda69af856343effa794e304b3d22f8c5489db1b05440c2d84b9dae37a0d0429987aa4f0dd5b2399fe228b494efd1b8c27c12a4a522abbc

C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

MD5 bbc2f701f6397724ec997def851785c0
SHA1 ca16d57b0defe2f4f0bb4d14bea9baab5bc6874c
SHA256 083c0d95f234f624559e19a3be6de5bd304e0d0c43b68a78487cf01240bc08ae
SHA512 d0efe173217fcac12c0b1c366b7742ff8d8eeb4e8689b73562e5b1ec57427b0b94b249efe05d63f8b14684a1a46890c9f89896b01882ab31bb0a601d13b7a49b

memory/1792-6041-0x00007FFC3A990000-0x00007FFC3ADAE000-memory.dmp

memory/1792-6042-0x00007FFC3A420000-0x00007FFC3A98B000-memory.dmp

memory/1792-6044-0x0000021597390000-0x00000215973A0000-memory.dmp

memory/1792-6046-0x0000021598180000-0x00000215985C0000-memory.dmp

memory/1792-6048-0x00000215985C0000-0x00000215987C0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bbb3aeb35b619f0238aa18e86f323e69
SHA1 965c89fd3add878c776fbecf9a1fa20c4654d59c
SHA256 a67dd3d1efd9e435309c8d30b21e780bda982a8713da2a1ba2486d952743cad9
SHA512 afe6e768fbf2abc042d01c9222f6827c197220a02322fcf4cfb52777a651484657c5e2e0ee64a5ba751bf9f271c20e9918096ea2721c3c4b21a6b746a38865d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eecc3247e466c9a813763840e7f6d56d
SHA1 83f4278efbba81257c10b071a73de7ef027390fc
SHA256 931e5855a4e56dbf6ccca185348a284581fdea718ac31bbe79bb5514db9b967f
SHA512 086fd005ebf951a691a932bd5ab131e85966d55392d5a64d04a983af93cde6947461621135cbd7a6ef914cda65e6819dc25a54e07490058ad19a59730382dc64

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 427426d839c90f5a4912559cb41040ca
SHA1 4c02ac8037e06cf2ccfdb5840fa13b5e34827abc
SHA256 9f0782e9dcaf8b79c4d4b8db10be5bec84d378b93a69c66b23a9998929c9d29d
SHA512 a560dfc5de51c542b63ccedda9601a44ff386694a19bd388c949099ed3ee1a81e3f1a60ecead2627c15cb1802f52267d2e301eb8793f415f33cf7c542a0f3aa6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

MD5 7716e124e19760049484d1bcde4a8af2
SHA1 51d50c9e9b7fc658c1316d1844418cee0baffa2a
SHA256 fa7968a9a888e1a6dc6ac6126b8edd6e73974c2b0629f669bfb74916f0e7d534
SHA512 1ed454872f7b74892c20843446f914a6b0b985d6bc7579130188a07aca8c5fbf0a8759fa63ae33649b06001191e2637f55c22661a5c55a259971b409662be00a

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 bfff945f5781a4b5dcb5b15aa00147df
SHA1 ed0c48f431ac75b445f13450430ab1556c2c1c82
SHA256 6ab9389cb8fb1597652501fb6fc929183a8bd0eea325b149e4bb739b1a119777
SHA512 cff6caae191205a223c121b23dc2afb77e13d155b3a52b7aa3d0d7982717dbd8587d92b537ec14d12e0ace8c6bedf47a69cd6d37c8f6333d80e8fe55c279a6a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 4ab212d67df0d744f74a6f6a257b2653
SHA1 7844504c6b52741b4467b98856b2da4d2e276630
SHA256 6b5ed11f9d9bfad094e0177b6339804dbdccfece80ea0636343349543ca69c63
SHA512 49007eda96079f2a85bda5836ee21c5e9e1812e4b2f286551e6935bb61534981b4df7dbbdedc6c1fce487406b934a674ef4dc69308bca6579b93c9c220065e6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 f75024a7d56d594307f8960513ef2caa
SHA1 20bf6c585e8fc8013905aebe71b3badce53f2807
SHA256 41fcb42cc04ac80cffc4311cb331c6dd07963390b7b2cc313ef50117c7ee6b0a
SHA512 02b7e216976a4f6c60dce92c7d683ae5103b6b4dd5b0e7ca7b833149c5d07d4209c3be42d66dd46ca204540829449cd7d33454f360ca57dd4f0d8024a47c6985

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c6b66086ea9770138cc1bb58adbbb3bc
SHA1 4f46317ffb788d010e62cbb5882832ce2f663458
SHA256 eb6c776763f6b772a273ab669541bbfd29cc5ecf4bacb4152924a3ca00b5bb70
SHA512 b0800d609e2b5d4f969914e5af1f019d6a3d43116a4d1310989ae883c0e788ab2c1633c4b7ca0abcdcff82b35eec90598b60754bc01302c9d7ccab2a59f733bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ae5ba798a1808ef40c40d50d180401dd
SHA1 c275a00101cad330df80d64141462b069ada2660
SHA256 3b8ec97d3d84a51cef9e41c85af38cb06b86e605e7263461a7d876678a6c0bce
SHA512 1168de760443fc04629e409acc2e241503aa4ab0b2cb6bbe2b7647e97bfa4d5333e13a5871d50a92eb4f47a5daca3ac345c067170b24f802826593c6c4d202a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6d78bdba67a297a06080c1269ef10803
SHA1 51faacf50fba3efa218def84e66360a1e717aa7b
SHA256 59fefce194078c9eee27136f14d305ba0420831cba355edd9d8e8809f38d35f8
SHA512 841e63a65094940479a655928c5791b6830c6d33a962880c14131ab13eaee07c4285feda9515ca1dcf7a67721984fe0c84f54a9be406794057f6c3fe4f2070e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 72b56efc6e037acb1cc80c9ea1f51cf8
SHA1 44a5df07e560f35426c53cdb531df336644011eb
SHA256 1fdad9db5ad433969d5f11031a0d61ba1b92511562dadf6ecef548f987b953c2
SHA512 26839b320d4ab956c2f79db2ee95896b6b0525569384b7ba0e905bbbf812cc79204085d3c0922a8f43214e8195d7eff1e0d5efab913f9ad2d7b74337cf8f7fa6

memory/6700-6295-0x00007FFC3A420000-0x00007FFC3A98B000-memory.dmp

memory/6700-6294-0x00007FFC3A990000-0x00007FFC3ADAE000-memory.dmp

memory/6700-6293-0x00007FF75F7D0000-0x00007FF760DC4000-memory.dmp

memory/6700-6298-0x00000209B6950000-0x00000209B6960000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 8525b57003e321eabe68faf8dd9f359d
SHA1 c99a2e3aa585cbeee218c4fd852d0da18c97222f
SHA256 a396665b78ea6eec4f33f4397b2fed68b15bc9abc8ecd7976d901e239093c856
SHA512 83d98ba1a9beecb265c03a8117488669399956c735503211e14fab1fc4e1b171ded21283a30cf83090f33f72c45250a4c50077b10d6524133a24f8363ebaa8ea

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 55c99b20b35b095a1a97b2821985979c
SHA1 18271fd520391199dcc95b8521c2e8cccb8eb28c
SHA256 5dda11852ffbc8cb74d42da4701d97c0cea0ac04b71774aa982f09fdf3f46e86
SHA512 32c8019c91d9839ccda7fea33faf73b20ec179751259c300322dee2989efc93acab4f9692021e8b5b5f9811064240b1f753a0f3362ee0a3ac3f1be591e66c555

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 ef454f055d6ed49f32c513e77c632d73
SHA1 0b3846a171b5001ab3b42c977553637f566bfb8d
SHA256 ace285a294e386c4c24646ad42b82ac7e1cd643e4f05a2ff6b0eb0a38b53b6fe
SHA512 778b4950d048200f4dbad100b62c01ca945c60b34172670bf6bfc4135e5a77e37048fe581d15c125e95bdf0b34f9c17364f288ff8d7b1fd1a01dbdf585178431

memory/6700-6468-0x00000209B6950000-0x00000209B6960000-memory.dmp

memory/6700-6770-0x00000209BE7E0000-0x00000209BE7E1000-memory.dmp

memory/6700-6771-0x00000209BE7E0000-0x00000209BE7E1000-memory.dmp

memory/6700-6772-0x00000209BE7E0000-0x00000209BE7E1000-memory.dmp

memory/6700-6774-0x00000209BE7E0000-0x00000209BE7E1000-memory.dmp

memory/6700-6773-0x00000209BE7E0000-0x00000209BE7E1000-memory.dmp

memory/6700-6775-0x00000209BE7E0000-0x00000209BE7E1000-memory.dmp

memory/6700-6776-0x00000209BE7E0000-0x00000209BE7E1000-memory.dmp

memory/6700-6778-0x00000209BDD60000-0x00000209BDD61000-memory.dmp

memory/6700-6779-0x00000209BDD60000-0x00000209BDD61000-memory.dmp

memory/6700-6780-0x00000209BDD60000-0x00000209BDD61000-memory.dmp

memory/6700-6781-0x00000209BDD60000-0x00000209BDD61000-memory.dmp

memory/6700-6782-0x00000209BDD60000-0x00000209BDD61000-memory.dmp

memory/6700-6784-0x00000209BDD70000-0x00000209BDD71000-memory.dmp

memory/6700-6785-0x00000209BE7E0000-0x00000209BE7E1000-memory.dmp

memory/6700-6786-0x00000209BE7E0000-0x00000209BE7E1000-memory.dmp

memory/6700-6788-0x00000209BE7E0000-0x00000209BE7E1000-memory.dmp

memory/6700-6787-0x00000209BE7E0000-0x00000209BE7E1000-memory.dmp

memory/6700-6790-0x00000209BDD70000-0x00000209BDD71000-memory.dmp

memory/6700-6789-0x00000209BE7E0000-0x00000209BE7E1000-memory.dmp

memory/6700-6792-0x00000209BDD70000-0x00000209BDD71000-memory.dmp

memory/6700-6791-0x00000209BDD70000-0x00000209BDD71000-memory.dmp

memory/6700-6794-0x00000209BDD70000-0x00000209BDD71000-memory.dmp

memory/6700-6793-0x00000209BDD70000-0x00000209BDD71000-memory.dmp

memory/6700-6795-0x00000209BDD70000-0x00000209BDD71000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 c5ed3625047f7af72fa7db42d50d1a16
SHA1 aa479142d08304d81be205ce8d2d2b63262ab050
SHA256 d9572c5af119514d4bdf342d2909bd8635862a045a183487e65572d931bec331
SHA512 a2efa82ff7d43e22004d5c8dee8adccef726ab707990025c76b4e4afa1391f37e5315d785756fb6eed7e520add5c8c615ee33e7ff4d5ff761a2b3665334cb54b

C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json

MD5 917c8a6e0ada74eab3a82920f067e116
SHA1 f6ac9c42d3fec98b9ff7746019b94d174284fa0f
SHA256 cd5f1e4dca541c8e461c8b08772db860da0c3bf1389f86db1c2fdcb2ec7c84ad
SHA512 9724a769cbd4791ee38ad751315f990b7c26be29900346089e444f15a912ad04429e535bb5399d1db4c0fd0a65c03147828e7a7679c4b500c53195055ebc008e

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 fda9ece9c1c252ce45ba3634f4d490a8
SHA1 1b0d6d0cca8cb6f30d4f96260801c00a2f8479ba
SHA256 3125a5e1a3a2a6e34100d7c92722b9dd0a7434bbe82a0c2c4a5484f116badd0a
SHA512 7d2af15666edd53ffb75c023387d9bbea007c423b3e14c4e4ba109404177744286427173407d12b17302c9f48080225987e7bee95886d68c7d81a68b53fb261b

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 5c1e2ccbccf89ee11017faab9c0832e3
SHA1 408df1536979725662f81c9eb50b9ba3efb66cee
SHA256 73b487d586934c04cc6168f7238968e21ddd5be880b0e65b60c9a8483fb5c3de
SHA512 f23ac046b9da56659c0b421cf9dfd126cc552e40533155eb96c6064c83f9665c8c269552c83d4f6e3cc10cf47c3959de237f23b35e402d5600f81c2238b44932

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 2eee9f19f8e329ff6ab97cef108efdee
SHA1 cf335741da84d952cf757f9830fdead1d38e5ef4
SHA256 2ea2bbaa267d845c5be28ddf457ff91ce7335f369a29c5c644d1d5a81ded9500
SHA512 03675bd02447bb076bafe88667ac0bb07ea0afd9690dc23e7172e954d88bd741729b5c2cb5f016ab72ec26ac2de5d563f6e1db24fd2eb0c2cf9ecc8684a4df1a

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 670683d553e55a78cb24bef4173b659a
SHA1 67e548645ae9411b2b2777ca98a6f61e1522af1c
SHA256 5f704a4681e896943d585605d0717ab57cbd7bfdcd0d63a640944060f5981935
SHA512 404e714c7ba70b92441379c232059a716b8dbff75de241a2d2b9a6545237c7752ba898d150ef2b9b68d929220bfa7284f084325e13b73aae9a525e387baaa5ed

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 c1e6bf8432ee4d8b6124288675bda4fd
SHA1 5874bc2e84b8a35aaf4cb47614c1bf1f8a785831
SHA256 86ffc27e426654a3a156afae1aa473cfe1b04a69b879fe60dcfc384109dbb51f
SHA512 6b074455261598a53b59d89371190f0e00f6f0ddf45c1f65b71e9fe0d0e6e7b10802582a6277a9cff82b53286d4920702450b47a604e654aa24a96bc72016b97

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a712c324879904b1.customDestinations-ms

MD5 2933c3373eba7209a402ec0acbc64449
SHA1 f7fa0a60eec2364db97301a4b9d38fe34e86f996
SHA256 64a515928e9e5600a57c80e4048a55b32a5c5add6af1f0fed7deee3a27fc818e
SHA512 0b07aaba149157266c55db8877b2dcfd9c468db36cdbdb00148794bce292753cccca34714993548b9be1774032b235bb9ce4df90e2bf42fe941edc64e867566c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a712c324879904b1.customDestinations-ms

MD5 464ac1e16e54d7504da38a56bd2e9133
SHA1 f8c7156d4bb012b4b7ad27acbddda5ba706b58fa
SHA256 9d41e6e938c381ba18048b441ce4bb3b228c05330333b6b5134b66ebcfbfbcdd
SHA512 358b9e7f1c6e763cd5d3ba369ccda10b79ef8379a50bca1d1d4d80904040c94a4611150c7440e272dd838ab487c030b678d04c0cc4a29b8e0f0f4fea79eef625

C:\Users\Admin\AppData\Local\Temp\mbam\qt-jl-icons\209b8c531e0.ico

MD5 91a74c169917bee7cb2c8ef9dc74ecbe
SHA1 8633b44ae58c4b201078114d925f551b36c549b0
SHA256 1e5eaee00708bb44d5d053ee25da5b273ad855b7f49456268dcdebac5d5d5710
SHA512 d5274c14e4f1aa99d5ead0cafa5f42fad074092944d6f48c3fb0cc6a311f958f97e23fdeba3c5639fae0751f692f9e5f85dd065baf2638291f2ba2a42c4afb72

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mwac.sys

MD5 1e12dfd5396809da1c6cc5bcffbea079
SHA1 db1aed7c81a618af1053e8c20a8f06facfc0835c
SHA256 5afffafc7392d7e587228b50862cbf2c435e45e596148fa05ac3c2d0af7721da
SHA512 cbf33ba1c0af4ebe85764a969a8b60fe3e65162f6f8f4eb91790d8aee4c09a7d4e8ee6a438116103fbd966ba2c377ce538801140402711543c402e3a7a375462

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf

MD5 e5bb98e4d7adf79cf7355aeb4a12d3c4
SHA1 c2996909b98b95863d54c6a2f7843e5c05015596
SHA256 1f2ec66c3947802dd97abead84d71bacebf84e4a2e871852cf5291958d45a189
SHA512 f65ec684a21481c66f4571fec4f5cd17fb629fbc4b5fda88bfe00ada30573f3c74313311f5e8a164709824b8033a60fa2ae0f1643d0ee3ba8ae4fd558709aa7f

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 d603236d3713e8033a88217c54b61a53
SHA1 f0ea747a89dc147163f2171ae4b69572815b98a9
SHA256 08a1d20743258b4a62c425f201868013c5f474619ee89ea8b812d7acaae66527
SHA512 5d68dfb6c87473ca3ee9e82ad03601b7fefa7cd8acae5af0007baa6235214712e5e959849bbdfe0b3a8b67be767dc7daa63710ef0b132336e33ad15a014cf830

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys

MD5 b97e91c67832f1ff52fea79bae37372f
SHA1 6b7d1151878730cbfd15bccf19026df88ef84b2f
SHA256 85dd0da0b7340652038c46237c14309bc8c34107353050facf552805f7d7853f
SHA512 d1c012bb4dbb368cd149a49fa52aa5f9ae546956f86901e4990ef46af4b658680830ce3a0b3a52af5dca2deb86d2a5567eb79e968e84e5588dcc8a81b8f452cc

C:\Windows\System32\catroot2\dberr.txt

MD5 4fc5bffac3d7194593bdc135e3beeff3
SHA1 b3237c11e8b7af251d4ccc0da7ef8117342d88de
SHA256 eb598fee40340882e6343054bc91fd30c89f461246401935e873167c4a8bb04e
SHA512 3ce5122937da8eec383719f8fa1c0c1468889bcf43fd4990d2fda8e9d8b2340eb4330f3818fa41916e42c947c84e6efcc4cb021962bbbd7fee6f1de3e7d8827a

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 67e31560de4e7359e5d7c8cce2f5c35c
SHA1 d35801185ab806d0c251c1b280cc09bd86dec33d
SHA256 c84861f29460bd3d5c24c52d9564b7ecca3ecc55e4ac66e2a892c929ec0717ae
SHA512 adca059533a08565ed1a1fac26e2af24294efadc357bf49441288ab121f8da2762f5890371d9205e784b7a948f553dc0afa314db5595ce0717fb8c475c606b26

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 96e5b0378ea7eea5beb9033575cd940a
SHA1 185dc66a14fad76beba0c2f2967b9668684bf366
SHA256 df6173644750da1475b26b75b70f310babea1b959e73502d6f74abfc14ebc5d8
SHA512 0389d3913880ab806316f7540297aa09a6c51e3255cefc910c396d326b661ab47344ed90a6628de3e9e4340eb61964dd9c5e664624b352377cf92d92b493b42f

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat

MD5 dfe383b7b48853f4c3dd383fa40de764
SHA1 68066a7ca36ec32699e645fed7bdb33be1e2b395
SHA256 552a30fb8aa05793a5c78028c3e1ff9658b1a7c831c5b60a5c74a10f0f1127a0
SHA512 21bea8f59bb7f02a52e16b5404ed522b6d1a8854f7ca6c9d34031bb02ccef11b0f1a53e36fb7031ff943add4028195d92de0732856465b1ae3498e1e1e50daa7

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 80c2e408fdcc5a6f04e0a97507a3fed8
SHA1 1bd6ea80de399c4faf04057da94ff9098a2f1938
SHA256 264dc56a7b5f01101e670d9ad2978730c38c1119f469e1b5c8180882f067c4a4
SHA512 26207f47794faf35e24b7c38718da5c0655abd414ca351b4a4e195e57241eb28ee4bcdfb51e1cca091444faf47f3c7de87a0b7bb88569476053953ebcb8a2912

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 4615641eeaee9e80e1219ed3bc7fd65c
SHA1 a7e997ec062dbe58dd445d0f21504cb139a36be8
SHA256 dbbc59fa8611fa6ad80fb55a65e425b4bc1427993b825cea84bcfe5ce006e891
SHA512 789e979855baec4ba96536e217d232839a33a93e26f5c12557a87f5d298c888a747468d888dd5452608160b34c24a8b3e66b0db31f5f412ee7eac543675ee175

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 1ffbeb3086b2adb4df2e3b29a7f3a703
SHA1 1c7106d49f8e305e4047e97bb99c4d875c2e6946
SHA256 8e57ed9989b1661c1d5110f5e018f1adc1b5116e519eb1f4b8ecd26858a215e2
SHA512 89b3c4a6820117e7ac3700b96ac67f5f393ea7a9f92f16dab86aae67c60635e4afc0e2fbb25ea196c40bdf5f50c57f1a9e9312c366e0a5273b5edc4440a7e21e

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 9f2c1d7c66901edd03976d0fe4c63e09
SHA1 e3ed31cfad9708685eaafb2bfd8bafbe70a58813
SHA256 cc13fb633c69eb02307043dd13e7bdaea1a0432eac3a027b01e7382af0f9efda
SHA512 48b9ecf807c2a7c8be3b951ddf45a6875a79267a155ff03323fc5e8e7a7a51ea415d84ac959fe1689a7c23df2f3660c45ce1cbcdf292d604d751a9a55e6d0c83

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 2ceda04e5a26460590ead93f4005194b
SHA1 d40f13b97f0c7c3e425dd3d15fbcbbffb670a9d5
SHA256 b17cbea4d806489d0cdf4e34edab8f821ce1288e4ab7a83dbc24decc08e275f8
SHA512 78817cab3285cdb5fdf9e1a509018b5c239128883ab420602de72166f167f956c8f438b540b7645e69675b3363b65bb4f97e09725e59918cd5b0c2ea98537e11

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 7e083364d95bb5af33e2c6676b1501c8
SHA1 1b7bd64e99edfffb47e65e32ef8d89d69fb9c728
SHA256 885b147ea12dedddc1afbfc092f8128c0293463e94331b9abde37d16cef09a35
SHA512 098096cd8be9d57fd8403d2139953750a6a67af4bc26459ff34080fb6ee49bc025d974a5d136897cdab905fd8a6740bbb3c272d8144d7cf48b909b8868f403cf

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 2eddde241858c41971c70a55e7ef299b
SHA1 430c08d54541cb1da765d800fe0f230cdae8e4de
SHA256 b39ddcb27b29fbe0dc9899b9cb103f443a33cbae168b908527aa6924ed47faf6
SHA512 9c04c0a80b76659269ab14617fc4b428f64a8f86bf25a073cdf36f78e47dea04d74b25d1883ca82154837ba5740471ba395e770aa98787a6416b9bf90c654e19

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 c168306edd551c919b4bd7696c1c878f
SHA1 6dca27053310f9772c2f775b2c4d99ab5495cd51
SHA256 f6881f680c1cc01d0ca99958f933ea3787111a380641723fd54682c31ea88d07
SHA512 7b7b7df51889cd8db4ba299a4abc249a30a9c6323ad824366cf06c13bd72438f42dead0c319dc892b9028699c6405559f9ed6b1c7dc8125a82359d45fb838150

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 b6028ee2ba817e4cff4f968f9e48ef6e
SHA1 7e271ba8b6dd7c74044747e3a4d255230b57b703
SHA256 cb362e019d069fdbcb277582a5c88fd30bf999ec567f1600a0a874acea3dddfd
SHA512 75165e9ddd0be7b48a45175f192849d7c2f4688e01b9139d2a013453df209aa0410a4acf887067b35bd606d9ce5ea8d7b571e12cb040565cc490214fd587f6c0

C:\Windows\System32\drivers\mbam.sys

MD5 4b4f4a100699d1ebe7f98af1411f6dd5
SHA1 2490765c943e059bfdadebc300bba0e9dfe63894
SHA256 9db95a82528f0f554677825dd50fe186f36fef26cc6b627afc82fd86a5803b69
SHA512 d6961baf162b3a9aa63365402d08728d6f832e2af07a4400abce30681b03697c561a28f8f35225b024dd454ae7e3910b0738ea38f89b230b472f4e88f9de9c37

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a712c324879904b1.customDestinations-ms

MD5 957c511db2d1102091e8183dcf77e4a2
SHA1 0cde89684df009756b8e65cdbb19625c61d89a15
SHA256 2698a2f1f47ddebb165f1172e62f19af733246085395de9d962680642487a931
SHA512 f65b8ab6bae62fef1567cafa30fe3238bfd402729e0138dceb46a2b2475a33834be444f113d24b4f5b5b0b21642fe6c604610496e5be4fdf38e9754add64bf4e

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 469d0d6ad604c40da25fc90d2f0db9e7
SHA1 cc402916c60c463c7a5a3f72288dc30c6a07ea07
SHA256 0adff348ed2d6d934b38f9527fef0d2594bcca273e42e91b51955e7a82ec076f
SHA512 294fe19e88495a3613b8c1cda7042f4b601a360c500193cf2ba8ff5fce2dc27ef21f68657e31e6640b36068ce4044a8b4f33c287c85d720587f59253848806ac

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 32682e4d1322030934b023bffe042cc8
SHA1 f619f78b91f427888e7706026a0f9b2728911142
SHA256 dd201a472eec3817e32d6b455be69b198b9cd20baf48083ba8576338220e2ba9
SHA512 604aff3610fed4651034edc10669460f340275aaca05e52c6646b290bbb43e5e9c9dd6a70a2f5c64860ab53c18f5afd9d28e9db424726f9369b532618ebb54b2

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 834d31f79fec1e220ed1ac43f5cb86ee
SHA1 231900a2087060e35ed84aea7995128e44b2ad61
SHA256 a400c6604f2f9b2362215432bb691f5a4cfe22b9162153aad68536b737c3c7e0
SHA512 22ee0c4d9b77bfe5db1371d0f2524e4c6e2fb5d72b34f5522a2d998e89eb2e427258077ed9a19496b9b6e6e173e6b139950fdfa21cf1e2ec552cffcef6d63834

C:\ProgramData\Malwarebytes\MBAMService\version.dat

MD5 2c4095208aca839779e07bb745848cdb
SHA1 dd4a090eca0cab787926fb4f14d38b12a3536551
SHA256 ecf87b15cd6650c0792df0e81c71b14379358f5de9ec97fad094fa5871ea5a38
SHA512 1b3306de83cea6dca6e263b3527d9374cbf4a4901a11b25d44cd66896dabcccaaa885100c4f9f6148937e438076ff0b7e5fa7ee0a302db713cf6dfe06853489d

C:\ProgramData\Malwarebytes\MBAMService\config\IrisData.json

MD5 532cc5088bbbd120cd040c3d415747ad
SHA1 90c29526bba460dabfaf05b1c4b68062a662577f
SHA256 1a6c18da9e47f5ca611a04ac0a45676dcc38847aa2846a64c8f0e61aac95356f
SHA512 0c02b3269e4e65a229bebf4843de8ae3abaf56d43eb5dd93749904018da2f45ad345096aa674b396a84e7bca433a12404c88a9e0627189eb8cc630928696579e

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 7c7d8299e32cc5c7aa29295c04b297bf
SHA1 c60a796ce7fca72ed6567c7c4ac28c78faafb94e
SHA256 18e872c7aa71255c0b44c8a5c4026ff7dc60aae5481a452ecac2ea278a0b3589
SHA512 79247e052ce06eeb6d7f8abd5454e5ac8595f071f4bab91a042fa8e1875da70fdf51a7d81fb61c908587f03ae197eaaf1715ebeb3a23c82f867f5e810d0dc7dd

C:\ProgramData\Malwarebytes\MBAMService\8cbad29e-6c0-af1c-10b82ec1f3a8457b

MD5 856f6ba813d0bd232817be42d277fe0c
SHA1 a9f8be1ce91f9b8fa7e967ad30dc5c50cd6b9b5e
SHA256 f4fced4fbba70a23e261cba1b765d734de2cbed3c8996095117375906f6b8a23
SHA512 f5f88a23541f25ad880b30758fe835001a2f2fa1668ff524eb7e7d6c8c4e03b6c319101d5cd7e7a0117bbb648b7e2543d75c823814492b5d655adade4bd178df

C:\ProgramData\Malwarebytes\MBAMService\tmp\1ca2b526d57d11edb0dde27224d40471

MD5 6e80bb5f54c405bbd93139ff9f4d77b8
SHA1 7236307a8c6d45c3ca1a6301950706461e1951e9
SHA256 1405ec6e44b34df5af39f13bf0dd9afce01d34a9f278a2710316d02498278ceb
SHA512 c359bd5b51ebbffcc24d9d71bc5e2462568f4c786ec6241084af49eccd594277c50103b78178f07c76df43397e3b43514349156f0b18d3db986db40441975303

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 13aaa8689ebe5681a5c9156b76df0c89
SHA1 b82ad0183f9a99e834f5f67b112db4ec4727a5dc
SHA256 890efe71714a2504171153cf4a05c62329def5ff070aacef9829f27698058615
SHA512 84641261f16027ae43641f14caa76987bc4400ce57410b246547d984c87b6eb2d7ee33343041d56384300d3be9e46614456d0170b453d5830a694bc7a8a86ef6

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 27c17be07c2d4755f5bce89cbe7731c6
SHA1 a7ab46f75a63af8df70d5facdf406c98e32888fe
SHA256 ffbbcb186fecb87e05baa2c7029ab6023246d73b4cd26b9b40ac84031377dc27
SHA512 5b9d4453b5c5bafc6fff1717098c9d2e314c739cd6a695434898eb56b4c7903022b622a3395401fe4ee14a17b1e3f674c796ca47aa532c9110044940a316518c

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 d2e5d2b1ecc6634012354bd77374277e
SHA1 0bd723ad94bc1bca1d9fb1bae6e429f7c20a6539
SHA256 c22273a971adfaca572d355f5f106f8f00395cfed6b2e97fdac10a8c918d1181
SHA512 cf2c82269f00bc15c816e82b3b7237bfff7133105faf53e52e6290a4f758aaf5f2eb1112ef0b8157eace8a795b4b97f8de5cad30a5fb67b4e5f97d49cdbe0c06

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 5ecbb3a448153b0367c58abd6cfc3053
SHA1 b377d8b5bf5ec68c5b771fd90114ee279ced42fb
SHA256 71c5b4b26e371e4049393aeca852849ec10c8c872ffdbe0c2f1eabe483279511
SHA512 5ae052f51f40236e734cea923dc5e11cd30c9e459b336d898dc53c1ddccbc87efce54eb6ad8d5f1f76f7b06964ae129ebf78d3f8b0d0b66a6ab310b610494f42

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 3433f1c0a49dcc6ba0f413dafc3dbee3
SHA1 fd7cffe0b7eda21b80e922dd937dbb559ebc98e7
SHA256 c6e95948d06f387c48073e56ce591f5753ce6c38c0ae33087a77aa3c8118b33e
SHA512 8f6bd414e47c1179a84bb6303eb510f898ecdb3604f6912252b873e0440f26987415aa04ea7263be935e88595ae9a5250f26255b863a15b1e9ec56e89fd50f61

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\ecd1e4d4-d57c-11ed-8348-e27224d40471.json

MD5 4a6fdbaf073a801868a8ad66752afd80
SHA1 cb4b6ee81e1e4e74a1225c20e9c71dee2e75bada
SHA256 9e0bb07b8b2b6f5ab19a373ad5ce745e922f69684514dccba5752375f8acfc0e
SHA512 80c5170b66628268c6abf028df066b7fee16eb5b1653e96d17224c0f644638263d989a2fce817d73f1bb0a00ec4ab067e2376bbf467db8fb69c3edb9478db3d4

memory/436-8710-0x000001921B5B0000-0x000001921B5C0000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 63b0b340230a82fffb3abaaab0ead8d2
SHA1 cd44d4814ce3b46b3524acd2598a2d79f66abb09
SHA256 13a39f358d4887600b98808466a5cda331c57ac22b6717a9fa380f0e836d285b
SHA512 90ade58487229de1aba65446c0ae8b54c9d5d92a60a93ce9a27e90c92187a3a0575e3d4b635451794fe97ed0ad63cd9505dd01c60047f38b5f0b87a1fb3aab4d

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 ce52be2636864738c5e6fab67facd182
SHA1 f8bf290ec35e05e4abc922a09cb4403d4acca451
SHA256 e5cdae4acd2bd0af4e5f67e4a18daf92bf003803d3ed2ec9eb7d867b251186fe
SHA512 59cd4f90382d69f8af67efc0e028eeebb4eac8f7ec67208cdf9ee8d049d6a133c4cd13aa47b3ab16265f91560d8470b82a82b6a067703a6bef9167083fc5719b

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 adca88e5d06b14d187f91e8337770947
SHA1 3f415da754e8808bb0892d0386ae847bd073de73
SHA256 47d4e2a4890c3e47c32fda30ffe6f191b6660516eeb3833d135dabd5aace6c8f
SHA512 df1d1477b2409581b5df59918a036fdf6a2c517544b129120a0d8307b241986410ac845e7ca6d6821587a9fb6f843cf872bacea6ef65c09c02c04c848f3f6838

memory/6700-8926-0x00000209B6950000-0x00000209B6960000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133253706672806482.txt

MD5 f0aed622ad593699be001588bcb7b0ba
SHA1 fd0af8da5c3f21663d858b2b4339d5f94a5cfee3
SHA256 99d2d79fbf5196399b5967fdadb0e2f5eef4452e7bd9c1ab5b2e92d76e589bed
SHA512 a4c6d32ddccb1cc280b4203510c4d193605bffe7eeb8dad040fc206e1598f3434a45017fe1902e2b8ba71bbcc9f6228f7d4a081c1e88883fe94b54f0d0a7b5d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a3354bd65c32f9512218cd7f537e4855
SHA1 6b080f53434a169ee879e36fe15d0b5f2e0bef6b
SHA256 0bf1afb6b411f150b0da1dfde9ac5959532becd4926014deb9ab90c249df3e72
SHA512 61f6e275acf035dd259c5a3c0fc26de6cc1c21fea843f4dd988b39fffdf0101222b749af4233b9271851acf8ae40087f113639d90f2e3d6d703b8697a999f476

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 addfcb8f5702f26cc0a4e4c85ebc701d
SHA1 366d58dceb5eb5b2a3453145941c57806706edbf
SHA256 d0fbd0cefd8eeab5f05703f8af0102f017d9305c3152003763562b9503780ff9
SHA512 6c936db0cb00334ab605d6d7136ab5e72f627d8b37e0232d11c028f415336742394b9d7e43ace1f8014e372b3bab85a48801517d3f3f8bbb5d4c6404692f10fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RUOQG7D6\mainapp[1].js

MD5 0360d3882727ddce4ddd74e19255543e
SHA1 860e14ced5cf672d9a9a9cda6d8c5a615b2d6f53
SHA256 d892cc587729259c16133977b7b201ef6563a65705df57c82203268ee8e54b48
SHA512 d9f4f272e0d76438879fec20b44608ba22249df437fb9d987fa1123cdf829a2f324f54671d4c4de6f9c668c9c5e34b7a6a1309288992f937df2fb142c4ed8b0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 388c98df000b7b3560135b095ff1c072
SHA1 3ed3534cfc45d2d548b80c63b9e3e89499440094
SHA256 f35376ac5cee87ddea4521d241b2b2f736bc26a063dd997f1dc9c56236a8a7a7
SHA512 f702a31bfa7a7a13b1e88ff58dce19ba8f552381bb408b9841f001d6e06c9c276e64394edcfecef5c7749fdfcbfeb89be4e59386b04bb20dad871ebb5a035f62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

MD5 ca7fbbfd120e3e329633044190bbf134
SHA1 d17f81e03dd827554ddd207ea081fb46b3415445
SHA256 847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
SHA512 ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3926408b2728743fd4a3e37708731021
SHA1 87eb55a74859dcd03ee2e24c89f6df435805472a
SHA256 be8c7513f9014738af9997723ecc704aa83266eed1a3789e01b500833ad9fb12
SHA512 e21db39bdb83ae3cdeb3b5233723100c923df680d237f9ad1e20549e1629f253e44eddb715f18dcdf83ceff1d5951747c8285caf7a28694e7ab26549149def73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a92fd78e21a9a1f48a6b9c7b2209ab24
SHA1 a293bbd98ebf4c81604cd905c52f2bbb7865e966
SHA256 6d1c12c47a9b77eb636baa56df75c1fd5d01ea447b6c673d492ba8296428c414
SHA512 1d29b016a47e3433464aa5ab7b1d069e0b11bfde41acf6ed0908acca962491d94539c302ebf36eea5cefb76fff91900f53cd1eff89a07089aae078678623e9c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4aa47f795b54855ff4735a369c5a401c
SHA1 332237c04097393273fb1920c8c9b2ebf4fec7d8
SHA256 0c27e639073ae871588486f3247ad4f8285ae6b41c012df8e9908faf46a57228
SHA512 a244b300c1694134e375edf8bc8842dc10bf9dda84d8ca0c23bb36cfb1a1482045fdcfab93a7d496b4b2f9f2336d188f310170d1a2e9a9f511a8126ad62615d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0e83d1b6d12727480bd348fe3aba08a2
SHA1 3929ccaa995865fe1118b46b5d14ab0c5270521f
SHA256 c36876ebf12603799aae0f72a1f01b0b9f8dd4a7ad701bc2d9adc823de99d3bf
SHA512 caebb79bdb49089b104915d17cb39ebb4e59366257450ca373945b0915312d7626be308eb3fe17cb8d6bcf5cadb55f9970d849c215d35ecaa3ad4f7e547018ba

C:\Users\Admin\Downloads\Unconfirmed 528458.crdownload:SmartScreen

MD5 4047530ecbc0170039e76fe1657bdb01
SHA1 32db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA256 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA512 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

C:\Users\Admin\Downloads\ccsetup610_pro_trial.exe

MD5 c179761162d3734587693e9919fd47e3
SHA1 76dcd71f5668998dad4cdb11f8302e16a85bec2f
SHA256 41dc94ba4daf2fd920b78f9ccca8a3f44eb9fb6540591fe7b59c818ff35a9636
SHA512 36ebb503c2b15a254d4cfd8e97a0170ba3803cf0e30af8cf30a63d18285c94324edd85cedf9cd26855d2af96ce85fd2597e3c413596a9645de889e58b3d7f62b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 512627e71487722c654ad53ee53a2ae8
SHA1 abb43ba73df6f6b780eec092bb9f5d95f4296f6e
SHA256 cdf2694d198ae8632b46d20277caf3bb58570bf9af02bad42b5947c6009ed828
SHA512 19d83f6f0a03b40213f07798d91487698c84e665711ddac2632a79733a77290283e381d559c6ef8ee38475bc0c92cab06ec041ba3e9fd78cbf427396379896ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 74667fb6db9da178a3106d3c666c539b
SHA1 3bc4db0c67878284b88ee45e899889d6b1b0e32d
SHA256 7673081372fa619da0a69fa1b57ba1b90d3fbe085ea3d52acf4a9515d3b2ba72
SHA512 7ebb51849c6d541982e67ae24d2ed9a24718fc4d1922f94aafd625c36646c20414630fecc0cacf1b03da29828199ed4001510529af26730c3192107db797c74a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4e43e57637d1ab1d960df4a1bfc47091
SHA1 9647ce830e849f22dec787b66299874335297609
SHA256 f13aa4c37b042c40f5f366df59c255642b9ca76d393adad17b806c090d8481ee
SHA512 2f107fd8094beca78940eb7ea5350a832312661407cb12c876de8f7813958aebdeff61f4617d759c2ac2655f0af9b849e4f92436412adf6c49a3e0e685a619e7

C:\Users\Admin\AppData\Local\Temp\nsc29F0.tmp\System.dll

MD5 cff85c549d536f651d4fb8387f1976f2
SHA1 d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA256 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

C:\Users\Admin\AppData\Local\Temp\nsc29F0.tmp\UserInfo.dll

MD5 2f69afa9d17a5245ec9b5bb03d56f63c
SHA1 e0a133222136b3d4783e965513a690c23826aec9
SHA256 e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0
SHA512 bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926

C:\Users\Admin\AppData\Local\Temp\nsc29F0.tmp\p\pfBL.dll

MD5 f8d1c110600144a9310723c011eeb9c8
SHA1 304e211607eb14e079956531e149e53db2930762
SHA256 d2b8a9d801e5c823be4c8eb9d721a8181d12f3b435d9c80b858d5e6074530bd2
SHA512 7656c865420724b8a77c5a4180b6a410c4c54e9f71f5938fb2d3549bfbd0b05e10f0deb90e532b9b0699e480133c410074ed58ae8f2f1dcd547af725e802eac5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fcb7a3466ff63ba0df9f442f32c31e31
SHA1 7a327059e0dae84e4a001b88b52e86df4e9e1655
SHA256 ead00899ddb7bda0c74e6816acf366bad1b7ffef8358a0c62a8bf8de697e0791
SHA512 d6afd77581140139f8d9b61807835e0fa8d07beb284d00c19f240ff22ffbbe9f57f51fc0d206e0a3ca9e87887f0c8a7865d9eb277162d65289135da50de8b84a

C:\Users\Admin\AppData\Local\Temp\nsc29F0.tmp\ui\pfUI.dll

MD5 d0ee52daa39b8b22eced053f68d5b765
SHA1 24675ba34154b43ab97fe27c9a15e8ed50d101b6
SHA256 3b71b214236e0fe464261e081628fb7d26fded5a08cca28820cf0a849310cd3f
SHA512 756f1628b40459e191cc96ffd75118cf8e7726764ca497504a0fa4a22a150347d1bfb993dd4c308f420fc57171eaac9ecba7b9761cb96929ba5f098ce56d76d5

C:\Users\Admin\AppData\Local\Temp\nso2EC2.tmp\nsDialogs.dll

MD5 6c3f8c94d0727894d706940a8a980543
SHA1 0d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA256 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA512 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

C:\Users\Admin\AppData\Local\Temp\nso2EC2.tmp\ui\res\PF_computer.png

MD5 7f4f45c9393a0664d9d0725a2ff42c6b
SHA1 b7b30eb534e6dc69e8e293443c157134569e8ce7
SHA256 dbd8b6fdb66604a0a5e8efe269fbfa598e4a94dc146006036409d905209da42b
SHA512 0c27f9ce615cbff3e17fd772ce3929ab4419d7432d96223b7eec1ba70953f2ac993404b954020247b52d7f7499212d44eb6f85da2e2676773cafe1ce89b390f9

C:\Users\Admin\AppData\Local\Temp\nso2EC2.tmp\ui\res\CC_Logo_40x96.png

MD5 d32b0460183056d3056d6db89c992b88
SHA1 79823e151b3438ab8d273a6b4a3d56a9571379b4
SHA256 b013039e32d2f8e54cfebdbfdabc25f21aa0bbe9ef26a2a5319a20024961e9a7
SHA512 3ad36f9d4015f2d3d5bc15eac221a0ecef3fcb1ef4c3c87b97b3413a66faa445869e054f7252cc233cd2bf8f1aa75cb3351d2c70c8121f4850b3db29951bc817

C:\Users\Admin\AppData\Local\Temp\nsc29F0.tmp\ui\res\CC_logo_72x66.png

MD5 a736159759a56c29575e49cb2a51f2b3
SHA1 b1594bbca4358886d25c3a1bc662d87c913318cb
SHA256 58e75de1789c90333daaf93176194d2a3d64f2eecdf57a4b9384a229e81f874f
SHA512 4da523a36375b37fa7bc4b4ccf7c93e1df7b2da15152edf7d419927aa1bb271ef8ba27fe734d2f623fcc02b47319e75333df014bed01eb466e0cd9ec4111ef53

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

MD5 f3b575c2c31889744e689f570e848942
SHA1 5a908d931b0d0841943ae379cd09b44714d5fa7f
SHA256 5898ef848a7f6ea94b80e13a525ed29dca304b0dc163d9eb85d0c00deb79c08c
SHA512 37ff934855412634d5e5887484ff15520a6ad4cefc36268e5921c945187618bcd51062e9378ad16fe3867c25372b4eab7096c57f5fdf21a9d9ee7ada77da10ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.log

MD5 0303f6f203fac7990abc08ddceaeb1d0
SHA1 5acf3558e01a0b98b96fda7f0bec9927749aeb2e
SHA256 e0d8f2f9cd526e568bc39fadb65c7ca8d463e4c08482d66c2bac7b5279a74f69
SHA512 56a3b55476d999711d815a8f2c441f22cf2e8dd4aa0f119fe1a53fa84975b3d5faca6d0b2d944c56c393d8827ee06312c372dfbe187e0d534cadef83995031db

C:\Users\Admin\AppData\Local\Temp\nso2EC2.tmp\nsProcess.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

C:\Program Files\CCleaner\CCleaner64.exe

MD5 2989ffd5783532fb2d49588c9fc8b1c6
SHA1 d5b87c5402debd0434c02b2366fc2de50f47485e
SHA256 9d4b19b0723b350860614548f2c8342802fc115acff93ef63b580db189e57c2d
SHA512 1e666a6fed67b8aa492c3ca8de023bebb8ea842f4f67512c9876628d0a9f14efa1fce3b1abec32b9833470040dbd94c210a97b9241818fba8cfcdae036d7185a

C:\Program Files\CCleaner\CCUpdate.exe

MD5 0f0b90a01f049665ca511335f9f0bf2e
SHA1 baf4016e50050b24925437864bfb3c19d0baa901
SHA256 4ad9635351c8e8579c4d4c2bdd679ea7b135ec329adc6fd5d8211255e2e666be
SHA512 44da936d020e857bf3bfa2bcc7a91182da9c1f320fe041bb2836d4e8ae99d4b939ea27842b49b9a2cd24e09c7698579617584d431a2b2f7eafdafa1fb9a59c50

C:\Program Files\CCleaner\Setup\51c30cbb-4b83-41d9-b3ff-652f12ee7637.ini

MD5 2af9f69df769f876f6e02da18e966020
SHA1 5d21312d9bd23a498a294844778c49641a63d5e2
SHA256 473d48a44a348f6c547aefd2c60dd4b9de0092e1fb94a7611bdd374783ef3b2c
SHA512 a4705e5491cf03867fd46e63293181bf761d04fe0cccb86e373dd567c68d646634f64ef95d5b910d2266468b93bf7cdf6f9acbf576c6f42a4ff6c3caa09d2274

C:\Program Files\CCleaner\Setup\54184456-faf1-41fa-bff1-dabde5d385f3.dll

MD5 fe6f58fb55d9a93502528c3c9bb13a3f
SHA1 516275dddbc9e2f056342201b03a0931d93a6239
SHA256 c427bcf6b065edf06662e0540e3e9a21c07095184e7bb9d05926dc3b79fc3348
SHA512 7f45f187d6c3156b89e2daf0c2bfdc60a59140ff94f8255fa672422abc43aa1252b0fe0fa0a3ef675f9e71c33b26424597c015db83dec7f5e20ee8769c61c619

C:\Users\Admin\AppData\Local\Temp\asw598b4960b78e2ff3.tmp

MD5 28d6814f309ea289f847c69cf91194c6
SHA1 0f4e929dd5bb2564f7ab9c76338e04e292a42ace
SHA256 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
SHA512 1d68b92e8d822fe82dc7563edd7b37f3418a02a89f1a9f0454cca664c2fc2565235e0d85540ff9be0b20175be3f5b7b4eae1175067465d5cca13486aab4c582c

C:\Program Files\CCleaner\Setup\3e600d80-b8d5-4d0e-8500-9decc97acb63.xml

MD5 a8500f686252cdd13696bd7cd4df2df7
SHA1 4b8e01170a0fab56f250fabd6ec937e9a256d9c3
SHA256 693225b1c379176971faeb9ac2b49ab64750bf309d617f0bed0f7d2744ca57f0
SHA512 9c00c10ae75a5498593c0ae43be6b77b13d68e6db8367401127dc72a3ce5678b0a5e52d8b8b768af611a157b39e4fe7e44cfa5f257ac07c273142865bbf73499

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9a698122-75b7-49e1-9dfb-13cd644ef7e8}\Apps.index

MD5 72d97cd8d4e600b590ca1af6c0c71b93
SHA1 3002eb7481f057ad4ba4f7b6b5d8d61baed86171
SHA256 a805732db788a59949cc07f84e3b38e734fe13c5a1c098179afbc01479b47c8e
SHA512 37d40cdd2dde3ee33ca96fe942b12ce84f44194e01344653a4c5895e3ea7e43ea21cae792b8b2b32ad27356bb1b4950e13b0db84db48548bae5ca3b639244072

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{8054e961-3cde-4d6a-971d-f07254c13430}\0.0.filtertrie.intermediate.txt

MD5 ab2282f6c4998dd1d39d294ff17096d3
SHA1 8f1115d024b81cd0e79955faff14dd762347abb0
SHA256 e22b8eb4a9b68a84285c691bfb72b92154e55f49348dfb4e3aa804efe968eb93
SHA512 65bf7e9101d11a6fe7507615da4b6084107f5c3c7e65352fc60f2fd0cdab836d8778f11dc612828ddab9cc2b77cdf69609508305805c2b954cbea8fc5beaa89a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{8054e961-3cde-4d6a-971d-f07254c13430}\0.1.filtertrie.intermediate.txt

MD5 34bd1dfb9f72cf4f86e6df6da0a9e49a
SHA1 5f96d66f33c81c0b10df2128d3860e3cb7e89563
SHA256 8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c
SHA512 e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{8054e961-3cde-4d6a-971d-f07254c13430}\0.2.filtertrie.intermediate.txt

MD5 c204e9faaf8565ad333828beff2d786e
SHA1 7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1
SHA256 d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f
SHA512 e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

C:\Users\Admin\AppData\Local\Temp\nso2EC2.tmp\p\ServiceUninstaller.dll

MD5 3053907a25371c3ed0c5447d9862b594
SHA1 f39f0363886bb06cb1c427db983bd6da44c01194
SHA256 0b78d56aceefb4ff259660bd55bbb497ce29a5d60206b5d19d05e1442829e495
SHA512 226530658b3e1530f93285962e6b97d61f54039c1bbfcbc5ec27e9ba1489864aecd2d5b58577c8a9d7b25595a03aa35ee97cc7e33e026a89cbf5d470aa65c3e8

C:\Users\Admin\AppData\Local\Temp\nso2EC2.tmp\ui\res\Montserrat-Regular.otf

MD5 27e50ffd6a14cbc8221c9dbd3b5208dc
SHA1 713c997ce002a4d8762c2dcc405213061233e4bc
SHA256 40fc1142200a5c1c18f80b6915257083c528c7f7fd2b00a552aeebc42898d428
SHA512 0a602f88cfba906b41719943465edb09917c447d746bfed5c9ce9c75d077f6aed2f8146697acd74557359f1ae267ca2a8e3a2ca40fb1633bde8e6114261abd90

C:\Program Files\CCleaner\gcapi_1680897187540.dll

MD5 f17f96322f8741fe86699963a1812897
SHA1 a8433cab1deb9c128c745057a809b42110001f55
SHA256 8b6ce3a640e2d6f36b0001be2a1abb765ae51e62c314a15911e75138cbb544bb
SHA512 f10586f650a5d602287e6e7aeeaf688b275f0606e20551a70ea616999579acdf7ea2f10cebcfaa817dae4a2fc9076e7fa5b74d9c4b38878fbf590ffe0e7d81c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d032eb00e08e284b098fb00837e95b79
SHA1 743be07ff01bda2bbac471f6d494273f4ddf373a
SHA256 77f490b883af345b2f165086a69d78f8107023e284102ac0b6fa0b812c7172fe
SHA512 a4c04dcb3bd2ff6ee3d279f54be91b49eb5dc04a9650bbccb0beca96b2b069c7a9db00b1af0d25f889068c45fea94c16bf4134566abfef61f0ac193a4fd07c7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0a7e85290059c5bfdad8b3f8cefd8f39
SHA1 876b4ce8ff043a3f2bff6b4d73c2e7c4d584b692
SHA256 e7350123bf4a7bc5bfb410d144a745417ee0d834ff5b0c7411aacb9f990ba8c8
SHA512 2c5be78f21f9fad51a851fcc4057ed8824ed448614eae130054e1e65b8ed98876669b22a3fb29a5a359a985526c795ab2283edc407472f5e467bdc1c9a0b7da4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

MD5 e1baf4e4420903441976b04e1beed358
SHA1 ee541d38bfd47af7727361940b224d62e4ffe37b
SHA256 bf1ef49465d81ad155608376702e2c95649e58166ffde2fbd1a8f0d6be029556
SHA512 c331b2bd167e36c7507496cc1c2816207e9ab3f6f2eb3031339368e9fd6c9cfa2197462b8f93ce194212942c5fc79dcb89e711d8bf6bc8ea97b01ae39de317e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9e6d271d13a7ea512cc3b156bd57eb59
SHA1 00759f592352f746fd3fec48df1d2c6c0da40854
SHA256 5ab133c5aff6db99e2fb4510c397033013ea83cfb44c4c71edd57c89aa07958f
SHA512 3b44fcf1ea6300d63871fc71b8bb6c0631d1233e5dfe377a918bbc1afec2a77a4dceafdd361f0ddbefd1aad90b74a1afb42efcc2b590375d7331c609dab9b5f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 f28b433adb412e58368a90a77a5ebcf3
SHA1 433dcf4432d5af37c2f7a9049cdbc78670c83b79
SHA256 c92a696e5fed43d0f324b41a8476313b6d367cbc9d533a64e690e63bb21b2f09
SHA512 3808fd0085729292b633ffa4c551c2b7dd1925907a5669be6f1e71d3c560c856ff59c85c549985f38c35e86127e5fd09287e4eee3711b6d9cc5ca34ce2e91401

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b5963fe8dbeca614b7f5b84828f0d72f
SHA1 5809c29b45b0bc51b4bd40ec4f876fe46fa23cbd
SHA256 74c53d8209902ddb8e1ac4df4f94144ae9fc19bbb7e54f2a22561f59701c51c4
SHA512 dd55cdc5d88cfb42603b134b4fc79bac5d8a5a303fa10abb119766902c3be250a8ead95e7538d08d94bc15c75394688ef010603f129aac563322cb94004ac574

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 539a77bf609295ff6d020f9bcd3b9c1a
SHA1 d11cfe7db89765bbb0d190fa123b6bbb38866af9
SHA256 20a3def0687f0a30f88a32aa83693537e04222ded60ee5ea9648bafee95f361f
SHA512 c81c8a761326d7ea13e715a3ebb6b83195a35d78e8a2fcc3d5324a5c33e5f9e4961f31dd82df4acfb767ddf8727a77f3f999c5a7db320d7a47f4321f8c241899

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b914f158ae500d60a69eb6bbeaa82e14
SHA1 4c437193c154a18aa0de34cec1eb45ddc2ad91c1
SHA256 ccf8280c56fc6f7e25b9b55ca5c930d0e1d605b24bda451583e98a2edd1de246
SHA512 83f0ad5612458125785f9e942bb56c4a8e3047f8a51da5124c82428b3517d8c563bca528eebe117489dc7d39970351923bd9add93920b2179cc70234568cc457

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\55e92c0e-c484-425d-bb51-4e10e31813b6.tmp

MD5 09baac515a28b18835ddbc95abef0d25
SHA1 942186071187b73b394b6fbdce1434cbbb724e70
SHA256 5b469a08a0814f712271a005ae4bf5fcc6d28946e089b4d705a2be965885ddcb
SHA512 b9034c71abbd543de47642cfbcdba6e61a41e3cab7ee5d2caf8b3c7f7f784130dac0bff7d5a74d9ad1a7e486d0bbbd00a54fe4cea659aabfb1dfa52fed54ac75

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

MD5 f695f4bdfed0b1f28f351e24d3941de3
SHA1 a30f161ec6e321069bc9a6e0e97b879e1ba57229
SHA256 e8e12b9702b3e4f13c7892275691ff1cd88282bd85396feb6735a0e27f1783bf
SHA512 c27b43e830e77af4451121dec06ba58daeb9750237bc4b97146b948d19e464553f17bd097e82e007a95dd4f8dfcc99af3bb86a8c4bba3cfb1e291372fd7d4b18

C:\Users\Admin\AppData\Local\Temp\nsc29F0.tmp\ButtonEvent.dll

MD5 c24568a3b0d7c8d7761e684eb77252b5
SHA1 66db7f147cbc2309d8d78fdce54660041acbc60d
SHA256 e2da6d8b73b5954d58baa89a949aacece0527dfb940ca130ac6d3fd992d0909d
SHA512 5d43e4c838fd7f4c6a4ab6cc6d63e0f81d765d9ca33d9278d082c4f75f9416907df10b003e10edc1b5ef39535f722d8dbfab114775ac67da7f9390dcc2b4b443

C:\Users\Admin\AppData\Local\Temp\nsc29F0.tmp\modern-header.bmp

MD5 079cb79b69190ffb3a584a7344e34197
SHA1 35a450167cd54beaf5d50bd85e00858a6684c724
SHA256 ab3dea92a333e89f41bb310d5b5d5a52b80d2aedf78b0516f2b1a6a9af69b222
SHA512 cbcd40bb163bc51df0e42a2ce3565848734b8fd6065592cb90270182b7473ecba71d0623505ca2c5654c9d65e16394ac55919d4018bbefe0cb72489579593e18

C:\Users\Admin\AppData\Local\Temp\nsc29F0.tmp\INetC.dll

MD5 7760daf1b6a7f13f06b25b5a09137ca1
SHA1 cc5a98ea3aa582de5428c819731e1faeccfcf33a
SHA256 5233110ed8e95a4a1042f57d9b2dc72bc253e8cb5282437637a51e4e9fcb9079
SHA512 d038bea292ffa2f2f44c85305350645d504be5c45a9d1b30db6d9708bfac27e2ff1e41a76c844d9231d465f31d502a5313dfded6309326d6dfbe30e51a76fdb5

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url

MD5 e874843904a42397c1a78c267f1a85e7
SHA1 56d970e6f25001089700706f484366c32fd7b644
SHA256 d037ca0be3bb7853c2a7a540af9e60a99c349210fbdae5618825766b18c6c06d
SHA512 8c244bfcfb0596f222ad4f62ca6bddba179250411f107b8e89d404496d489301b909ce905a0266d97e4e2ff1f412860a2dfcb9e7562006b5a147aa78f764851c

C:\Users\Admin\AppData\Local\Temp\nsc29F0.tmp\modern-wizard.bmp

MD5 8bd95fbd159e00b9823fe8d60ccf9b50
SHA1 c55e1a485062efcae2ac4d4aa43172a0d8dc9413
SHA256 6ef238fafc028ba028eacbff28bcc670cd7213df9318f99f619ac3e2988d16f3
SHA512 1bbf9d41d3180cfddb99e300142b619ddbc225a099a43e8755aecb44000a4248a7606d04bbea3c1e65143fc488c40d30fcf9bdd418174bd821247b932977f86f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{541cf121-9c19-48ec-9164-c6850e6cca4b}\Apps.ft

MD5 fc2fff7c365ebe9d9bc4aa4654d4b001
SHA1 25e8f959178884124a5634af3b586a7a30206839
SHA256 09114a40e032f60634fff9e5c45352f2c7f47483b9b0d01db00774808fef4107
SHA512 6211b1fd41379d22c6102c89952cb85e1567ecbb4247353cf6eb9e54110c5e531bc91319054563079453f152cf5cb5c355fd6c52b266aa30d80ccd2e0a37272c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccc0fa1b9f86f7b3.customDestinations-ms

MD5 499b6f11053727b0d362b4ac500bc0e2
SHA1 b4835ae95236df61d98944fa127e4a32b85b1876
SHA256 1fd8119db8aeba8a13d075a68a4afe5ecb8a0fa87b2daabed1f3615043fa61d0
SHA512 561348a3c2b0c721d1cdda56db637d8d554305a10e9b437f4c60e7918f0084e66a28bdef6b05d3367567bf2dfbc9cbe29b04311a0cdee1e79d62462eb410f5cf

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

MD5 88dda5252b58feb04fb15730632f87be
SHA1 bda45c28f97bf38be85dfd44d1f722cde4c26f67
SHA256 b1c046879dd0467e5d8689611ae09ad7f2327f207c877cc033f01e20c1db2df1
SHA512 3d5f751a8c9d28d95bf2d42f3e836f38b6a6dc0fc15e52ef626375638f9f5954766d134851405aecf09a43c036aad5166ef85569008671b8584984ac781708b6

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

MD5 eb3165d9012726d71787f9f7db571ccc
SHA1 a868a0739b5e0d829b7808f20c13f40ffcbf2cb1
SHA256 958d21ed40daaaadb4b904568055df3249dfffbe037377e09d6cdc6abcc66ba3
SHA512 d9834e38dfdae38480370e85941d54676d20247e6b453f361ca6339e22b4b0e987c35510fd3f8f0da1411128e1e890957a927327d0d7bfe9cce6f1fe6cd35246

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

MD5 11c6a06e8ac7a82e0fbff2e1c436a9ec
SHA1 49cb2db31df3a319cc4b424f98b99a8756271d34
SHA256 56bc0cf3b231b8d2d3a209e5f24460ca739bfbb9da5b3c20a8cb8d516ab3e5e7
SHA512 ff50dbac376952a93fa9f14057e8cb5ddb3e2c512bd7046a2d8b214548e2fde42ab25ceed0ce9029de1a55f6c33638503fdd905d93f205fcd312b36d385f1977

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

MD5 3e77db1cf5e810e8e5187742dfadab98
SHA1 4d45e9bc490e2e7ec4a7e1d80fb2941db16ec489
SHA256 1cf9839bbe8f65eb2136106fea9c096823328e1d32c591989216c7739955c4e3
SHA512 5677489bf878c7fdb5a5dc915d82309542f589958103cd0f598ac570e830c153910b4aedb04117d6b434a89ee343bb0cf7a901663fc8cf0c1575533f23d18ee3

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.log

MD5 c76d1980528aa016e5aa5d477cb48bed
SHA1 6d6c9938ac61dc2f4bb93915790b44d8f3dc4b6e
SHA256 6690e93a709fd172f1db55dbed09eca8e367426e878e12b0cdb630ba98cb8eb7
SHA512 803fcb2a860778ce2658b2b5d079fad50a13374c724399128ab41d63f61d3853fee5b35822747ff3594ded69058cf45ec575bcd6bfec303201fe27438186e237

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

MD5 b1601e580675f1cd6ec4801a1ebf7f3b
SHA1 e13e98eb2e6576bef8103875991cad6bf7ea351f
SHA256 70fa64f183b3d0813d9193dc441ae43e185bb6e827b9dcea256e318f54c52740
SHA512 3c7da903871411990749167c03e570d30fab2c20a89a3d6ed788a6bce5abeff7ce8b138ad87cbffc5af7f95a44395c504ef071ca8dcf78c3d34ddabc8ba8b94f

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

MD5 02959e430f6cb5103cb80141a7e8df85
SHA1 5971945441fe54f3d2a1b6d31d27c78c4466b9ca
SHA256 dc39b2087fb7e908c1ad9af251793b1e3edf4a33e2100f507262e41c56de3c45
SHA512 0c2581ed571d6eb7e41e0f4dd1e51191aec63c0e21a07e41314976cddd1139db1169c0081967fccfe758ecbb250c572dd42f339a40c48d432274c45bb79fd23c

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

MD5 19f49cea642ba4aa57a0af63e9dcdb00
SHA1 878297dec60c82b305d74716def332ea2b55bc7c
SHA256 574067fe1e691dc03784f155a521038ecf0abc85c1ac9cfc18e0d9685f9a90e6
SHA512 679f1d41f2a6514b9b5d833e672c623fccacea182b4cc179905aa3da4b53af652609b733ba6dcc395250b8d4885eb6325b2b9dee710964c752dd5c40dba0faca

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

MD5 98aeceb6765dce96f5e1dfe5bc7525b9
SHA1 741af4fe924cffcbc66ef0d8d6837e9012d1b769
SHA256 11e26a23d4bbf3f66d68e970e4ca70f7022e907cc42d510e76015a57e2a15dcd
SHA512 44a7eee3004d09e1728a5026d2e16f000bc56950e371915c60962621868c9361eae895cc5e3e4aaf11d13f59e7abed3f2c7e3eefcb579507d4d66147478b5b12

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

MD5 6ce340d12f87771d98fce0a4b39aabb0
SHA1 9cd5d8d98ce660a82d98054efc4bc662b54342d5
SHA256 17cb9b8d106b9cbc2f011f1538c0a466ecfd5e034a17f1ab53b709b2757f073c
SHA512 1b39c13065fc28b9e6539f860334ecfca3c3f56c3bd84c235f34c02563d2ae9a64f10f2b2a78d2b4791e11d5af42830210fb9452d08ec69a80c2a760ea2900df

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 6fe0f18736b197190353fa30d490eaf8
SHA1 443d8565cd07ac5678c7819bfdcccd81ab3c7f10
SHA256 8aeb89523283e3999ddd81cdd93fbd581d5565f776e40f815a0136345bcdf5cc
SHA512 56eb841f3f996ba763854af3afa81d61ae8ce46f755383374c7a95db250f8aa0b6e896718c53b45be80c2d69ac645a09755ddef26ec5a5d2f34d11f0fa327eae

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

MD5 3ffb81157380926aa422b52ae7fefad7
SHA1 8d7ac7e9ae90dfa064ccb4510fb7ade43b87326c
SHA256 647810b28bf02a397d10a90e7c9d2149d2f4af9a5147c9c9bfd0a4c262fac0f6
SHA512 cd99ba41546090cc0f2a0124d17c830bf5fb29b5994ff4cd96c8169fab0db9c05d4312389f8877ec1ba4e8756c9407919a034988816244efebce0422df670009

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\CC6969.tmp

MD5 daa100df6e6711906b61c9ab5aa16032
SHA1 963ff6c2d517d188014d2ef3682c4797888e6d26
SHA256 cc61635da46b2c9974335ea37e0b5fd660a5c8a42a89b271fa7ec2ac4b8b26f6
SHA512 548faee346d6c5700bb37d3d44b593e3c343ca7dc6b564f6d3dc7bd5463fbb925765d9c6ea3065bf19f3ccf7b2e1cb5c34c908057c60b62be866d2566c0b9393

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

MD5 ca60152cedf33ff6bd88a67452fcf6b3
SHA1 47ac6acf9959ac7cc4aa6ec62c40e90158e7beae
SHA256 d48c7bfca9bb23bcd3b1c41fdcae617f87b1f739dff8860d694b66049192147c
SHA512 ec2a431a71328eea8cb79bf92da0f04411314c28128e14e80850b16f28cf391fa4961db9d06e914b7f11cba1438ced54b49c0f3c1c72e41912e901ae90f3e7e6

C:\Windows\Installer\MSI94C2.tmp

MD5 216acbc40fb42eb247260a1feb124114
SHA1 3f16a8479e9e467a200c9fc6d98ffe56cfa642ec
SHA256 bbad98c96204a8f8b09457779a5da5cc3563de73925f0535e37b3f5e73fdc2a9
SHA512 001cf5470656cce65205074fda01528e066226b135b8e8bcb0e5dd13ca64e8bb70b45ee8e99ec2d8139157d40355a1cba353022c8a69bc3f9fa9af18304448e5

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

MD5 eca7eed1d7faecbc0cdd9147c9bf11c3
SHA1 c816da1564c3e099762f8e4592f6ca3f1624e21e
SHA256 e4d62815c43561271bcefb3a8ff9f2d642a04a310089d379688e56c22907e60e
SHA512 11dec2a004270a860f34abbfe288a6cf23d8f57eaf3958ecc9eca63bab6293effd6a935b62d5a79b97f06de54cdc244f1b7647eb1d3417db82247119ddb603e7

C:\Program Files\Java\jre1.8.0_361\bin\plugin2\msvcp140.dll

MD5 c1b066f9e3e2f3a6785161a8c7e0346a
SHA1 8b3b943e79c40bc81fdac1e038a276d034bbe812
SHA256 99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd
SHA512 36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

MD5 3403a041a597af0499ed76f93066ebba
SHA1 1299ea98182e9e43fad7e6575b7ece6cb01cb154
SHA256 80e1f6d7aef026046bf166451b046ddd296cc230c53207d726ef3685ab799c6d
SHA512 95a07c3ad9c18e834b7b74e92fcc3579294cb6d1045874b3e4b169082206f81da2f226953fe0139d73cbd63f3f583bdaac0958482db92a8dee5f0b68970add80

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

MD5 e45ffd3571529f55b07e09a98cb92a14
SHA1 f8716e841d47e143d977c43539e8b0677ac8e102
SHA256 7ab7a99275ad788c38455451cc4aaf4ad489ee37db1ca605319aebc2a9b42cb8
SHA512 c3429bb909d0c3a5447c61096e0b511c8d56cd90f7f318f0c2cdbba8757b69ae7585f3484aa098ed0e5e2ac4338cc066f1b5643dda57c1f5f1c2bf7ba8d6699d

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

MD5 da00ddc70c0a24c2187a37aa996bc496
SHA1 001c0d5dde2fd24a4762877ec9c5688adaff1515
SHA256 b6612b65f997197026830b09c2cfa1e76e01cedcaaaf78cd7ffd24e449ba70b3
SHA512 559f7a336ac5c4474ecb8d2961156c2a57603fd71318e64a92156152703eda3890055e58b1feba333718b11973e025151b2d81a552568116aefccafa9c49a996

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

MD5 c1d04cb5c5278c3148b6d96455241164
SHA1 dd793cc20c14886356a94c927105a4fe966cc684
SHA256 8e740e0b3c5a2b8bca49ec216290a39622b8951eec77819e9dcdadc91ce27496
SHA512 ac132002371376b169cbe82e921850705b3f079adcee8d181423405e1f03a628b955c1f0dd027d6be48f950111e86fbb02b44440ada9fb71176914ac2d680b0b

C:\Program Files\Java\jre1.8.0_361\bin\plugin2\vcruntime140.dll

MD5 1453290db80241683288f33e6dd5e80e
SHA1 29fb9af50458df43ef40bfc8f0f516d0c0a106fd
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
SHA512 4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

MD5 83947a15031df72dfb4e1ae73c347aad
SHA1 74e6c4a71c778cf970c9607a44709630e4d204f4
SHA256 3476cd7d7bb87f237028d168b41acdf1dbbbe316cbd03f211c89100e3d402793
SHA512 51b943c799b83bf4299dec06c790f6dbda4c2ccd1455a762caa89db55b04fbfb461bc3e6b09a7e00bdac7bcd97021bfcffe9862caa304e19d858ca0008e74e4b

C:\Windows\Installer\e647000.msi

MD5 407d36101348022e67342b44292d2b39
SHA1 1811ab3993672a9f329868622d96014043bd5f4a
SHA256 213e9fa760dfa2af22a4ac94a10c7f21f4b482aa04e8cf3706264e4c17d2481e
SHA512 cd78f2d3d8057467f87c846fd2252cc2632de822b2c5d37a9f2bcd0c68fafe598bdc4bc69760cd7e84037a5b28b3f11a4385684962857e3ce572ec9b302f0c0c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\places.sqlite

MD5 eafccf715f01cf45647334188ce79c25
SHA1 5dd6ef746b1a7706790013cc1739eb2949afe9c9
SHA256 7a3cb52de11148d879b452be6bf13ed7050009b319cea3a764e389794c3ec8bd
SHA512 4d3b7ea513d59bd7550ba403b89ded0c8b34879226ed282fd6a2e8f475fa910d5e83af723c245ff27e625add65a88d0f2e3d21a0a7add81dc3274e5ca9719f3e

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url

MD5 472d99cc0c3c745e9d794af2495e1073
SHA1 c1fbb2d17fbcea3d8d76d4516cb099ef89c3d6ce
SHA256 0a07df0e4ca2361cbd92c5c56068d8ea51cf0cfcc755d015cd1034c250cf1f9a
SHA512 bed250fb803323ebef7c6af71912572767a6e36e4ed54886d773758e3470c906ca9995dd54c64b43f297c7de676fc47936ced5c81cdf3fa8ee9688d9c96a6e27

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url

MD5 629c2e7a4d9e24406873fe2fa7543be7
SHA1 d6c48edc07e35c1b84fc2bf5f74367edcd2bd3d2
SHA256 cf23fccf15c640cda1a383a09246a5a1213ebd5c9a1c077ad5cddb785f4700dd
SHA512 00cd51c0377e9c058c3cafcf4ba03ffbdad37711b4bafe054eba978fb3dc4c178cfec0d292d4fee27aea42a8b39ba8187866ad4d304f8b74662bf1accfaae8e8

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.url

MD5 faded0d5bdcbad42d8f4826cc3c620fd
SHA1 c49c34f2d2160297b1c0c71c327180ed52ff673e
SHA256 d869d1b0c391cd9ce8f0c633cb8e5731c5073c33f875b32a2a61006a3c1bb24a
SHA512 bc60186037724353460a0f7af8b207ccabe64d80aaff796d9ee082c6cb6573ff214dedc22080fdf23664ce79f7604276e1bab746dcf2407a46e40ff38b7119cb

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{1CD896CC-5292-E2FE-B016-0BA7665AB9E3}

MD5 8aaad0f4eb7d3c65f81c6e6b496ba889
SHA1 231237a501b9433c292991e4ec200b25c1589050
SHA256 813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1
SHA512 1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133253709690314281.txt

MD5 9725ffdfeabc258bf9d016126f12dc55
SHA1 303ff70d62e4c42fe711ad7ee6683aa1513619f1
SHA256 8e685f71811593a486a27b9dabba200ee7910c151c22deaf5879d7268b4cdb11
SHA512 cc32a120eeb5a08b54e24e19cb38868b3a9313f483a1891dd16d67ebce5c846fe13b0e7c24712e5843c2de61cfb52431ab0f029128312a801d86c2dd52717395

C:\Config.Msi\e647002.rbs

MD5 ef67846f1376f3dfb23ebe72c537ac71
SHA1 e994f7753e25c39624cbae88e95e52d1b77190c5
SHA256 4842b04430ee9d9840daf028925a3cb4c1652476f308684e78174a874c36902d
SHA512 849dd34392300d020a1d8b17d2ec457e1e58185c568939c81eb27c74afaa24c2bbb5e88bf82c849f9830ca96d22f39a3bd88e45ddf360ed8ec0843628835e4bf

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url

MD5 ced45757da7212b9c8419d34ddadce4a
SHA1 e88a8765caeb6300a71111d71b1bf00a4f922391
SHA256 2b3049bac564084a0c1dddb06fc74c52fd2cd433375fdefb326cc1587c906c67
SHA512 c1cd76f468604b07fa21430bcd5214331ce440bba540426ba823de2a67e3363397fc440dc3d64264d5a2b81746ad420aa44b78090f4b9b03abf43546fa8fcdf0

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url

MD5 8f614b432b7dbc23691ab9e2c96d74ca
SHA1 6c34b22285a6cf15ebe8f5ff956cfe99d1a4121c
SHA256 d3cd1f65c7c6e564f76220e963ff22f15769aa95e500b57ddce9260049f59220
SHA512 12aa2ff757263e497e2b45871d64fa91acccc53a209f30c761ad36328e7074bb123641a20e81207e6fae0eecf5db58834c01ef096286be2ec6c3afe6e1cac421

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.url

MD5 a5422debbdc81da65f5fa2b17da9eeaa
SHA1 e9c01053c6c45589462db2e31bfd7c6ffea60f31
SHA256 239a4ee2824fa17a17e0b84f94a07fc4bc56edf3f9cc426daf3878d16e722e95
SHA512 f49d75c09140e6b5ec1a2c64ea102396d57edb0c2312a1ab27cb3d0919726965ba3ed34a992898661f974a0405db57a1e5f8948345bebd72e52c07a796ba093f

memory/2512-14223-0x0000022408390000-0x00000224083A0000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\f33f3ed4-d57c-11ed-893f-e27224d40471.data

MD5 bfe7b5f9a20bf3fc5c3d440f40176ce9
SHA1 8ab97528d18c84ecdf495a7384e06d5bb1ce7a50
SHA256 65dcab62d0fb4a565e4d5a3727be8db8b438e368000a620cb89a9458caf5f524
SHA512 6c8d47050fbadcea9307ae9dea68bf83234917d55e47e7eae5663e98c9973ba5bb3ab5ffef9245d4577f4aa998d9bcf0696400619f2b73d8fd2ecf3bfc0fba35

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

MD5 370558be0215ac2f87aa748e87550931
SHA1 eab5f96121c7767ee02d2b8cd255c6571fbb4f22
SHA256 e19069299bbf8c9022444ea9cb04b7a6920183ca9b1eed1e60a716ad7acea1f6
SHA512 ba5262b4949f3e8d8c8479ad81fb4d6db0caab523ddfbb77b5c6d992521da03d9008deb30149e5516751a6e44124da07fceffb256184a09ac7be3a4893af5cd7

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\ecd1e4d4-d57c-11ed-8348-e27224d40471.json

MD5 d7b6a4f86f8f0b07a89de534ecab7335
SHA1 9b7e416132bf62102077ee785df217ee1f66b1b6
SHA256 71e582dcf755ec70aa1defd2eea313bf50924e6dc4a4d1dfa97d7895b2b5ddda
SHA512 61cc7422006aebf0ff881c0f0127d42c8bfd4911f311a9a0ff237a43f381534b2a99fba9836c9e2b3261e4544c4fe16a347fd795c36a0521c5bf5ad19ec29f2a

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 3944acaa6f17ec86d5ea15b93d2add46
SHA1 35569cbbf8127471dc559098f7a1fb3d1c879936
SHA256 e065e677c17016b7f1ece46d0fa9eb34a4ca2199c2be8d690c4381135ad58019
SHA512 b89edad5f87c2e7089977ff7eeb297e24dde9f00aa91d7a86d861257a5147b864bcddc4b8758fef6f77c21255f2692efa8dc36236571ef06119cf7c635590358

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

MD5 3a8895eda0b4de2ed2d92a05afffbd8c
SHA1 2f653e92f0e08048fe2c5229ecc8cb19543ba518
SHA256 c84e9e2d80ef805676bbeb3f0391e88c1f52e2998c911444f8198b74de5e50a5
SHA512 e3eca54df1c92429a10046c15ebd3f8e0f3208945b129e2b39e6d4c90482ecd95e7e5084f7f31dfc2dbfdab372ea826178e945c13902ae97abea982ca18909a5

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

MD5 a15052c52609cc6fabeceeca8fcf67c8
SHA1 68f7314e7687465e388e82085aba05f6bbc0c7ca
SHA256 471fbfb7d75247d5793cbdf121bf0f5d1f737655bbd5ce0c57bee6a5bc5784eb
SHA512 d7d08207efe68637da0ca2ed35acee9dee5ca70f46bed5f0996afb99687af416d8283a001bf52d82f385afe510c06df12b46d31b62b62da6c0de93881a6f7dc8

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url

MD5 8f614b432b7dbc23691ab9e2c96d74ca
SHA1 6c34b22285a6cf15ebe8f5ff956cfe99d1a4121c
SHA256 d3cd1f65c7c6e564f76220e963ff22f15769aa95e500b57ddce9260049f59220
SHA512 12aa2ff757263e497e2b45871d64fa91acccc53a209f30c761ad36328e7074bb123641a20e81207e6fae0eecf5db58834c01ef096286be2ec6c3afe6e1cac421

C:\Config.Msi\e647005.rbs

MD5 a7ecd1d0e94be2a38bbd2273668e8bc0
SHA1 524061055906ad2fd31aa0c31debe508964a005f
SHA256 e2d6326648c308dd5b5ccbc59a5faa35c78922cbdf197aa2959157dd4e1331f9
SHA512 752200157ab0917ab57aea588a01e5fcc1b2794e85f410a674d49eeff340752e0a0e8fb37913a71fb768135f8e879a44eba827f3948173c68577da2c048dedf8

C:\Windows\Installer\MSID2A4.tmp

MD5 c7018628101e1bb69437b4ab2f6b7465
SHA1 e185b2a7685490f74e11e794bf8e54bd9b21e295
SHA256 8c33499755edda822c1ed58354f0353134707f143ea0290758510781e515c8d8
SHA512 374f90ca6ae78e784967f314715cd282ea49332de1c1a59b3ed27389799f84eaae8ed9950a0b67ccc383c1ff872984114c2d43538cc39b50e9646e958dbf95f4

C:\Config.Msi\e6470c9.rbs

MD5 d595cee41b6307acef578b9b9f5437c7
SHA1 67ee207577979b6563c939ed55293c09cda2fbc8
SHA256 016f2c4e440bb54463f9d84650fd3dd07197aa02868661afb300b8adbd5718e2
SHA512 71ed0813f9aa39200299d313f44b082f23f135c183b0b85319527809e7838de0a8b3f654449c6b3509f3317ec6437c6c7c9a532b477fa0e85a63aceda4b644de

C:\Windows\Installer\e6470cd.msi

MD5 d82092d71622d5121dac785254a53707
SHA1 6e26aef9fbc34eda9b099e03242c2ee4a8e3a845
SHA256 1f6b3176e5e7ecfd7d262e9470eec2ac1a7fe9401bb064c87810af9a0aa7bb82
SHA512 e1f54163b242d8b3149d536d7bc3d3da896da229a8fc298e613bcbf75b3a77129d07b99df3008a30f95a80a91c17fe0feeaa8ad0e2ebfe4deb8678751258eca0

C:\Config.Msi\e6470cf.rbs

MD5 d70f09209f910c0c57a855f833775a6a
SHA1 7c0b7f98975a2fe59b0200de17fc4ecb9096427e
SHA256 0fa3353761dd317b4d885c4015bd5f6fbb044cd0378a14409d5eced00f1d2697
SHA512 1b660c7fe7617d72ab0d078c1d696668416d2667aa7154325bbdb84edaa579f2cd967c4722af3643e23591716d660def96c2d39c62820b1cebaa2a396f49c5b5

C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo

MD5 b32e3dc98ae64634ac70bca8d9fe9049
SHA1 b76035923c6712c4ef4242cbbd0fee1fd98fa88b
SHA256 62fe79e569453987e9e2f0f6ce1b3d31f1591b9a2b9243972f46406f70b53f1d
SHA512 4d67d9ff3d769d279aa9760fe87fe7ed3d91b526a52c96a2ac5fde95557ed1ba3b77421ed793f14dd094763129e9a2b791c40562e6f6c1a1c2663c62ca946deb

C:\Program Files\VideoLAN\VLC\vlc.exe

MD5 e634616d3b445fc1cd55ee79cf5326ea
SHA1 ca27a368d87bc776884322ca996f3b24e20645f4
SHA256 1fcd04fe1a3d519c7d585216b414cd947d16997d77d81a2892821f588c630937
SHA512 7d491c0a97ce60e22238a1a3530f45fbb3c82377b400d7986db09eccad05c9c22fb5daa2b4781882f870ab088326e5f6156613124caa67b54601cbad8f66aa90

C:\Program Files\VideoLAN\VLC\uninstall.log

MD5 d67ee1a30f5a67ed10333e3319fe217f
SHA1 9f98fbca68d547d906a70bdae881a14849e2a3a1
SHA256 8ca28e95c1c95cee3dcb682e8aa6f0aaea95d9ac64cd5fe21cd59e8c56dc64ab
SHA512 b7f79b47be0987a89b696b94c11839267b7ec64174430e5635a6770f7dfa6bc9c3dd8a76bc495bc5e0e49412e62da26a0a90e12177a4304b889d1f2ea01b0917

C:\Users\Admin\AppData\Local\Temp\nsv69D.tmp\System.dll

MD5 4f25d99bf1375fe5e61b037b2616695d
SHA1 958fad0e54df0736ddab28ff6cb93e6ed580c862
SHA256 803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647
SHA512 96a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130

C:\Users\Admin\AppData\Local\Temp\nsv69D.tmp\nsProcess.dll

MD5 1d391f65d3f16149d324dfe4178f2941
SHA1 834a465290feea0ea6f2783cfeccf85a1ff31648
SHA256 ded1a83fbd3dab203ca4e5db33b5a826d25d5cbb9413fb18ba21e1a91fb5f113
SHA512 7096362fa5b71fb8fc7f0a1a46686d7efb82fc079d00a508091cd8c3e8c36974c841d3a3185ce27c5a2bba468c301bf2bd720cb5b515fe34d3a2c987f36ba3ce

C:\Users\Admin\AppData\Local\Temp\nsv69D.tmp\nsExec.dll

MD5 dcaaa39e47a9144ae10ee67b3183f4e1
SHA1 2af87fcebff57411e929dd2fce767e9a1e4d98e1
SHA256 da30c0f57a8a412bdc0fca182702f568bd91007475d1823464658fa523a4af9f
SHA512 d56997d74d841d01c62b7db4150729f395b57d065a1182249483640f80720fb6dc7a457cc3a23367982f92f85e9274507d6157f698a2e22ea11266866fb1bc2c

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

MD5 a4a2f1a8576481023685ebe78b468000
SHA1 86319390f178aa2bd0b3fecaf605493fa8227ffb
SHA256 20f928bae96a7b69629bede47a7872476d034d5074ef67ac4c3a7c07c3d4fd5f
SHA512 23ec0a69ec6a0ef3e7975616ac1c12b529c3b2177bfe5178f7bedb1be4b6bc2e7bc306253d5d0913ec23addf77fda6786e5123f06cbd3d637e287dc659bc670f

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

MD5 5f83fe01a2c9d90b286d7a7ad1b0716a
SHA1 d463fc03347fb72e826ad528e40ab2a9b5f98c9b
SHA256 ddebbcd47d3940a3af8c58a1e82023c3b18438ac0bfc6214004d51d14178f08d
SHA512 f8238e39fa2db04ae37823d21f2fd1739e028589e71c8165efb362646f4d4b18e38c1c09be31aa222221406cc737c8b8e1c2d4209a386c8e95678abb4ec5455e

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

MD5 2311af75c53733f87b158c4a3b20a67e
SHA1 8e3b0ee546b2b317a522041ab8e9b1d188f80508
SHA256 936dd07410fe3007890fd3a45e5ab795e0c6523987cc25ed6bec5f7163d4bf22
SHA512 2cff14314f1275ecb52e709514273fca9a81b53be118325d4f9c4454117a4a7ec64bc3568c9dbf08fa9caeefc3facda53da93dc112831adfff043333d63b5cea

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.log

MD5 4d8e1ce1ed7d6f02b8ad5601641b807b
SHA1 9167a7e983d6689e4e54d1cef9f733f74150e8bd
SHA256 a9018f0f40ad142c1227a207dde9a1270eb38fddf6a43d5aa491f4590b59e1da
SHA512 c9d8d3f28f9bb84828dca196bfa89f6857968e53bda7fe4fa87edddef1a318c3697886edc08b5e86062e20ad0ed924fd0f3c0e21ecbaa47db7133bc89b561896

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

MD5 2a87b81f82ee7a4dff17ca174aa8e129
SHA1 bc84db93469515bbefcd34ec6efc2cb199aa00e7
SHA256 32146994f7e9489c76470de41a7c3addeda86dc8b500bbb951e000ebbdc42b76
SHA512 8507876f93f543f8f350fe98ea5a6ac82b0d1ae47b29f0970e909698463598e9523817e4b26709dc3caa0b4cc610ddb56c92ca6c88f1f996e14b22a321e9456c

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

MD5 0822c2c2bcdbbb2a00d03d257e9f5735
SHA1 534cc0228a8f92da824e86bb9ed8cb2d70d0e170
SHA256 61de5b142cbbf8702676fe834f94d3bef4cfa8ea59a94041973ef580081bc50a
SHA512 6f275acbe6432e84201e146beeb1983f9b21bf3a56a8675d54462354297d41eede6e15f150c09d2f644eb48383842b434425d0a7e9c4df080f1a34f23e31ad0a

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

MD5 b8c96d2cb7c1679da6d99335a37445d8
SHA1 dabcc0da140c56cb62c0cc8f7bf0728a98c8b747
SHA256 ff7172d0b4aaeeb62e32287fd38758be6126d29a1ae295d113b5d1ee061a040d
SHA512 61ddd21339672cfcc2588a415d5d5470189dcdba60211a6414ed5cafc412ccb410a8a047f35f5018d6d38bb93c099a392d3a0f68e4083f221c6112f10c5dd2e3

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

MD5 fed9e8ca370eaa3372f7da81e105c163
SHA1 61cccc8a2a77aba8684593ae3fc64abd226e47ce
SHA256 c2519d02cfb3af66ba2c71f2eb70b566f1b1072986de29789b4209ab26186002
SHA512 6e81febc844bd2c87a09cc82043d93a6126cd594a0a175ed2f134f3e310a4d16b8f5cba9596e328e8a949d92a7a6ddb6836069628edb9241e09f3f1a4fd733b3

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

MD5 11333ce2ff7931d1464816f86e306e36
SHA1 3305bd5a47fb58ce507c00a60a8d760da44c1017
SHA256 6f82d178874c31dd47bcfd8cd3b5226910fcfb2776d91bbfa11a8d659675ef07
SHA512 ed05de748089df3a5ef70033bf9abd950ce526515bf43153e1ff3be8b35a83ca8dc993feb1c22b7183b0e3cfbd9bd267b80e0f31c282a040f86806c8ae0fa45b

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

MD5 2de82ae23a1cada8b9affc8dea722432
SHA1 e0c396c241098597b072231fcb47fe8d0b07b7ee
SHA256 a9bfe9d5d17eb201faf9c1e1edabe3bc5c5c7e114eef805f2f55ec796c8ed856
SHA512 cb7df2bf26a7732d83dd1a751f0412e304ac8229c812b40748b3bac50173c9a36ab923661ab8b805962b2f68e2131a1e380705bf6a1e5f5db6f4776a0c70be35

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

MD5 7ca73b8ce1030fa5b62ed4da1cd4e1e2
SHA1 75e467a44c93bf32862f89298f02c8551636f361
SHA256 b14dd4b742ef939c3542660c09a7dce07b34c68661f27bf137c35830127c4768
SHA512 9509326bee8ee7b0333b039a7b295fb5c5c8ff973ae709a2380b5c8efdfba09d35c0c213205e8db415b26fad15bb6395b4c851710cdb6fc4239fd8ae169ed2d8

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

MD5 0da606beb7f0286b7352e340c1209498
SHA1 045ff5afbbbc9323241b703f3e632cbdfd34d2f4
SHA256 5be42557ae614c9745c016a8fe1b7ec16930ef021a4d1568a50c682dc0a07c51
SHA512 9132f34e52c7f6b7f6ea46e64b3ce8ede3702db878830572a3181f59071e0d1d79535a41a716955d46f5482937eb3928dd049c7338f91d8585db0d9980c6cccd

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

MD5 75eb961adecb78ba15bd99867746bb20
SHA1 60b2c0b1dfd0a91ec7cebb79cc4df69573724f97
SHA256 1ba4f153c8df43ed906d5498ea8f0e06bc148c8536aca8d3821a8d1df58bd289
SHA512 77601d60d5f1a9d663aad4bf3fcab7da110c8fceae0e73a4534253bf816c143e860e05d59e0731e6712fb1a1c438b42930b42ca9e84e22d58c4c4b33d057029a

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

MD5 967910cc3a94cec1b47fa6d402e4d133
SHA1 d6b052458c5eb45b4dd733caabfe215243fcff8d
SHA256 03d33a370dc8825ff0edbf136ca5efdd1f17f5a48c3f8d7141c6329ee55e25fb
SHA512 fca18204d1130c8bf5a196b364e6238bf4d5e80bfefb40877fbcee3764a58ba5ffb8e6b9ab70d476afc88391dc8c9bd226f4fabb440ffd765c01917baa9b5d02

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db

MD5 c251be09b85bfb247096bf24d538ded9
SHA1 8857aa800ac2f5ee0365eeb10619d0f87d5e3e0a
SHA256 b72211ff34392a0c9bcb52424a7392f45b490b77302c0753d61b5294ce865a6f
SHA512 92da61faa6e75a1f85227cbfd310626071715a8503ee1da9785f569581643983465b10721a62b8de6da8c6aeea1205a8f8f082e7da0b4a592e47c748e8d66111

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db

MD5 ce19e5a951a8593fc2f00a3d8a9c20be
SHA1 c08512cb6a1ab512e3fc01738924b74208d4e15e
SHA256 7f047d62d9f647fb1ca8d7fd7227528c781c0a13e4c5cc5e830c261bd8babee7
SHA512 9a2b5d7ee30ac4d9e82d478d381a15f7488a07c941ad1567e0700ea5b9be6ef74b8cd3a7429a98c2072529a4a795943e35604f111df46a3fddd4517ed4b74a2f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.db

MD5 c5429b2b4fec66f1b566588b8637f82b
SHA1 5514370f6ae8b67a25677e915b9933597f19cc88
SHA256 9655d302cfdd780e5eccfc297f277af2d2b87f8f850b1fee522efc82f0355cd8
SHA512 84d2bc5edb402f23c5a11dddfac0374636c76c4ea2c3697d66beb3c7f09a73ecbb1ee4adc901ea25aef9b918f7632a4d369c1457aaa3cf93a9707557439866bb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db

MD5 6f2ff2bcb8b0c09fe1e5d74f3e41abc4
SHA1 54a721ef26d29ec175bf563e28f2deecd67e0fe7
SHA256 7190fa9449fd51b4dac65d68c40530ff359c96229d1b7148b236f35dfa662db6
SHA512 efdaac09d0749bbcfd2f3c41e20056089566331130b266943c3bd66f35e8b3fd1ac00ede715e5a53fedc4674b24b8223790ec4c1293bd6163f8ba31191a95858

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db

MD5 eeb195a9e8455140c4e8a94e56fe24e4
SHA1 5f58532505ee033ed2f95b92a47b67c14ba93e33
SHA256 6fac3cba525b7d4b75e056c6c5c849840eaa70436032985f0914e1ba69b967f0
SHA512 cea1470eba257a4420e52e891caafd3bc036be7525e98d6edd49059d4dbe72522a33e4eb3b33b32cabca68766dc1ef0a272fed1f983f92d01585ba9145f678f6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db

MD5 e073961a203975828821f7ba84bd9f90
SHA1 e6199549a5ad7dd9c97e764ca8b24d35996dc6ab
SHA256 581ae7382ea9ae4935984bb6f95411d2146e207f4bc39539a30a186d8d68f17a
SHA512 354b0d2fa014702676dab6b194aec31c7095a1fe7fc8e4da6af3d142313ac5cc02ce9771014a9ac1d3f951f67e297bbc84e6e6ed01f8de0e5b424200e335f272

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db

MD5 b6524640ef23112389026e0d54865993
SHA1 0d51175befbe70fecc2c928cd92859d8f161edf7
SHA256 a59331eee6ce259d384008f0ff9d0cc67c70b6a94a3573fc67bb7808983077f1
SHA512 aa39e2e1acf1026e6f26506c351992d3c616cb29b5184a96f8c868722919d90b088ad9665258c2be60e73be6a929ad7607cd79bfaba83e32f1dd2cfabac35248

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1920.db

MD5 cea28b78f8d13a0606abc12ae5f31ace
SHA1 f8dcc9234ab6dc9f86bb6eb0d928fc26abe415b3
SHA256 8f7a066fba201d4bb9aa992e0bddad1162618beebaff5c47943a32328b57e21a
SHA512 a5672ad0b418b0d7968f3c9c375242bbf384b53800506761411882938a5d170c09b08343f8d85977142d7e24b0940c23e9d766be8972a554aff8a72352ea18e8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_2560.db

MD5 fa44ec4ab7c0fdc1113f4c732d1b57a2
SHA1 366eca0008f113efa6ecd5699f7448e3f5ee5afb
SHA256 05d6268bc072e615dd5c3b2f258e5574c504b5bf478060127151a4937fb000bd
SHA512 d87b34b8b794f2a252060a20c749eec9b011dccfa93f09a4f7efa881ab5cf33334940ac4fc0d8d3119a4f219a4ef4e854a746027db02e1443e0b1c4fde0dc460

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db

MD5 82f31078a2f87673ba8c42f10bcea507
SHA1 bdbd3274d55a99cf2aa5997a3badd0559608497b
SHA256 8db0c20fc61a982687144f7d64f77ba65324c1920d376d0f44933267510155bf
SHA512 5813ca3d1f7a13a38ddfc07f7a4a791e611aeec446dffeddcc7e00ea8e806d8a322b44ec2f0558cabc21e3d31a951d7278bc3c4e9b5263b01e392ff3a72df63e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide.db

MD5 1a07b0e2f77f61034a7d612e1e5f470e
SHA1 9360c180041c05d5ef664148adfa1abd11581f1b
SHA256 50292d63f45b6b65351f0398605b0c48be6ad6b615580302403823ddc8d6e6b3
SHA512 69c02313273c085a752316bf92fd5b88d02512e876497968f971c3f414ffb073c605b98913afab688432a5ec9be392d1294a89bd33341a2687a6be9273dd4a17

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_exif.db

MD5 d614a3572ff336119a699b94b6f7a489
SHA1 e5cfb534e9316dd0821e28449e4183da5974de37
SHA256 fcd6ef71df2aa1134bad38a9ffddc1ccbe7d20667340197454a01d4463beacbf
SHA512 bd6a914a205c150bbc60c3d61037050088fd4ac777aae2cd5849a570956b1a8ef1bb15ac1dffc28a532b1998cd507b1a1754765a2826a08f6a0ce2eb427175fb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide_alternate.db

MD5 ebd53ed843732cfb616bd5b28a20209f
SHA1 2275cc01a69d04a4ac495dfc1a6b2a5f0f42a236
SHA256 6a956576b437f458dd3ef22d81f1f699ea218020825016d8f045cb318aaa4057
SHA512 42e7363e3427bbd97615a2b6491db89d047daf1fe0aaad84eb762e51c4f5c970616af1a74ca691a9f67f7da1221d62fe546d2f18494ba9c4c9cf0667a4126742

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_custom_stream.db

MD5 85df711aea9a66b31e77560048ed4b39
SHA1 59fb6fb7a99ab79ff58668e2ed4d1fd1bfdd76ec
SHA256 f813172fba3106896a1fe49af010959fafd1a8fea2cf1fd776418c45e957819d
SHA512 26e3b5d16111c7e0fc4f0c1993c766917bd9d228ad46a544924a5462aa402227c5141a09abbd45651accbf1f3f244d20dcb261040dbd6aa679cc7199e15118a6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

MD5 8dbdeb83af38613b0256863319a57595
SHA1 50668cfaf46a0d3b30c9d86a31ffd4e0aedbac17
SHA256 77eca3315866e407415fc78d20868f4dc18884c0bf235d92b4b8043de79a9a90
SHA512 cc478745f688a3d954a113eca8d9654a1611da2b6928c597b8956feb81da09b04f327b7efe0839b8c83ec521bfdb1b966223ee673b5f4090e452e629ab54fe44

C:\Program Files\CCleaner\Data\StateHistory\DUState 23-04-07 20-10-33.dat

MD5 89523b26a78025496524296eb9865908
SHA1 141ecf0848003da03f92ec6e5ffd599039b6eaaa
SHA256 57adba3d2502f462e5620e57930e328750edd951efa5181439688790bc613222
SHA512 09960842685f5bf21295a91dfd1744459088ceced6b4f3d60d29d28267bbea521098c180ea3d7ad262bb50271265d6777f861cb5f6693b69af64717bb74f18fd

C:\Windows\Logs\DISM\dism.log

MD5 2d591b894fdbccdae004576deae72f7c
SHA1 a094e1b8fa8669bd43d866336244d76d272743a9
SHA256 15c8daa4bf43e64abfb80516ac2d732d8301213705595747da61e52324900995
SHA512 140842f7560a9d93e896e58dd9feab8bc0506500d88c20578eb62ff684e4027cdb145a701b58e41329bb8ec23924296db3beeb4eb1357e2109c1df4ccea9da8c

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8