Malware Analysis Report

2024-09-22 06:30

Sample ID 230410-wrxmssgh8s
Target https://github.com/Endermanch/MalwareDatabase
Tags
bazarbackdoor backdoor discovery persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Endermanch/MalwareDatabase was found to be: Known bad.

Malicious Activity Summary

bazarbackdoor backdoor discovery persistence spyware stealer

BazarBackdoor

Suspicious use of NtCreateUserProcessOtherParentProcess

Bazar/Team9 Backdoor payload

Drops file in Drivers directory

Downloads MZ/PE file

Modifies RDP port number used by Windows

Sets service image path in registry

Loads dropped DLL

Executes dropped EXE

Registers COM server for autorun

Checks BIOS information in registry

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Suspicious behavior: AddClipboardFormatListener

Modifies Internet Explorer settings

Uses Volume Shadow Copy service COM API

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: LoadsDriver

Modifies system certificate store

Modifies Internet Explorer Phishing Filter

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy WMI provider

Enumerates system info in registry

Checks processor information in registry

Modifies data under HKEY_USERS

MITRE ATT&CK Matrix V6

Analysis: static1

Detonation Overview

Reported

2023-04-10 18:09

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-10 18:09

Reported

2023-04-10 18:23

Platform

win10v2004-20230220-en

Max time kernel

311s

Max time network

766s

Command Line

C:\Windows\Explorer.EXE

Signatures

BazarBackdoor

backdoor bazarbackdoor

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 1160 created 3144 N/A C:\Users\Admin\Downloads\MBSetup.exe C:\Windows\Explorer.EXE

Bazar/Team9 Backdoor payload

Description Indicator Process Target
N/A N/A N/A N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\Downloads\MBSetup.exe N/A
File created C:\Windows\system32\DRIVERS\SET6E75.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET95D3.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET95D3.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\drivers\mbae64.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Windows\system32\DRIVERS\SET93BC.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\mwac.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET947A.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET93CD.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET93CD.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET947A.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\farflt.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET65D9.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\mbamswissarmy.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET6E75.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mbam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET65D9.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\MbamChameleon.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET93BC.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies RDP port number used by Windows

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMChameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\Downloads\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbshlext.dll" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\F: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\F: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\U: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\U: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\572BF21E454637C9F000BE1AF9B1E1A9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\572BF21E454637C9F000BE1AF9B1E1A9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Malwarebytes\Anti-Malware\mbae64.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MwacLib.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\needle.png C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Slider.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\BusyIndicator.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\MenuStyle.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\TabView.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\plugins.qmltypes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\WidgetFileDialog.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\HorizontalHeaderView.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\StackView.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\pkgvers.dat C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\ItemDelegate.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\qml\icons.ttf C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Extras\Private\PieMenuIcon.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\plugins.qmltypes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbae64.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-math-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\EditMenu.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\ScrollViewHelper.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\CircularButtonStyle.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\PieMenuStyle.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\GroupBox.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\Slider.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\languages\lang_en_GB.qm C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbamelam.cat C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-file-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\plugins.qmltypes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\arrow-up.png C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\Dial.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\TabBar.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\plugins.qmltypes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qmldir C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-string-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\ApplicationWindow.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\Tumbler.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\ScrollBar.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Extras\ToggleButton.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-heap-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-string-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\MenuContentScroller.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\[email protected] C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\SpinBox.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\WidgetColorDialog.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\db14be55d7db11ed8b1272edbb006969 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\GaugeStyle.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Desktop\MenuStyle.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\ToolSeparator.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\languages\lang_zh_TW.qm C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\ContentItem.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json.bak C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-time-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\sdk\mbam.tmf C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\AbstractButton.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\HorizontalHeaderView.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\ScanControllerImpl.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Qt5QuickControls2.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\ProgressBar.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\spinner_small.png C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Desktop\TabViewStyle.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\security\logs\scecomp.log C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = d42e80ebae45d901 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2351084352" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50dd7c8fe86bd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B71E688E-D7DB-11ED-9EF6-72EDBB006969} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000016b1b6fc7cfc59429b2ebf78760d5fe300000000020000000000106600000001000020000000e6f9e923b750ff98b1095c72ff253b0b141df78cc01d346bf5c00d7d86238cb0000000000e8000000002000020000000eabcc030f28e8a34ebbed8162860821c6832211fd38e57da47ac3545247652fd20000000e326881a264ed49e17f2895519a0564cf416a75f627c529127721eabc3eed52e40000000f4c71fc7f53cb211ca8ca354cefaa6caf739d240c9d11372c91ecf3c1e561c5c5510544314bbcde1291b2ad2ae57490fdb8564cb000fbae414c38d0ccf472877 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "387922395" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31026152" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\RepId C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2351064402" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31026152" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00f33ca5e86bd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\RepId\PublicId = "{E88E2E1E-8C28-4532-8EFA-F29595AE7C0F}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000016b1b6fc7cfc59429b2ebf78760d5fe300000000020000000000106600000001000020000000734d46929bdc0fd091231e2ee6567064355d1aa77cb81c0f4c8becc011afbe89000000000e80000000020000200000006a51b7868cd8625e603b0e52d0066bb36f00395df306932bd3a218ba74da6dfc20000000f89adf5fd8630146ec8ec77a5e2197c97866ecaa326cb6b341bb23adb3f7a4c440000000174e9491ee517d635b7bb221455d854b74ef69718af61b519b4f32b506f43fb15dafa492133315aa3c9c4fbfcc8a719abecee3de858ec7815d0d32d09d658161 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000016b1b6fc7cfc59429b2ebf78760d5fe3000000000200000000001066000000010000200000007dc8395b6347c07246943734c1cdd34e9fcd7365a8f51a8dc03e7c540d1b3263000000000e80000000020000200000009a7e53949533470df632dbf646fbc3e16ad7be595678ff316e7d786bdf57c8b2200000004e51b7876c88a189dbdbd245b43ff46ce8f49cfb925dd78c77430aa493b68cd240000000107f588562c755fb0ed7c7d7ae33b238ec2468d7b96cb70f1318c49dba77281e4e7afad70e171009de5d504267978ff6de30e56275e76182092cf0cb2968a53f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 704df9aae86bd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2370714519" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31026152" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000016b1b6fc7cfc59429b2ebf78760d5fe300000000020000000000106600000001000020000000367eab97d77c49cd0d56fc76390231105c393cc1679cb303cbbcb994182b1e08000000000e800000000200002000000072f2aa0b1c211a88fce2625f1775801acf934be0f9da53c921afbd8c1e84a8c620000000230bb30e4cfce8c9da92c5bdabd130dbef8206f0d48496722a8ec75189d6942940000000daea44136dc7b5d3697c62ccba101b99220fc6ffb185fbafc75cf15b427a5c7bca4b0a38845a589b50376757be759c88be8f59d702344e9dffa0364690db9f03 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7006988fe86bd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%SystemRoot%\System32\CertCA.dll,-304 = "Endorsement Key Trusted Root Certification Authorities" C:\Windows\system32\certutil.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%SystemRoot%\System32\SessEnv.dll,-101 = "Remote Desktop" C:\Windows\system32\certutil.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Windows\System32\AppxPackaging.dll,-1001 = "Trusted Packaged App Installation Authorities" C:\Windows\system32\certutil.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\MY C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes\FirstRun = "false" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8153C0A7-AC17-452A-9388-358F782478D4}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E41AC038-1688-417F-BE23-52D898B93903}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E3F0FEC-3E40-4137-8C7D-090AFA9B6C5E}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{44ACF635-5275-4730-95E5-03E4D192D8C8} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B9F73DD6-F2A4-40F8-9109-67F6BB8D3704} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6724C143-DE69-4A93-80ED-19B75DD2AA99}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4EA13DC-F9D2-4DB9-A19F-2B462FFC81F3}\ = "IUpdateController" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\Version\ = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DA5636E-CD8F-4F2D-9351-4270985E1EB3}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{04F8CDB5-1E26-491C-8602-D2ADE2D8E17A}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1691A7E8-B8D1-46D5-BB29-3A4DB2D809C6} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B9F73DD6-F2A4-40F8-9109-67F6BB8D3704}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E1BA0B73-14BD-4C9D-98CA-99355BD4EB24}\ = "_IAEControllerEventsV3" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8640989C-20B4-41BE-BFE1-218EF5B076A6} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E777BB2-8526-437A-BBE2-42647DE2EC86}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{90A62FAD-6FA9-4454-8CEE-7EDF67437226}\ = "IScannerEventsV2" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B38EDC4F-A2CD-4F76-8607-F123FE4031D5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9CFA1689-38D3-4AE9-B1E8-B039EB7AD988}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{96C7187E-6EC4-49BD-88C7-04A3A8A97CC5}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2846D47E-9B85-4836-B883-6A7B493E2D6A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DC2F8F62-D471-4AD5-B346-9F214FE941A7}\ = "IPoliciesControllerV2" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\Version\ = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7995CBA9-83E0-4F28-A50B-DFDE85EBCCD1}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9F0067A5-A8F1-46BF-AA32-F418656FDE6F}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3DCF0F42-EF8F-4450-BA68-42B61F594B2F}\TypeLib\ = "{226C1698-A075-4315-BB5D-9C164A96ACE7}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{72F290D5-789C-4D8A-9EBE-63ECEA150373}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6724C143-DE69-4A93-80ED-19B75DD2AA99}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5250E5C8-A09C-4F87-A0DA-A46A62A0EACF}\ = "IArwControllerV3" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9669A3D-81E8-46F6-A51E-815A0863D612}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\Version C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EAD7766B-F8F3-4944-AFE6-5D667E535709} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{983849D5-BFE9-43E9-A9A0-CBAFBC917F39}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{698A4513-65F0-46A3-9633-220A6E4D1D07}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{698A4513-65F0-46A3-9633-220A6E4D1D07}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{566DC5CA-A3C4-4959-AB92-37606E12AAFF}\TypeLib\ = "{59DBD1B8-A7BD-4322-998F-41B0D2516FA0}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{767D2042-D2F6-4BAA-B30E-00E0CD4015BD}\ = "IArwControllerV4" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2FB37514-21FA-4B2C-94DA-1562126E9F5F}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0468FE5A-FFDA-4F57-83F5-79116160E9B8}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{36F3C7D7-BCB1-4359-AB71-0CB816FE3D38}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5091804-600E-4226-BF28-80ABFDF4AFAB} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1691A7E8-B8D1-46D5-BB29-3A4DB2D809C6}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F12E228B-821D-4093-B2E0-7F3E169A925A}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4163399F-AB08-4E5E-BE28-6B9440393AD3}\ = "IMWACControllerV13" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B44D50B8-E459-4078-9249-3763459B2676}\TypeLib\ = "{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F927AD37-BA5F-4B86-AE22-FE2371B12955}\ = "_ILogControllerEntryEvents" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{115D004C-CC20-4945-BCC8-FE5043DD42D0} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EE77988C-B530-4686-8294-F7AB429DFD0C}\TypeLib\ = "{F5BCAC7E-75E7-4971-B3F3-B197A510F495}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AFC6D7FD-62B9-4016-9674-53BAC603E9FC}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5D448EF3-7261-4C0C-909C-6D56043C259D}\ = "IScanControllerV14" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8FEFED84-854E-4029-A986-1D7774D4CF7D}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A2C9E279-3E50-44F0-8C3B-606A303BA1D1}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\VersionIndependentProgID\ = "MB.CloudController" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\Programmable C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2058A31F-5F59-4452-9204-03F588252FFC}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{89AE2EF4-3346-47C7-9DCF-ED3264527FDE}\ = "IScanParameters" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE35F2CA-6335-49BA-8E86-F6E246CFCEA6}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E90361FE-F6B5-43E8-99F7-1BD40500981F}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAD7766B-F8F3-4944-AFE6-5D667E535709}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{46AEAC9A-C091-4B63-926C-37CFBD9D244F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0070F531-5D6B-4302-ACA0-6920E95D9A31}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{108E7F3D-FB06-4024-94FB-3B8E687587E4}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E149FEF9-F1DC-4894-8A8E-AA53F6807EFD}\ = "_ICleanControllerEventsV7" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3196 wrote to memory of 2716 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3196 wrote to memory of 2716 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3196 wrote to memory of 2716 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3608 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 4020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3608 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/Endermanch/MalwareDatabase

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3196 CREDAT:17410 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7b489758,0x7ffd7b489768,0x7ffd7b489778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3332 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4524 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5064 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5260 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3284 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5352 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5804 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5752 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6132 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5824 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5912 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6208 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:8

C:\Users\Admin\Downloads\MBSetup.exe

"C:\Users\Admin\Downloads\MBSetup.exe"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\certutil.exe

"C:\Windows\system32\certutil.exe" -f -addstore root "C:\Windows\TEMP\MBInstallTempdb14be57d7db11ed882072edbb006969\servicepkg\starfieldrootcag2_new.crt"

C:\Windows\system32\certutil.exe

"C:\Windows\system32\certutil.exe" -f -addstore root "C:\Windows\TEMP\MBInstallTempdb14be57d7db11ed882072edbb006969\servicepkg\msrootca2020.crt"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1828,i,5716870292372222747,10444627241322764918,131072 /prefetch:2

C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://links.malwarebytes.com/link/installed?prodVer=4.5.26.259&prodCode=MBAM-C&lang=en_US

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd616846f8,0x7ffd61684708,0x7ffd61684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1

C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x1bc,0x1c4,0x228,0x204,0x22c,0x7ff67c505460,0x7ff67c505470,0x7ff67c505480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x31c 0x2fc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-0.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-1.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-2.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-3.exe

ig.exe reseed

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3456 /prefetch:2

C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status on true /updatesubstatus none /scansubstatus none /settingssubstatus none

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd616846f8,0x7ffd61684708,0x7ffd61684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd616846f8,0x7ffd61684708,0x7ffd61684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7172 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd616846f8,0x7ffd61684708,0x7ffd61684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17004005573881671539,8132806359166865340,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd616846f8,0x7ffd61684708,0x7ffd61684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,53918255826442983,17360121921366507522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,53918255826442983,17360121921366507522,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,53918255826442983,17360121921366507522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,53918255826442983,17360121921366507522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,53918255826442983,17360121921366507522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,53918255826442983,17360121921366507522,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,53918255826442983,17360121921366507522,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,53918255826442983,17360121921366507522,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,53918255826442983,17360121921366507522,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,53918255826442983,17360121921366507522,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd616846f8,0x7ffd61684708,0x7ffd61684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,53918255826442983,17360121921366507522,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,53918255826442983,17360121921366507522,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd616846f8,0x7ffd61684708,0x7ffd61684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,5443120340611825906,10065382240090747657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,5443120340611825906,10065382240090747657,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,5443120340611825906,10065382240090747657,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5443120340611825906,10065382240090747657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5443120340611825906,10065382240090747657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5443120340611825906,10065382240090747657,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd616846f8,0x7ffd61684708,0x7ffd61684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6278193134351470620,8901848740973343042,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,6278193134351470620,8901848740973343042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,6278193134351470620,8901848740973343042,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3020 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6278193134351470620,8901848740973343042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6278193134351470620,8901848740973343042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6278193134351470620,8901848740973343042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd616846f8,0x7ffd61684708,0x7ffd61684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,12107088378411205576,11590870127727822769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,12107088378411205576,11590870127727822769,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,12107088378411205576,11590870127727822769,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12107088378411205576,11590870127727822769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12107088378411205576,11590870127727822769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12107088378411205576,11590870127727822769,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd616846f8,0x7ffd61684708,0x7ffd61684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd616846f8,0x7ffd61684708,0x7ffd61684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6452 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6452 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd616846f8,0x7ffd61684708,0x7ffd61684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14045131609587771007,6669162476483345771,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd616846f8,0x7ffd61684708,0x7ffd61684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,14921902066650654303,12499741359720138959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,14921902066650654303,12499741359720138959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,14921902066650654303,12499741359720138959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3016 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14921902066650654303,12499741359720138959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14921902066650654303,12499741359720138959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14921902066650654303,12499741359720138959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14921902066650654303,12499741359720138959,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd616846f8,0x7ffd61684708,0x7ffd61684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,677828491547473567,10959058471334490051,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,677828491547473567,10959058471334490051,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,677828491547473567,10959058471334490051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,677828491547473567,10959058471334490051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,677828491547473567,10959058471334490051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,677828491547473567,10959058471334490051,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,677828491547473567,10959058471334490051,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,677828491547473567,10959058471334490051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,677828491547473567,10959058471334490051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,677828491547473567,10959058471334490051,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,677828491547473567,10959058471334490051,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,677828491547473567,10959058471334490051,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,677828491547473567,10959058471334490051,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd616846f8,0x7ffd61684708,0x7ffd61684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,677828491547473567,10959058471334490051,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,677828491547473567,10959058471334490051,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd616846f8,0x7ffd61684708,0x7ffd61684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2154336479187310043,13711338874620170991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,2154336479187310043,13711338874620170991,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2154336479187310043,13711338874620170991,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2154336479187310043,13711338874620170991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2154336479187310043,13711338874620170991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2154336479187310043,13711338874620170991,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2154336479187310043,13711338874620170991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2154336479187310043,13711338874620170991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2154336479187310043,13711338874620170991,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2154336479187310043,13711338874620170991,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2154336479187310043,13711338874620170991,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2154336479187310043,13711338874620170991,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd616846f8,0x7ffd61684708,0x7ffd61684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2154336479187310043,13711338874620170991,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2154336479187310043,13711338874620170991,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd616846f8,0x7ffd61684708,0x7ffd61684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,18342552849147492615,4882856663817426587,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,18342552849147492615,4882856663817426587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,18342552849147492615,4882856663817426587,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,18342552849147492615,4882856663817426587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,18342552849147492615,4882856663817426587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,18342552849147492615,4882856663817426587,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffd616846f8,0x7ffd61684708,0x7ffd61684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,6817197199165067286,9341020112643613002,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,6817197199165067286,9341020112643613002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6817197199165067286,9341020112643613002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,6817197199165067286,9341020112643613002,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3032 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6817197199165067286,9341020112643613002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6817197199165067286,9341020112643613002,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,6817197199165067286,9341020112643613002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,6817197199165067286,9341020112643613002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6817197199165067286,9341020112643613002,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6817197199165067286,9341020112643613002,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6817197199165067286,9341020112643613002,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6817197199165067286,9341020112643613002,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd616846f8,0x7ffd61684708,0x7ffd61684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6817197199165067286,9341020112643613002,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,6817197199165067286,9341020112643613002,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
IN 20.207.73.82:443 github.com tcp
IN 20.207.73.82:443 github.com tcp
US 8.8.8.8:53 82.73.207.20.in-addr.arpa udp
US 8.8.8.8:53 assets.msn.com udp
NL 95.101.74.139:443 assets.msn.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 139.74.101.95.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
NL 172.217.168.206:443 apis.google.com tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
NL 172.217.168.206:443 apis.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
NL 142.250.179.206:443 play.google.com udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 194.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 try.malwarebytes.com udp
SG 54.254.43.115:443 try.malwarebytes.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.163:80 apps.identrust.com tcp
US 8.8.8.8:53 115.43.254.54.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 builder-assets.unbounce.com udp
US 8.8.8.8:53 code.jquery.com udp
US 69.16.175.42:443 code.jquery.com tcp
NL 13.227.219.58:443 builder-assets.unbounce.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 42.175.16.69.in-addr.arpa udp
US 8.8.8.8:53 58.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 67.211.227.13.in-addr.arpa udp
US 8.8.8.8:53 185c650ccfd84b27aad189f19681365b.js.ubembed.com udp
US 8.8.8.8:53 d34qb8suadcc4g.cloudfront.net udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 cdn.bizible.com udp
US 151.101.1.131:443 185c650ccfd84b27aad189f19681365b.js.ubembed.com tcp
US 8.8.8.8:53 static.hotjar.com udp
US 18.65.39.81:443 d34qb8suadcc4g.cloudfront.net tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 152.195.58.59:443 cdn.bizible.com tcp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 tag.demandbase.com udp
NL 52.222.139.53:443 static.hotjar.com tcp
DE 23.32.238.152:443 snap.licdn.com tcp
NL 13.227.219.12:443 tag.demandbase.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 script.hotjar.com udp
NL 13.227.219.120:443 script.hotjar.com tcp
US 8.8.8.8:53 www.redditstatic.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 munchkin.marketo.net udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 www.estore.malwarebytes.com udp
US 8.8.8.8:53 bat.bing.com udp
US 151.101.1.140:443 www.redditstatic.com tcp
US 8.8.8.8:53 scripts.demandbase.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 cdn.linkedin.oribi.io udp
US 104.16.122.175:443 unpkg.com tcp
US 8.8.8.8:53 www.malwarebytes.com udp
US 157.240.5.10:443 connect.facebook.net tcp
NL 23.206.91.189:443 munchkin.marketo.net tcp
US 204.79.197.200:443 bat.bing.com tcp
DE 13.32.27.65:443 scripts.demandbase.com tcp
US 8.8.8.8:53 fonts.ub-assets.com udp
NL 52.222.139.95:443 cdn.linkedin.oribi.io tcp
NL 13.227.219.74:443 www.malwarebytes.com tcp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 d9hhrg4mnvzow.cloudfront.net udp
NL 52.222.139.86:443 fonts.ub-assets.com tcp
NL 52.222.137.129:443 d9hhrg4mnvzow.cloudfront.net tcp
US 8.8.8.8:53 api.company-target.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 52.222.137.129:443 d9hhrg4mnvzow.cloudfront.net tcp
NL 13.227.219.127:443 api.company-target.com tcp
NL 52.222.137.129:443 d9hhrg4mnvzow.cloudfront.net tcp
NL 52.222.137.129:443 d9hhrg4mnvzow.cloudfront.net tcp
NL 142.250.102.157:443 stats.g.doubleclick.net tcp
NL 52.222.137.129:443 d9hhrg4mnvzow.cloudfront.net tcp
US 8.8.8.8:53 131.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 81.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 137.102.96.34.in-addr.arpa udp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 53.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 12.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 152.238.32.23.in-addr.arpa udp
US 8.8.8.8:53 59.58.195.152.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 120.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 175.122.16.104.in-addr.arpa udp
US 8.8.8.8:53 189.91.206.23.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 65.27.32.13.in-addr.arpa udp
NL 52.222.137.129:443 d9hhrg4mnvzow.cloudfront.net tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 95.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 74.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 86.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 129.137.222.52.in-addr.arpa udp
US 8.8.8.8:53 events.ub-analytics.com udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 alb.reddit.com udp
US 8.8.8.8:53 assets.ubembed.com udp
US 8.8.8.8:53 analytics.twitter.com udp
US 3.221.88.80:443 events.ub-analytics.com tcp
US 35.190.60.146:443 id.rlcdn.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 104.244.42.69:443 t.co tcp
NL 216.58.214.14:443 analytics.google.com tcp
US 151.101.1.140:443 alb.reddit.com tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 18.65.39.4:443 assets.ubembed.com tcp
GB 216.58.208.98:443 googleads.g.doubleclick.net tcp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 cdn.bizibly.com udp
US 157.240.5.10:443 connect.facebook.net udp
US 35.190.60.146:443 id.rlcdn.com udp
US 8.8.8.8:53 in.hotjar.com udp
IE 52.215.15.94:443 in.hotjar.com tcp
US 8.8.8.8:53 185c650ccfd84b27aad189f19681365b.pages.ubembed.com udp
SG 54.254.43.115:443 185c650ccfd84b27aad189f19681365b.pages.ubembed.com tcp
NL 52.222.139.86:443 fonts.ub-assets.com tcp
US 8.8.8.8:53 805-usg-300.mktoresp.com udp
US 8.8.8.8:53 segments.company-target.com udp
NL 13.227.219.119:443 segments.company-target.com tcp
US 192.28.144.124:443 805-usg-300.mktoresp.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
SG 54.254.43.115:443 185c650ccfd84b27aad189f19681365b.pages.ubembed.com tcp
US 8.8.8.8:53 127.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 157.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 195.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 98.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 94.15.215.52.in-addr.arpa udp
US 8.8.8.8:53 119.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 80.88.221.3.in-addr.arpa udp
NL 157.240.247.35:443 www.facebook.com udp
US 8.8.8.8:53 185c650ccfd84b27aad189f19681365b.events.ubembed.com udp
US 34.207.21.228:443 185c650ccfd84b27aad189f19681365b.events.ubembed.com tcp
US 8.8.8.8:53 200.232.18.117.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 124.144.28.192.in-addr.arpa udp
US 8.8.8.8:53 228.21.207.34.in-addr.arpa udp
SG 54.254.43.115:443 185c650ccfd84b27aad189f19681365b.pages.ubembed.com tcp
SG 54.254.43.115:443 185c650ccfd84b27aad189f19681365b.pages.ubembed.com tcp
GB 216.58.208.98:443 googleads.g.doubleclick.net udp
NL 216.58.214.14:443 analytics.google.com udp
US 8.8.8.8:53 genesis.malwarebytes.com udp
US 34.225.80.131:443 genesis.malwarebytes.com tcp
US 8.8.8.8:53 api.demandbase.com udp
NL 108.156.60.114:443 api.demandbase.com tcp
US 8.8.8.8:53 plausible.io udp
NL 84.17.46.54:443 plausible.io tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.19.188.97:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 131.80.225.34.in-addr.arpa udp
US 8.8.8.8:53 114.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 54.46.17.84.in-addr.arpa udp
NL 84.17.46.54:443 plausible.io tcp
US 104.19.188.97:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.144.98:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 www.estore.malwarebytes.com udp
US 8.8.8.8:53 97.188.19.104.in-addr.arpa udp
US 8.8.8.8:53 98.144.64.172.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.250.179.193:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 193.179.250.142.in-addr.arpa udp
NL 142.250.179.193:443 tpc.googlesyndication.com udp
NL 142.250.102.157:443 stats.g.doubleclick.net udp
IE 13.69.239.74:443 tcp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.248.5.254:80 tcp
US 8.248.5.254:80 tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 192.48.215.34.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 233.141.123.20.in-addr.arpa udp
US 8.8.8.8:53 ark.mwbsys.com udp
US 3.211.88.206:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
NL 52.222.139.63:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 206.88.211.3.in-addr.arpa udp
US 8.8.8.8:53 63.139.222.52.in-addr.arpa udp
US 3.211.88.206:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
NL 52.222.139.37:443 cdn.mwbsys.com tcp
US 3.211.88.206:443 ark.mwbsys.com tcp
US 8.8.8.8:53 37.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 cdn.mwbsys.com udp
NL 52.222.139.63:443 cdn.mwbsys.com tcp
US 8.248.5.254:80 tcp
US 3.211.88.206:443 ark.mwbsys.com tcp
US 8.8.8.8:53 udp
NL 52.222.139.14:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 14.139.222.52.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 204.79.197.203:80 api.msn.com tcp
IN 20.207.73.82:443 github.com tcp
IN 20.207.73.82:443 github.com tcp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 3.211.88.206:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
NL 52.222.139.16:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 16.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 iris.mwbsys.com udp
US 34.226.98.217:443 iris.mwbsys.com tcp
US 8.8.8.8:53 217.98.226.34.in-addr.arpa udp
US 8.8.8.8:53 keystone.mwbsys.com udp
US 3.221.126.239:443 keystone.mwbsys.com tcp
US 3.221.126.239:443 keystone.mwbsys.com tcp
US 8.8.8.8:53 239.126.221.3.in-addr.arpa udp
US 3.221.126.239:443 keystone.mwbsys.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 google.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 e2c16.gcp.gvt2.com udp
US 8.8.8.8:53 e2c6.gcp.gvt2.com udp
IN 34.93.91.7:443 e2c6.gcp.gvt2.com tcp
DE 34.89.141.94:443 e2c16.gcp.gvt2.com tcp
IN 34.93.91.7:443 e2c6.gcp.gvt2.com tcp
US 8.8.8.8:53 3.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 94.141.89.34.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 7.91.93.34.in-addr.arpa udp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 100.20.255.82:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 82.255.20.100.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 links.malwarebytes.com udp
NL 52.222.139.112:443 links.malwarebytes.com tcp
NL 52.222.139.112:443 links.malwarebytes.com tcp
US 8.8.8.8:53 www.malwarebytes.com udp
NL 142.251.36.46:443 clients2.google.com udp
DE 18.66.97.39:443 www.malwarebytes.com tcp
US 8.8.8.8:53 161.240.123.52.in-addr.arpa udp
US 8.8.8.8:53 112.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 39.97.66.18.in-addr.arpa udp
US 8.8.8.8:53 genesis.malwarebytes.com udp
US 34.193.143.115:443 genesis.malwarebytes.com tcp
US 8.8.8.8:53 115.143.193.34.in-addr.arpa udp
US 8.8.8.8:53 api.demandbase.com udp
NL 108.156.60.113:443 api.demandbase.com tcp
US 8.8.8.8:53 plausible.io udp
NL 84.17.46.53:443 plausible.io tcp
NL 84.17.46.53:443 plausible.io tcp
US 104.19.188.97:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 113.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 53.46.17.84.in-addr.arpa udp
US 8.8.8.8:53 36.249.124.192.in-addr.arpa udp
US 104.19.188.97:443 cdn.cookielaw.org tcp
US 172.64.144.98:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 versionhistory.googleapis.com udp
US 8.8.8.8:53 www.estore.malwarebytes.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 munchkin.marketo.net udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 scripts.demandbase.com udp
US 104.16.122.175:443 unpkg.com tcp
US 157.240.5.10:443 connect.facebook.net tcp
DE 23.32.238.144:443 snap.licdn.com tcp
US 204.79.197.200:443 bat.bing.com tcp
NL 23.206.91.189:443 munchkin.marketo.net tcp
NL 199.232.148.157:443 static.ads-twitter.com tcp
NL 13.227.219.93:443 scripts.demandbase.com tcp
NL 216.58.214.14:443 analytics.google.com tcp
NL 142.250.102.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 cdn.linkedin.oribi.io udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 analytics.twitter.com udp
GB 216.58.208.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 api.company-target.com udp
NL 142.250.102.157:443 stats.g.doubleclick.net tcp
US 104.244.42.5:443 t.co tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 192.28.144.124:443 805-usg-300.mktoresp.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
NL 52.222.139.92:443 cdn.linkedin.oribi.io tcp
US 35.190.60.146:443 id.rlcdn.com tcp
NL 13.227.219.102:443 api.company-target.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 144.238.32.23.in-addr.arpa udp
US 8.8.8.8:53 93.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 92.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 102.219.227.13.in-addr.arpa udp
US 54.161.206.128:443 iris.mwbsys.com tcp
US 8.8.8.8:53 links.malwarebytes.com udp
NL 52.222.139.26:443 links.malwarebytes.com tcp
US 8.8.8.8:53 128.206.161.54.in-addr.arpa udp
US 8.8.8.8:53 26.139.222.52.in-addr.arpa udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
NL 216.58.214.14:443 analytics.google.com udp
US 8.8.8.8:53 prod-www.malwarebytes.com udp
US 18.65.39.76:443 prod-www.malwarebytes.com tcp
US 8.8.8.8:53 76.39.65.18.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
NL 142.250.102.157:443 stats.g.doubleclick.net udp
NL 216.58.214.14:443 analytics.google.com udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 keystone.mwbsys.com udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 3.221.126.239:443 keystone.mwbsys.com tcp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.208.99:443 beacons3.gvt2.com tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp
GB 216.58.208.99:443 beacons3.gvt2.com udp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 3.227.148.26:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 99.208.58.216.in-addr.arpa udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 26.148.227.3.in-addr.arpa udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 crl.comodoca.com udp
US 104.18.32.68:80 crl.comodoca.com tcp
US 8.8.8.8:53 www.microsoft.com udp
NL 173.223.113.131:80 www.microsoft.com tcp
US 8.8.8.8:53 68.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 188.155.64.172.in-addr.arpa udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 links.malwarebytes.com udp
NL 52.222.139.112:443 links.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
NL 52.222.139.112:443 links.malwarebytes.com tcp
US 8.8.8.8:53 blog.malwarebytes.com udp
NL 13.227.219.74:443 blog.malwarebytes.com tcp
US 8.8.8.8:53 www.malwarebytes.com udp
NL 13.227.219.93:443 www.malwarebytes.com tcp
NL 13.227.219.93:443 www.malwarebytes.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 9.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 76.38.195.152.in-addr.arpa udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
GB 216.58.208.99:443 beacons3.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 3.227.148.26:443 sirius.mwbsys.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 versionhistory.googleapis.com udp
US 8.8.8.8:53 90.38.199.152.in-addr.arpa udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 motherboard.vice.com udp
US 151.101.1.132:80 motherboard.vice.com tcp
US 151.101.1.132:80 motherboard.vice.com tcp
US 8.8.8.8:53 132.1.101.151.in-addr.arpa udp
US 151.101.1.132:443 motherboard.vice.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 8.8.8.8:53 www.vice.com udp
US 8.8.8.8:53 vice-web-statics-cdn.vice.com udp
US 8.8.8.8:53 native.sharethrough.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 151.101.1.132:443 vice-web-statics-cdn.vice.com tcp
US 151.101.1.132:443 vice-web-statics-cdn.vice.com tcp
US 151.101.1.132:443 vice-web-statics-cdn.vice.com tcp
NL 108.156.60.9:443 native.sharethrough.com tcp
US 8.8.8.8:53 vice-dev-web-statics-cdn.vice.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 74.119.119.139:443 gum.criteo.com tcp
US 8.8.8.8:53 sourcepoint.mgr.consensu.org udp
US 54.186.166.15:443 api.amplitude.com tcp
US 18.65.39.68:443 sourcepoint.mgr.consensu.org tcp
US 8.8.8.8:53 images.vice.com udp
US 8.8.8.8:53 oembed.vice.com udp
US 8.8.8.8:53 video-images.vice.com udp
US 151.101.1.132:443 video-images.vice.com tcp
US 8.8.8.8:53 9.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 139.119.119.74.in-addr.arpa udp
US 8.8.8.8:53 15.166.186.54.in-addr.arpa udp
US 8.8.8.8:53 68.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 tags.remixd.com udp
NL 108.156.60.124:443 tags.remixd.com tcp
US 8.8.8.8:53 124.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 www.npttech.com udp
US 8.8.8.8:53 cdn.segment.com udp
US 172.64.171.32:443 www.npttech.com tcp
NL 13.227.222.191:443 cdn.segment.com tcp
NL 13.227.222.191:443 cdn.segment.com tcp
US 8.8.8.8:53 pubcast-files.remixd.com udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
NL 13.227.222.191:443 cdn.segment.com tcp
US 8.8.8.8:53 32.171.64.172.in-addr.arpa udp
US 8.8.8.8:53 191.222.227.13.in-addr.arpa udp
US 35.190.38.143:443 pubcast-files.remixd.com tcp
US 35.190.38.143:443 pubcast-files.remixd.com tcp
US 8.8.8.8:53 vmg-useast.gscontxt.net udp
US 8.8.8.8:53 gdpr-tcfv2.sp-prod.net udp
US 8.8.8.8:53 ccpa.sp-prod.net udp
US 8.8.8.8:53 widgets.outbrain.com udp
GB 96.16.109.182:443 widgets.outbrain.com tcp
US 129.158.208.173:443 vmg-useast.gscontxt.net tcp
NL 108.156.60.7:443 gdpr-tcfv2.sp-prod.net tcp
US 18.65.39.94:443 ccpa.sp-prod.net tcp
US 129.158.208.173:443 vmg-useast.gscontxt.net tcp
NL 108.156.60.7:443 gdpr-tcfv2.sp-prod.net tcp
US 18.65.39.94:443 ccpa.sp-prod.net tcp
US 8.8.8.8:53 143.38.190.35.in-addr.arpa udp
US 8.8.8.8:53 182.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 94.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 7.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 173.208.158.129.in-addr.arpa udp
US 8.8.8.8:53 api.tenmges.vice.com udp
US 54.190.107.168:443 api.tenmges.vice.com tcp
US 54.190.107.168:443 api.tenmges.vice.com tcp
US 54.190.107.168:443 api.tenmges.vice.com tcp
US 8.8.8.8:53 168.107.190.54.in-addr.arpa udp
NL 216.58.214.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 connect.facebook.net udp
NL 108.156.60.124:443 tags.remixd.com tcp
US 8.8.8.8:53 analytics.tiktok.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 ak.sail-horizon.com udp
US 8.8.8.8:53 sdk.snapkit.com udp
US 8.8.8.8:53 tag.aticdn.net udp
NL 157.240.247.8:443 connect.facebook.net tcp
US 8.8.8.8:53 sc-static.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
NL 108.156.60.40:443 ak.sail-horizon.com tcp
NL 108.156.60.120:443 sdk.snapkit.com tcp
NL 95.101.74.147:443 analytics.tiktok.com tcp
NL 54.192.87.248:443 sc-static.net tcp
NL 95.101.74.147:443 analytics.tiktok.com tcp
NL 199.232.148.157:443 static.ads-twitter.com tcp
NL 108.156.60.40:443 ak.sail-horizon.com tcp
NL 108.156.60.120:443 sdk.snapkit.com tcp
NL 54.192.87.248:443 sc-static.net tcp
NL 52.222.139.23:443 tag.aticdn.net tcp
NL 108.156.60.50:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 static.chartbeat.com udp
US 8.8.8.8:53 sourcepoint.vice.com udp
US 8.8.8.8:53 tag.durationmedia.net udp
US 8.8.8.8:53 s.skimresources.com udp
US 8.8.8.8:53 cdn-magiclinks.trackonomics.net udp
US 8.8.8.8:53 widget-pixels.outbrain.com udp
US 8.8.8.8:53 mv.outbrain.com udp
US 151.139.128.10:443 s.skimresources.com tcp
US 151.139.128.10:443 s.skimresources.com tcp
US 54.190.107.168:443 api.tenmges.vice.com tcp
DE 13.32.121.125:443 cdn-magiclinks.trackonomics.net tcp
GB 96.16.109.182:443 widget-pixels.outbrain.com tcp
NL 199.232.150.132:443 mv.outbrain.com tcp
NL 108.156.60.121:443 sourcepoint.vice.com tcp
NL 108.156.60.121:443 sourcepoint.vice.com tcp
NL 108.156.63.44:443 static.chartbeat.com tcp
NL 52.222.139.38:443 tag.durationmedia.net tcp
US 8.8.8.8:53 8.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 120.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 40.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 147.74.101.95.in-addr.arpa udp
US 8.8.8.8:53 248.87.192.54.in-addr.arpa udp
US 8.8.8.8:53 23.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 50.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 10.128.139.151.in-addr.arpa udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 tr.snapchat.com udp
US 8.8.8.8:53 121.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 44.63.156.108.in-addr.arpa udp
US 8.8.8.8:53 38.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 125.121.32.13.in-addr.arpa udp
US 8.8.8.8:53 132.150.232.199.in-addr.arpa udp
US 35.190.43.134:443 tr.snapchat.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 cdn.confiant-integrations.net udp
US 8.8.8.8:53 z.moatads.com udp
US 8.8.8.8:53 experience.tinypass.com udp
US 8.8.8.8:53 d2zue0pgsssbc6.cloudfront.net udp
US 8.8.8.8:53 htlbid.com udp
US 8.8.8.8:53 cdn.jwplayer.com udp
US 35.190.43.134:443 tr.snapchat.com udp
NL 52.222.139.103:443 htlbid.com tcp
US 8.8.8.8:53 cdn.privacy-mgmt.com udp
NL 52.222.137.9:443 d2zue0pgsssbc6.cloudfront.net tcp
US 35.190.43.134:443 tr.snapchat.com udp
US 8.8.8.8:53 api.snapkit.com udp
US 104.18.34.10:443 cdn.confiant-integrations.net tcp
US 8.8.8.8:53 t.co udp
US 104.17.184.177:443 experience.tinypass.com tcp
US 18.65.39.128:443 cdn.jwplayer.com tcp
NL 108.156.60.66:443 cdn.privacy-mgmt.com tcp
US 104.18.34.10:443 cdn.confiant-integrations.net tcp
US 104.17.184.177:443 experience.tinypass.com tcp
US 18.65.39.128:443 cdn.jwplayer.com tcp
US 104.244.42.133:443 t.co tcp
GB 96.16.109.251:443 z.moatads.com tcp
GB 96.16.109.251:443 z.moatads.com tcp
US 8.8.8.8:53 analytics.twitter.com udp
US 35.190.43.134:443 api.snapkit.com tcp
US 35.190.43.134:443 api.snapkit.com tcp
US 8.8.8.8:53 134.43.190.35.in-addr.arpa udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 35.190.43.134:443 api.snapkit.com udp
US 104.244.42.3:443 analytics.twitter.com tcp
US 104.244.42.3:443 analytics.twitter.com tcp
US 8.8.8.8:53 pixel.tapad.com udp
US 34.111.113.62:443 pixel.tapad.com tcp
US 8.8.8.8:53 ccpa-service.sp-prod.net udp
US 18.210.236.91:443 ccpa-service.sp-prod.net tcp
US 8.8.8.8:53 ping.chartbeat.net udp
US 54.196.13.201:443 ping.chartbeat.net tcp
US 8.8.8.8:53 api.sail-personalize.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 54.196.13.201:443 ping.chartbeat.net tcp
NL 52.222.141.178:443 logws1330.ati-host.net tcp
NL 142.250.102.157:443 stats.g.doubleclick.net udp
US 99.83.154.140:443 api.sail-personalize.com tcp
US 8.8.8.8:53 t.skimresources.com udp
US 8.8.8.8:53 p.skimresources.com udp
US 34.111.113.62:443 pixel.tapad.com udp
US 99.83.154.140:443 api.sail-personalize.com tcp
US 35.201.67.47:443 t.skimresources.com tcp
US 8.8.8.8:53 9.137.222.52.in-addr.arpa udp
US 8.8.8.8:53 103.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 10.34.18.104.in-addr.arpa udp
US 8.8.8.8:53 177.184.17.104.in-addr.arpa udp
US 8.8.8.8:53 128.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 66.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 133.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 251.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 3.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 62.113.111.34.in-addr.arpa udp
US 35.190.91.160:443 p.skimresources.com tcp
US 35.190.91.160:443 p.skimresources.com tcp
US 8.8.8.8:53 r.skimresources.com udp
US 35.190.59.101:443 r.skimresources.com tcp
US 8.8.8.8:53 mcdp-nydc1.outbrain.com udp
US 8.8.8.8:53 be.durationmedia.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 64.202.112.95:443 mcdp-nydc1.outbrain.com tcp
NL 142.250.179.198:443 static.doubleclick.net tcp
US 3.216.217.223:443 be.durationmedia.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.250.179.193:443 yt3.ggpht.com tcp
NL 142.251.39.106:443 jnn-pa.googleapis.com tcp
US 104.18.34.10:443 cdn.confiant-integrations.net udp
US 8.8.8.8:53 91.236.210.18.in-addr.arpa udp
US 8.8.8.8:53 201.13.196.54.in-addr.arpa udp
US 8.8.8.8:53 178.141.222.52.in-addr.arpa udp
US 8.8.8.8:53 47.67.201.35.in-addr.arpa udp
US 8.8.8.8:53 140.154.83.99.in-addr.arpa udp
US 8.8.8.8:53 160.91.190.35.in-addr.arpa udp
US 8.8.8.8:53 101.59.190.35.in-addr.arpa udp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 142.251.39.106:443 jnn-pa.googleapis.com udp
NL 52.222.137.9:443 d2zue0pgsssbc6.cloudfront.net tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 player-files.remixd.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 198.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.112.202.64.in-addr.arpa udp
US 8.8.8.8:53 106.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 223.217.216.3.in-addr.arpa udp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 35.190.38.143:443 player-files.remixd.com tcp
US 35.190.38.143:443 player-files.remixd.com tcp
US 35.190.38.143:443 player-files.remixd.com tcp
US 35.190.38.143:443 player-files.remixd.com tcp
US 8.8.8.8:53 cdn.tinypass.com udp
US 64.202.112.95:443 mcdp-nydc1.outbrain.com tcp
US 8.8.8.8:53 mb.moatads.com udp
US 8.8.8.8:53 geo.moatads.com udp
SG 13.229.6.132:443 geo.moatads.com tcp
SG 54.255.135.162:443 geo.moatads.com tcp
US 8.8.8.8:53 d3oodlxb1rw3kg.cloudfront.net udp
US 8.8.8.8:53 trx-hub.com udp
US 8.8.8.8:53 images.outbrainimg.com udp
GB 23.44.233.179:443 images.outbrainimg.com tcp
GB 23.44.233.179:443 images.outbrainimg.com tcp
GB 23.44.233.179:443 images.outbrainimg.com tcp
GB 23.44.233.179:443 images.outbrainimg.com tcp
GB 23.44.233.179:443 images.outbrainimg.com tcp
GB 23.44.233.179:443 images.outbrainimg.com tcp
NL 13.227.211.9:443 d3oodlxb1rw3kg.cloudfront.net tcp
NL 52.222.139.59:443 trx-hub.com tcp
US 35.201.67.47:443 t.skimresources.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 660e8c3f97cb1aaecda7f203cf0906bc.safeframe.googlesyndication.com udp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
US 8.8.8.8:53 132.6.229.13.in-addr.arpa udp
US 8.8.8.8:53 162.135.255.54.in-addr.arpa udp
US 8.8.8.8:53 179.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 9.211.227.13.in-addr.arpa udp
US 8.8.8.8:53 59.139.222.52.in-addr.arpa udp
NL 142.250.179.161:443 660e8c3f97cb1aaecda7f203cf0906bc.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 www.google.co.ck udp
NL 142.250.179.195:80 www.google.co.ck tcp
US 8.8.8.8:53 161.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 c2.piano.io udp
US 104.16.240.21:443 c2.piano.io tcp
US 8.8.8.8:53 21.240.16.104.in-addr.arpa udp
GB 23.44.233.179:443 images.outbrainimg.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
GB 96.16.109.182:443 widget-pixels.outbrain.com tcp
US 8.8.8.8:53 cdn.cxense.com udp
US 8.8.8.8:53 ams-pageview-public.s3.amazonaws.com udp
US 52.216.56.177:443 ams-pageview-public.s3.amazonaws.com tcp
NL 52.222.136.109:443 c.amazon-adsystem.com tcp
NL 23.222.46.90:443 cdn.cxense.com tcp
US 8.8.8.8:53 static-42andpark-com.s3-us-west-2.amazonaws.com udp
GB 96.16.109.9:443 ads.pubmatic.com tcp
US 52.216.56.177:443 ams-pageview-public.s3.amazonaws.com tcp
US 52.218.196.9:443 static-42andpark-com.s3-us-west-2.amazonaws.com tcp
US 52.218.196.9:443 static-42andpark-com.s3-us-west-2.amazonaws.com tcp
US 8.8.8.8:53 109.136.222.52.in-addr.arpa udp
US 8.8.8.8:53 90.46.222.23.in-addr.arpa udp
US 8.8.8.8:53 9.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 177.56.216.52.in-addr.arpa udp
US 8.8.8.8:53 9.196.218.52.in-addr.arpa udp
US 54.196.13.201:443 ping.chartbeat.net tcp
US 8.8.8.8:53 lexicon.33across.com udp
US 74.119.119.139:443 gum.criteo.com tcp
US 35.244.193.51:443 lexicon.33across.com tcp
US 8.8.8.8:53 static.noeyeon.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 t.pubmatic.com udp
DE 162.19.138.119:443 id5-sync.com tcp
US 100.20.194.108:443 static.noeyeon.com tcp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 match.adsrvr.org udp
SG 18.141.82.33:443 id.crwdcntrl.net tcp
US 34.120.155.137:443 api.rlcdn.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
SG 67.199.150.80:443 t.pubmatic.com tcp
US 8.8.8.8:53 buy.tinypass.com udp
US 35.244.193.51:443 lexicon.33across.com udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 119.138.19.162.in-addr.arpa udp
US 104.17.182.177:443 buy.tinypass.com tcp
US 104.17.182.177:443 buy.tinypass.com tcp
US 8.8.8.8:53 137.155.120.34.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 108.194.20.100.in-addr.arpa udp
US 8.8.8.8:53 33.82.141.18.in-addr.arpa udp
US 8.8.8.8:53 80.150.199.67.in-addr.arpa udp
US 8.8.8.8:53 177.182.17.104.in-addr.arpa udp
NL 108.156.60.9:443 native.sharethrough.com tcp
US 54.186.166.15:443 api.amplitude.com tcp
US 18.65.39.68:443 sourcepoint.mgr.consensu.org tcp
US 74.119.119.139:443 gum.criteo.com tcp
US 8.8.8.8:53 vice-dev-web-statics-cdn.vice.com udp
US 8.8.8.8:53 widgetmonitor.outbrain.com udp
US 8.8.8.8:53 p1cluster.cxense.com udp
NL 147.75.83.64:443 p1cluster.cxense.com tcp
US 50.31.142.127:443 widgetmonitor.outbrain.com tcp
US 8.8.8.8:53 motherboard-images.vice.com udp
NL 108.156.60.124:443 tags.remixd.com tcp
NL 13.227.222.191:443 cdn.segment.com tcp
US 129.158.208.173:443 vmg-useast.gscontxt.net tcp
NL 108.156.60.7:443 gdpr-tcfv2.sp-prod.net tcp
US 18.65.39.94:443 ccpa.sp-prod.net tcp
US 8.8.8.8:53 64.83.75.147.in-addr.arpa udp
US 8.8.8.8:53 127.142.31.50.in-addr.arpa udp
US 35.190.38.143:443 player-files.remixd.com udp
NL 13.227.222.191:443 cdn.segment.com tcp
NL 108.156.60.121:443 sourcepoint.vice.com tcp
US 8.8.8.8:53 btloader.com udp
US 104.26.6.139:443 btloader.com tcp
US 104.17.184.177:443 buy.tinypass.com udp
NL 52.222.139.103:443 htlbid.com tcp
NL 199.232.150.132:443 mv.outbrain.com tcp
US 8.8.8.8:53 139.6.26.104.in-addr.arpa udp
NL 157.240.247.8:443 connect.facebook.net tcp
NL 95.101.74.147:443 analytics.tiktok.com tcp
US 151.139.128.10:443 s.skimresources.com tcp
NL 199.232.148.157:443 static.ads-twitter.com tcp
NL 108.156.60.40:443 ak.sail-horizon.com tcp
NL 108.156.60.120:443 sdk.snapkit.com tcp
NL 52.222.139.23:443 tag.aticdn.net tcp
NL 54.192.87.248:443 sc-static.net tcp
NL 108.156.60.50:443 sb.scorecardresearch.com tcp
NL 52.222.139.38:443 tag.durationmedia.net tcp
NL 108.156.60.66:443 cdn.privacy-mgmt.com tcp
US 18.210.236.91:443 ccpa-service.sp-prod.net tcp
US 54.190.107.168:443 api.tenmges.vice.com tcp
US 54.190.107.168:443 api.tenmges.vice.com tcp
US 54.190.107.168:443 api.tenmges.vice.com tcp
US 54.190.107.168:443 api.tenmges.vice.com tcp
US 54.190.107.168:443 api.tenmges.vice.com tcp
US 8.8.8.8:53 sentryio.vice.com udp
US 34.238.206.112:443 sentryio.vice.com tcp
US 8.8.8.8:53 112.206.238.34.in-addr.arpa udp
US 8.8.8.8:53 ad-delivery.net udp
US 64.202.112.95:443 mcdp-nydc1.outbrain.com tcp
SG 13.229.6.132:443 geo.moatads.com tcp
SG 54.255.135.162:443 geo.moatads.com tcp
US 54.196.13.201:443 ping.chartbeat.net tcp
US 52.216.56.177:443 ams-pageview-public.s3.amazonaws.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
NL 108.156.60.124:443 tags.remixd.com tcp
NL 52.222.137.9:443 d2zue0pgsssbc6.cloudfront.net tcp
GB 96.16.109.251:443 z.moatads.com tcp
NL 52.222.136.109:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 102.39.251.142.in-addr.arpa udp
NL 108.156.60.66:443 cdn.privacy-mgmt.com tcp
US 104.244.42.133:443 t.co tcp
US 104.244.42.3:443 analytics.twitter.com tcp
NL 13.227.211.9:443 d3oodlxb1rw3kg.cloudfront.net tcp
US 8.8.8.8:53 api.btloader.com udp
GB 96.16.109.182:443 widget-pixels.outbrain.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
NL 108.156.60.50:443 sb.scorecardresearch.com tcp
US 50.31.142.127:443 widgetmonitor.outbrain.com tcp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
NL 95.101.74.147:443 analytics.tiktok.com tcp
NL 52.222.141.178:443 logws1330.ati-host.net tcp
US 99.83.154.140:443 api.sail-personalize.com tcp
US 104.16.240.21:443 c2.piano.io udp
US 74.119.119.139:443 gum.criteo.com tcp
DE 162.19.138.119:443 id5-sync.com tcp
SG 18.141.82.33:443 id.crwdcntrl.net tcp
US 52.223.40.198:443 match.adsrvr.org tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 23.222.46.90:443 cdn.cxense.com tcp
US 35.190.91.160:443 p.skimresources.com udp
US 35.190.59.101:443 r.skimresources.com udp
US 3.216.217.223:443 be.durationmedia.net tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
NL 52.222.139.59:443 trx-hub.com tcp
US 8.8.8.8:53 dnacdn.net udp
SG 182.161.73.136:443 dnacdn.net tcp
SG 182.161.73.136:443 dnacdn.net tcp
US 100.20.194.108:443 static.noeyeon.com tcp
US 8.8.8.8:53 comcluster.cxense.com udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
JP 147.75.95.77:443 comcluster.cxense.com tcp
US 8.8.8.8:53 136.73.161.182.in-addr.arpa udp
US 8.8.8.8:53 77.95.75.147.in-addr.arpa udp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
US 8.8.8.8:53 px.moatads.com udp
GB 96.16.109.251:443 px.moatads.com tcp
US 8.8.8.8:53 id.google.co.ck udp
NL 142.251.36.35:443 id.google.co.ck tcp
NL 142.251.36.35:443 id.google.co.ck tcp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
NL 142.250.179.182:443 i.ytimg.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
US 8.8.8.8:53 apis.google.com udp
NL 172.217.168.206:443 apis.google.com tcp
NL 142.250.179.206:443 play.google.com udp
GB 96.16.109.251:443 px.moatads.com tcp
US 54.196.13.201:443 ping.chartbeat.net tcp
US 8.8.8.8:53 202.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 firebaseremoteconfig.googleapis.com udp
NL 142.251.36.10:443 firebaseremoteconfig.googleapis.com tcp
NL 142.251.36.10:443 firebaseremoteconfig.googleapis.com udp
US 8.8.8.8:53 10.36.251.142.in-addr.arpa udp
NL 142.250.102.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 8.8.8.8:53 bat.bing.com udp
US 216.239.36.181:443 analytics.google.com udp
NL 142.250.102.157:443 stats.g.doubleclick.net tcp
US 204.79.197.200:443 bat.bing.com tcp
US 216.239.36.181:443 analytics.google.com tcp
US 104.18.43.158:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 181.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 158.43.18.104.in-addr.arpa udp
US 8.8.8.8:53 answers.microsoft.com udp
NL 23.0.213.225:80 answers.microsoft.com tcp
NL 23.0.213.225:80 answers.microsoft.com tcp
NL 23.0.213.225:443 answers.microsoft.com tcp
US 8.8.8.8:53 225.213.0.23.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.4:443 login.microsoftonline.com tcp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 13.107.237.68:443 aadcdn.msauth.net tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 68.237.107.13.in-addr.arpa udp
US 8.8.8.8:53 143.145.190.20.in-addr.arpa udp
IE 20.190.159.4:443 login.microsoftonline.com tcp
US 8.8.8.8:53 identity.nel.measure.office.net udp
NL 23.72.252.160:443 identity.nel.measure.office.net tcp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 142.251.36.35:443 id.google.co.ck udp
US 8.8.8.8:53 hubble.mb-cosmos.com udp
NL 52.222.139.35:443 hubble.mb-cosmos.com tcp
US 8.8.8.8:53 35.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 ocsp.thawte.com udp
US 152.199.19.74:80 ocsp.thawte.com tcp
US 8.8.8.8:53 crl.thawte.com udp
US 152.195.38.76:80 crl.thawte.com tcp
US 152.199.19.74:80 ocsp.thawte.com tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 142.250.179.195:80 www.google.co.ck tcp
US 152.195.38.76:80 crl.thawte.com tcp
NL 142.250.179.182:443 i.ytimg.com udp
NL 142.250.179.206:443 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
NL 142.250.179.206:443 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
NL 142.250.179.130:443 adservice.google.co.ck tcp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 142.250.179.195:80 www.google.co.ck tcp
NL 142.250.179.206:443 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
NL 142.250.179.206:443 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 142.250.179.195:80 www.google.co.ck tcp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 142.250.179.206:443 play.google.com tcp
NL 142.250.179.206:443 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
US 8.8.8.8:53 evcs-ocsp.ws.symantec.com udp
US 152.199.38.90:80 evcs-ocsp.ws.symantec.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 softonic.com udp
US 35.227.233.104:80 softonic.com tcp
US 35.227.233.104:80 softonic.com tcp
US 35.227.233.104:443 softonic.com tcp
US 8.8.8.8:53 104.233.227.35.in-addr.arpa udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 www.softonic.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 sc.sftcdn.net udp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
NL 23.222.47.122:443 images.sftcdn.net tcp
US 8.8.8.8:53 static.criteo.net udp
DE 108.138.1.25:443 c.amazon-adsystem.com tcp
DE 108.138.1.25:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 amplify.outbrain.com udp
NL 23.222.47.122:443 images.sftcdn.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
GB 96.16.109.182:443 amplify.outbrain.com tcp
US 151.101.1.91:443 sc.sftcdn.net udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 122.47.222.23.in-addr.arpa udp
US 8.8.8.8:53 25.1.138.108.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 74.119.119.139:443 gum.criteo.com tcp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 tr.outbrain.com udp
DE 18.66.97.10:443 static.hotjar.com tcp
US 38.133.127.127:443 tr.outbrain.com tcp
US 38.133.127.127:443 tr.outbrain.com tcp
US 151.101.1.91:443 sc.sftcdn.net udp
US 8.8.8.8:53 c.aaxads.com udp
US 8.8.8.8:53 10.97.66.18.in-addr.arpa udp
US 8.8.8.8:53 127.127.133.38.in-addr.arpa udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 c2shb.pubgw.yahoo.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 104.22.55.232:443 c.aaxads.com tcp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 htlb.casalemedia.com udp
NL 185.89.210.212:443 ib.adnxs.com tcp
US 34.107.148.139:443 prebid.media.net tcp
SG 103.231.98.193:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
SG 13.250.192.86:443 c2shb.pubgw.yahoo.com tcp
SG 13.250.192.86:443 c2shb.pubgw.yahoo.com tcp
SG 13.250.192.86:443 c2shb.pubgw.yahoo.com tcp
US 8.8.8.8:53 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 104.18.24.185:443 htlb.casalemedia.com tcp
DE 18.66.97.53:443 static.hotjar.com tcp
DE 69.173.144.140:443 fastlane.rubiconproject.com tcp
DE 52.222.213.130:443 aax.amazon-adsystem.com tcp
US 34.194.192.152:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 static.site24x7rum.eu udp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.8.8:53 qsearch-a.akamaihd.net udp
NL 13.227.219.46:443 static.site24x7rum.eu tcp
NL 13.227.219.120:443 script.hotjar.com tcp
US 216.239.36.181:443 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 23.72.252.129:443 qsearch-a.akamaihd.net tcp
SG 13.250.192.86:443 c2shb.pubgw.yahoo.com tcp
NL 142.250.102.155:443 stats.g.doubleclick.net udp
US 216.239.36.181:443 analytics.google.com tcp
US 104.26.6.139:443 btloader.com tcp
NL 142.250.102.155:443 stats.g.doubleclick.net tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 ampcid.google.com udp
NL 172.217.168.238:443 ampcid.google.com tcp
US 8.8.8.8:53 rp.liadm.com udp
US 104.26.3.70:443 ad-delivery.net tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 3.232.126.128:443 rp.liadm.com tcp
US 8.8.8.8:53 notix.io udp
IE 52.94.222.140:443 aax-eu.amazon-adsystem.com tcp
NL 139.45.240.92:443 notix.io tcp
US 130.211.23.194:443 api.btloader.com udp
NL 139.45.240.92:443 notix.io tcp
US 52.205.24.151:443 idx.liadm.com tcp
US 8.8.8.8:53 232.55.22.104.in-addr.arpa udp
US 8.8.8.8:53 212.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 139.148.107.34.in-addr.arpa udp
US 8.8.8.8:53 185.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 53.97.66.18.in-addr.arpa udp
US 8.8.8.8:53 130.213.222.52.in-addr.arpa udp
US 8.8.8.8:53 140.144.173.69.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 152.192.194.34.in-addr.arpa udp
US 8.8.8.8:53 46.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 86.192.250.13.in-addr.arpa udp
US 8.8.8.8:53 129.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 193.98.231.103.in-addr.arpa udp
US 8.8.8.8:53 155.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 92.240.45.139.in-addr.arpa udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 140.222.94.52.in-addr.arpa udp
US 8.8.8.8:53 52.212.199.91.in-addr.arpa udp
US 8.8.8.8:53 128.126.232.3.in-addr.arpa udp
US 8.8.8.8:53 i.liadm.com udp
US 52.203.43.195:443 i.liadm.com tcp
SG 182.161.73.136:443 dnacdn.net tcp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
SG 116.213.23.49:443 ag.gbc.criteo.com tcp
SG 116.213.23.91:443 gem.gbc.criteo.com tcp
SG 182.161.73.136:443 dnacdn.net tcp
SG 116.213.23.49:443 ag.gbc.criteo.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
SG 116.213.23.91:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 x.dlx.addthis.com udp
US 8.8.8.8:53 trc.taboola.com udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 mid.rkdms.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 151.101.1.44:443 trc.taboola.com tcp
IE 54.154.169.168:443 dpm.demdex.net tcp
NL 98.98.134.242:443 pixel-sync.sitescout.com tcp
NL 173.223.113.181:443 x.dlx.addthis.com tcp
US 8.8.8.8:53 b1sync.zemanta.com tcp
US 34.232.18.154:443 mid.rkdms.com tcp
US 64.202.112.31:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 151.24.205.52.in-addr.arpa udp
US 8.8.8.8:53 195.43.203.52.in-addr.arpa udp
US 8.8.8.8:53 49.23.213.116.in-addr.arpa udp
US 8.8.8.8:53 91.23.213.116.in-addr.arpa udp
US 8.8.8.8:53 44.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 242.134.98.98.in-addr.arpa udp
US 8.8.8.8:53 181.113.223.173.in-addr.arpa udp
US 8.8.8.8:53 168.169.154.54.in-addr.arpa udp
US 8.8.8.8:53 stags.bluekai.com udp
US 8.8.8.8:53 x.bidswitch.net udp
JP 35.213.12.39:443 x.bidswitch.net tcp
US 8.8.8.8:53 sslwidget.criteo.com udp
NL 178.250.1.9:443 sslwidget.criteo.com tcp
JP 35.213.12.39:443 x.bidswitch.net tcp
US 8.8.8.8:53 widget.us.criteo.com udp
US 74.119.119.150:443 widget.us.criteo.com tcp
US 8.8.8.8:53 154.18.232.34.in-addr.arpa udp
US 8.8.8.8:53 31.112.202.64.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 150.119.119.74.in-addr.arpa udp
US 8.8.8.8:53 39.12.213.35.in-addr.arpa udp
NL 139.45.240.92:443 notix.io tcp
US 8.8.8.8:53 acdn.adnxs.com udp
US 151.101.1.108:443 acdn.adnxs.com tcp
US 8.8.8.8:53 108.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 eus.rubiconproject.com udp
NL 23.2.211.147:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 147.211.2.23.in-addr.arpa udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
GB 96.16.109.9:443 ads.pubmatic.com tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 104.18.11.47:443 js-sec.indexww.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
NL 185.89.210.212:443 ib.adnxs.com tcp
NL 142.250.179.130:443 cm.g.doubleclick.net tcp
NL 185.89.210.212:443 ib.adnxs.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 47.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 widget.as.criteo.com udp
SG 182.161.73.146:443 widget.as.criteo.com tcp
SG 182.161.73.146:443 widget.as.criteo.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 image6.pubmatic.com udp
CA 185.80.39.216:443 ssum-sec.casalemedia.com tcp
SG 103.231.98.196:443 image6.pubmatic.com tcp
SG 103.231.98.196:443 image6.pubmatic.com tcp
US 8.8.8.8:53 cdn.indexww.com udp
US 104.18.11.47:443 cdn.indexww.com tcp
US 8.8.8.8:53 216.39.80.185.in-addr.arpa udp
US 8.8.8.8:53 196.98.231.103.in-addr.arpa udp
US 8.8.8.8:53 146.73.161.182.in-addr.arpa udp
US 8.8.8.8:53 play.clubpenguin.com udp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 secure.adnxs.com udp
NL 185.89.211.132:443 secure.adnxs.com tcp
US 8.8.8.8:53 132.211.89.185.in-addr.arpa udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 match.sharethrough.com udp
NL 173.223.112.20:443 contextual.media.net tcp
SG 3.0.0.70:443 match.sharethrough.com tcp
US 8.8.8.8:53 simage4.pubmatic.com udp
SG 67.199.150.85:443 simage4.pubmatic.com tcp
US 8.8.8.8:53 20.112.223.173.in-addr.arpa udp
SG 3.0.0.70:443 match.sharethrough.com tcp
SG 67.199.150.85:443 simage4.pubmatic.com tcp
US 8.8.8.8:53 70.0.0.3.in-addr.arpa udp
US 8.8.8.8:53 85.150.199.67.in-addr.arpa udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 142.250.179.182:443 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 142.250.179.206:443 play.google.com udp
NL 142.250.179.206:443 play.google.com udp
NL 142.250.179.130:443 cm.g.doubleclick.net tcp
NL 142.250.179.198:443 static.doubleclick.net udp
NL 142.251.39.106:443 firebaseremoteconfig.googleapis.com udp
NL 142.251.39.106:443 firebaseremoteconfig.googleapis.com tcp
US 8.8.8.8:53 csm.va.us.criteo.net udp
US 74.119.119.149:443 csm.va.us.criteo.net tcp
US 8.8.8.8:53 149.119.119.74.in-addr.arpa udp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 142.250.179.195:80 www.google.co.ck tcp
NL 142.250.179.182:443 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 142.250.179.206:443 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
NL 142.250.179.206:443 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
NL 142.250.179.130:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 142.250.179.195:80 www.google.co.ck tcp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 142.250.179.206:443 play.google.com tcp
NL 142.250.179.130:443 cm.g.doubleclick.net tcp
NL 142.250.179.206:443 play.google.com udp
NL 142.250.179.198:443 static.doubleclick.net udp
NL 142.250.179.198:443 static.doubleclick.net tcp
NL 142.251.39.106:443 firebaseremoteconfig.googleapis.com udp
NL 142.251.39.106:443 firebaseremoteconfig.googleapis.com tcp
NL 142.250.179.182:443 i.ytimg.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 google.co.ck udp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
US 8.8.8.8:53 www.google.co.ck udp
NL 142.250.179.195:80 www.google.co.ck tcp
NL 142.250.179.206:443 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
NL 142.250.179.206:443 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
NL 142.250.179.130:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 versionhistory.googleapis.com udp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.215.48.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 142.250.179.195:80 www.google.co.ck tcp
NL 142.250.179.130:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.250.179.206:443 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
NL 142.250.179.206:443 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
NL 142.250.179.195:80 www.google.co.ck tcp
NL 142.250.179.206:443 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
NL 142.250.179.206:443 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
NL 142.250.179.130:443 cm.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8OI4IV75\favicon[1].png

MD5 346e09471362f2907510a31812129cd2
SHA1 323b99430dd424604ae57a19a91f25376e209759
SHA256 74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08
SHA512 a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\feo4h2u\imagestore.dat

MD5 9d7253f6f0eef8829f77f8ba21dfd115
SHA1 ce51b4b7ad36d043a841d083ad6469cdc2c019c9
SHA256 79e3a9755048b4394c218fdeaa6cfba0e9bac2656b52d142704564b1155633b0
SHA512 c7b9da27ec1b9ecbebb164c9bfe1a913f899d7e1157f7c33f13c860b79202a2dca0fb3810081df54c55ff961ac7c44341277d5b5c2c3a4d3e05a16ef295387ea

\??\pipe\crashpad_3608_TEDXDIJFZABFTGPU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 227daa5f2bcf00f7743f167ef4c4511e
SHA1 c26a5d0f0d0c39a6c397fb673d0ef12854ce3fea
SHA256 df834ff1705af394b1c834e4844e0bcd2df0226b727ddb998a7cf465f7b94b2f
SHA512 3b88584999066e320cf0bd9f40a701a88b8f7fcf2ded14334282bdfb448a70646e48ffa84d21d991ab78f24b2eea7313b4dc7744932bd3e1c2adbc9c3925142d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b2472660ef65391175d30e2794948be7
SHA1 557bae71d393edfc49c96ecd32350214db971f97
SHA256 629553bd63315d9bf376316d3f5dc01469b95b4b8e5e8800b2e9ee0b15f7c551
SHA512 cfe05f26a1bf2e9497b826c6a3f0f1ee93c2c221bfb1f80b40d69b19cee351882882e23f62c7e8134322050a5c2f0c668aff6bc1c100e582752523eb0db77bed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7e5286c7-d79c-4dab-b63d-5c509cb290e9.tmp

MD5 01c51adcc132a977de8e9af2b9d33c9b
SHA1 87a0e8e090bac79c8e7d713a268594e0085dd142
SHA256 fd2556bc6ae7853e47b736a2d8385cd458d3a8d2840c60470737c91cec4b7b75
SHA512 d3dc46c8614470599914d12e2a94729d5dcd0cd28fbe926987c08af981594a666160bf731fa42be12f7d9cbf5296a2afea2b878da7c281d1fd499244b25e7e54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b58ed0db18040f7620f355853f2ad34e
SHA1 cb19d67f5fc06d0dbddd4b2b2681890008e11811
SHA256 33745514d2b5e0e4134021e98bb1efba4af5f98e12d0284c4575e405103247f9
SHA512 d2c9fe8c33aefe27d2f00ee872b98f90ae71bbb47aca02eafa2b9a026160d6230632ed62e46e7c4546973ab3950a2921b68c307b6eb635b267293b0da9645d89

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 acbc9c53c66f6227d3e13587ce3d34c2
SHA1 6f64bc5d48f60fa7e26c64a42b31dd0dab5fc8ae
SHA256 47e4e5a5b3ff282a5ff5796b6a6149b53d79ad444cd71b74536d5bd56c077fdd
SHA512 1d07e95a5b98d15dfe261ab985d18c386023d3d40c9a8cb995f2d657ffb67e4ec5b22a99575b3232d4758170db4efeb7fe950d9db11c5237daddb138f0fb5093

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 6bbf077736789b5bedadc0a566f5e4d3
SHA1 7e45b5fb310c74ea121d7fcc5c8a17b34971631e
SHA256 0bd18caa70025e3de8b567c60245900392e36b696ccbb7ea97b7a8f043aab41e
SHA512 e04c7ce81cb62d80f00e51d27cc09f20c67879b40542865d12573746e514f4ac0b47171d5b67f0e2c9a8f266547b8eb7fca0b8648f185644b21a9d6671f40940

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

MD5 316c85a3f73054a5a033625b4818272e
SHA1 2e84269f6f1dcd26810bc8ff01be83e1157019f5
SHA256 bfc6ad2e212b53e4f002bba984813141e8bb2c9acfcaca575e55eeae3035607b
SHA512 407d9f9254d3e07d92b91bc5152303443c4e5c0d57b2fd2f757167a2322e221adddbbbdbbfbc666bab68621add5b5ca971e193793d15f0069b032394c8eee5de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

MD5 d2887bb9f0317148aca1765c5a74e560
SHA1 cd9ebd80f31a391c3e649e7a3b48a5c0e7620296
SHA256 cba5e82ee69c6585982e70d24aaa0ea3bd68e88e0ff80f24fddf9ff7dce3e563
SHA512 06adea3a5698159678de3e58b36c682b62c8ea3af0ff763372bb362d3ccb5b1e2d37ed0a49a32f0530771ad87121e150356f9fe7b1624f460ddeefce51308b48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 524f133aa63338935e1155483fb95aa0
SHA1 089c25c73d401b25bdac1c082e6dfd2715a01895
SHA256 3852015f41c88e03962d32cc86239374ee9b543cb7cc13c549585be854032034
SHA512 3104f05d9943d967bda4d3a45010287e12e087ea57c519a6260c2e316c8905901aeaa33627f72fd7b32b3f3412364dda1dc47321f576ba24e3c15cf8d97194dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 9d7d180f2de0b32edd9f9ba978b4eb0d
SHA1 9bf1008285df462813b1e16c7f8076cd51845ea9
SHA256 a15a3c7ba09d8274c9ac4af92269a12079065383d57b0db0fae614a2936ef64b
SHA512 77b7b8f810d51f1923a41838cfe1fde471b03bd65e571e422f9c8ed8eb00191e536a61d4f82f42c27c03df87d4e497abedef00156e24bedbc57f9f465e0bdf68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 7b0df526ca1226b7d6177cc9aff77962
SHA1 b880c18dc93fc54231dd80f3003f3f6bef05cd4b
SHA256 d4b228e98cdb10a2889fd39d448f4771de324107fc3c4f1e05d5c658d236c2d1
SHA512 24e06c3d40cc82e296e59a5b0326ac892c8ff15971b468c924cd08b89d78fb550302baa09612fe3a3eca743a0c20381fe8b599e9bbf0f5489ed51e879c89e907

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 ca7fbbfd120e3e329633044190bbf134
SHA1 d17f81e03dd827554ddd207ea081fb46b3415445
SHA256 847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
SHA512 ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 32a18cbeecc4cff35267bfc5bfba7149
SHA1 a2a9911f5c39798179c90e6163b520eda9427847
SHA256 e3881ee3a3d46998083f2c4afb72decab12fadb6176a51359dfac5c9852d14a4
SHA512 b3719bc80c06c6aa7e38755dd40c9636eab75b0dd4c409e9401c48bf40a1099f204b80a0d41c1c6c646272d5c4daa6bbe1426f8d25cccd71cfaac99d6f947b18

C:\Users\Admin\Downloads\MBSetup.exe

MD5 1ed0d8b2214a5d067d5422145689f747
SHA1 e671419cc7957c1118b9bb84251a40c03351f07f
SHA256 06a4bacdae17ad89c8fc93fc4ebf6603ca406e8bcc51f3fd32f700d18436be56
SHA512 e2a686efcb1bcda6b55c5d10654124fc2b27c426a979929a1e9de171794745abc9f0cd9dbd302a4e02d95269c7abee5dd051c1687e8f794da317b3fc4bf665b8

C:\Users\Admin\Downloads\MBSetup.exe

MD5 1ed0d8b2214a5d067d5422145689f747
SHA1 e671419cc7957c1118b9bb84251a40c03351f07f
SHA256 06a4bacdae17ad89c8fc93fc4ebf6603ca406e8bcc51f3fd32f700d18436be56
SHA512 e2a686efcb1bcda6b55c5d10654124fc2b27c426a979929a1e9de171794745abc9f0cd9dbd302a4e02d95269c7abee5dd051c1687e8f794da317b3fc4bf665b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8bb16e39714f3e3adc87e4dd4e6277db
SHA1 69367b0ed26043f0e38616c381a6b492d49e8242
SHA256 4cb7416f83cd3c63c04f9298efbddfa66b86c607119ce7653a4c72c4d35af76f
SHA512 55d3d6e78f7b933bcce157d1f92d13a587f9aa1340bff2d40b393ff0de46d007168ffa4a6472dc0c498ef22791dfa575620e5561a4c99ed1e1ac18d9a33968e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e5761e8492c91defdc8882848b7ebd1f
SHA1 1df0e43cda9b73038ff51e7213c0d8f749a5c171
SHA256 cde615ba1612a1e31f84361449b537df9b9b10673ae051ce74b97872c27477c6
SHA512 1a618d6c2e54fe399f87cc5698df6f64ecf75afc22c10bca7ef91e97a2cf3492036a25d36d21e865e9311c9bda0f5b9299d3fa605185e65f439d3a79c792a960

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 7144783105bb17ba64460401fc67bed0
SHA1 5b272a52318bba01d83b0c14f4193d702c414b87
SHA256 7c0661ec04b12d7ef272d52164f702f2285d9a81c7822af784b5dd77ff0e9dd2
SHA512 a4efe89ef58ac936b3965d782a340a4e64fcfd4d08067e8d058bfba60afa06685e665864b580be20c8757c6cfeb410d33ed04e5b2f77c0c87cfeca9c148829fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5747e6.TMP

MD5 f48453dca24caa34ee1c6b10ba380f61
SHA1 83a00aad476f65f543b0f6232f4ee76f07d36635
SHA256 8bfff80e61f625396da00cb2b6fa36ebf013b2e44127e84e60af9b69e585c235
SHA512 c5c72b1f5e22c8c19c22e12d1c09f6347b30dd0132fba351556e01ad68267f13c23155ea42479fd6439d93c531954fe6572ba64a90de9e310ddc61810176e4d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 477293362c9b009287c0109772504f05
SHA1 9764c5a43485572234fd0c3ed244079f64022e09
SHA256 42dfb1ffe5ac69b2d0cd777beb88e9b36466c08d73fb3a03d4fbaf6f8d2c2579
SHA512 f82273ca8701bffc23c9f5de1fef0181908b7d0f6503c0d1991e93b358e78f02f9cd8bc946b11c29d259993a11111024788c7ff1b48d899ee1d3acd010bcc363

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

MD5 579a6ae8838b6d228b7aed4ae9a0848f
SHA1 22d6edf328f104d64e02dc659ed7b38cb38f0d4a
SHA256 34701a6106be29c982869c9d5f6ff9e4f19067067ba115c5ed95159df357eb47
SHA512 c2d2967e66bfd658922aecb6a7e3f2d67260eed710d613a6667676c843ad98802c3c1f97a660c031ac0c869bdf91d934bfe08eedaf7f0b0314145f74b1455a74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c85cc2fb341559fc3cd2351a6531224f
SHA1 c332d8864adc26882f9096183ce40aa25572298a
SHA256 a5b86d255e007d932f58f118d2ce0f2d85da3724c68adbbae6228adc92666266
SHA512 d5e99ba78d89d10f90e156f29cd1b2f0b1b1f64805bef7995c8d0e4468fac8c79f3f73f09b30c514cb17012933528dd31624d19348a60e54ba6be8207f6b8fff

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8OI4IV75\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\light-0946cdc16f15[1].css

MD5 5235e806bcb88fed6c8c8cfb53348708
SHA1 ab71dbe80857d73ce2ca21a45ab4a216ab1cbce1
SHA256 89233262726664b22e2d2e8a742b89d7439d526394f7413b30a92f304a04775f
SHA512 0946cdc16f1502b0f9aad2daf13882a63691a93f7f9a6afb537da241ef6db703e1173a6591975026f826792a4ddbe79c07b863e2a6a41ec6e7894ef1fa920e40

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\dark-3946c959759a[1].css

MD5 2820c4c7c0513590c53d244c42fb6fe3
SHA1 e7512521010a3afcf5ca395457473e7963a23ed9
SHA256 c2982a111fe3270b0feec1917715b73a1ad11e04a918c3748a129fbedff88370
SHA512 3946c959759a620244e1e09847f1baaeb2e1aad20b8e0b84ca7652fa14a130d5b94af4047a1db76afa5abacc01bba4d87789d44f959e08f8524b864eb66f925f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\primer-489656187993[1].css

MD5 139f4923247452688185bf3d633447a5
SHA1 3ca134c873f9beaa50e5134195c9ac131ef2d95f
SHA256 8b3bc987c4a93293a843b9a31a20270cf8cfe2eb6d9f3d5bc0c4336682c7d37d
SHA512 48965618799325b03b58acf21191857abe99f6067b844448c977112907e4b61fa6e44c2559c4cbd75d8dc84b7bccd6f589c9993152efda28cf0fac77eb19fc9c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_github_mini-th-34a24a-01ff22798072[1].js

MD5 387e7b7c88075f1cc262ce7762995108
SHA1 8d4a776982195206039b9fa67db73b30a4308022
SHA256 e69981450663b3ee09eaa62baeac163f7c8e3546b6d629a16f77cb11a65f80f3
SHA512 01ff22798072cbd083234ac32c9a3bdb5dae8bc388529fe83ca1440a77d2324f89bfa844d09e175756ea7c008a814d4da968c06ed4f89465ea2f3f1bc0982fa8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\code-menu-699612a7bb50[1].js

MD5 7ea0c06350594cc3720dd77bd7f3a3fb
SHA1 c2600b934c656ef063f5bb65a81d879d2aafe6ec
SHA256 d1e73500e9a5a6b3388a56f2aed65d1c88ab407583b9bd8baafa53eeccaebb5d
SHA512 699612a7bb50ed6b745cfabe0ffba666dd050ffa7f4c47807c94b92a9c390cbb2b8d0c6eb1a85f2b5072f3264b10ea6fd9a0c99e0407764ee07ffc55e0c490c4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\topic-suggestions-12644bfb92d9[1].js

MD5 2339d6f00c13728ec3e8c8ac5cc04103
SHA1 65c6f65c183ed78afc8aba2fdb60dc95d6f04c1a
SHA256 8c20afc53c5f2182e2acb0978ff144fc986187a9d073cacc2f9ef47cee8f8381
SHA512 12644bfb92d9e7a3de21c29fe81c9af40d4ec15dd25c745795484f7d8a00de30331c0803469d61890d2c00f42ae16878df38fa59eb437977a9a3653d39b99215

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\repositories-1e8ac8fa769f[1].js

MD5 e86ba5335479c9ff116ffb175065a222
SHA1 38a5b71b6b19a5326ba6a5ecd5affb087532a877
SHA256 138335ed297f4958231edb8dd26ddd9225ae2a86efa0b72def021f8cd33aaa88
SHA512 1e8ac8fa769f11dcddd496c0dc5870f48fe84690f6d0f8d8a2e4564947c2fb7fd5bbfb1eb240bf85fd93f4393068f4d8c3f1572678e9c592134c5f51d3873cbe

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\codespaces-c3db6dd3891f[1].js

MD5 2a4e030ae20ddd0d7fc6695e77a52892
SHA1 b490df78b209478ac7e5ff01a528da74160b4c91
SHA256 c5962c5a418ad72660262692f1635e9762997f2341902b6ba59eb66f8fa7056a
SHA512 c3db6dd3891f9c3e235039f08cb29d6edd5d242b5cf83a9a67177582fb3e04cce7bd19aa5f2dabe712ab75332a1960914ff693eeaac472c5a7a5b87d72769fcb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\app_assets_modules_github_ref-selector_ts-7bdefeb88a1a[1].js

MD5 d8d29d2bbd0f6b4f7d7c90ee97327932
SHA1 79f48d95561b7184b59a35145f40e38288cf80d6
SHA256 9364633a098614712c53ec35442adcbf0f59411a2bca17db12374e1e94a0fae3
SHA512 7bdefeb88a1aaccf9b57f95f9e147289f4f8388ebc5f70da7e9b0320cfe96d603b597bcfec9f9bc12754f9c96d0489e76fa2b91048b20a8fa970788b5bffabb9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-911b971-e714578c4cac[1].js

MD5 7434f51ecfefa587a020c2ff47fae4de
SHA1 4c10f748619ac8b87f25e7bf4a9e48dafe74d517
SHA256 c3c5a40add538d81807d60aa46ba52c2b0368b80a4a73665cefa50b48413bead
SHA512 e714578c4cac5de881bc79cbc561f68443c0d1d93e6d933b4fe67b7677bde8bf55bd635924d286fd09fce1f0b7f82c86867d7499f6493e5834c38bedbdece26f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\vendors-node_modules_virtualized-list_es_index_js-node_modules_github_memoize_dist_esm_index_js-8496b7c4b809[1].js

MD5 844fc2167be483deee376371db56f504
SHA1 6bba3094b6c0753f8e70cc9ed0d1dd43f36d267e
SHA256 4449596879e9737f1a216b91d8377dd0e2e5ee9b57f0df3d0f9ddddbccc4ca8e
SHA512 8496b7c4b80988d7cfe5aab2d7a4a3c70908544afeee50b7e7b836922f51ae8a3c499f094070b8a8385e092caee09f7f14b004cdfb9d63acb1d10dfa9f377f28

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\vendors-node_modules_morphdom_dist_morphdom-esm_js-node_modules_github_template-parts_lib_index_js-58417dae193c[1].js

MD5 5c92d60934f35b5e8ad723d7f982d7ac
SHA1 a9dbe8393e165ee73c9c2f15d9b9e25dee03ef98
SHA256 ab812475a704013e0662146bbc9075cffcec836d87c0507fd8c3649691694fd0
SHA512 58417dae193cfa3899e4861b3aaf7143ac640625ee2181258f2d051d2e3d0ab4991c396089ddc26c781b687d2e78f2ca7df7b9282205eb5518f61e6eb6066fc4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\notifications-global-86e9ba7bffb7[1].js

MD5 c81994fab4171728a9d56d598ca6c7f2
SHA1 3560f347746006944133e499411235399642ebe3
SHA256 9a5975c800bad812fef12760aba50f61f623303141088d685c3c167dd8515f78
SHA512 86e9ba7bffb7eaf1a30bb975d0b72654de5b664845b07e543b96098b93de762e61096cae05fe47340a37d07d39708bc7894d5bd031e8fd6b37c6e03b79097398

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-06ff531-fe0b8ccc90a5[1].js

MD5 b49149f4a5bb177d2a996d4dabb198ad
SHA1 7bc5e2cab51623c49b486fd3d809e277eca85d44
SHA256 b39d718bf90927b25fec09e7d70cd72b69adac6bd943ceeea106959922c230e7
SHA512 fe0b8ccc90a5b06dd44f859d6cde857cec873876b0ccef2ee3dcd1edf036b5d636487a134869c5e05f17f7fd224bb7ad47b063161eb1b85536a362b0b5d99759

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\behaviors-02dc1184ac49[1].js

MD5 5787c9b73681f0a1dc706ffa0bc3e070
SHA1 80e024bf2c12cb0d7cf3317816d4ff1855dfc68a
SHA256 4d2de4268df34d391c9b3f2ada4807570b85380a6ca05939e07f1170693a78c1
SHA512 02dc1184ac49c869fefbd755d5773dfa1dec7f209fdd708bb50a2090943497866cc8493886249602ce1ffed0efb3052522a86c582114b3d4701ba1842e880d6f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-80a9915bf75c[1].js

MD5 803de299ecc5672af443d018f8b7d443
SHA1 23ea39a811d08acb34a991966c8a5b8381659636
SHA256 bf14d2467bc2f557486dd191d87534cbb7eeb2d84524db094aac54ec23ed77f8
SHA512 80a9915bf75c01c9eda4b40965878faa2b4e51f60aa9e4c24953421f685a1aa2b49d7b86b2a68f29861973b96dde38faa9a659df2124824162549f04410646e9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-2e2258-dae7d38e0248[1].js

MD5 2ea4751c021cf86092225f87a5cc7ca2
SHA1 3c3a818ccfb35a1cfa7b8c7793699aa9ab8a9d72
SHA256 9d4c3a8ff89e9acd1218edd29506299cd6522610df7b06442704ccc318b24c2f
SHA512 dae7d38e02483d4244dda02aa05e081ef94d31f30c8bba7f9581d5541abee149b092d5e216009ac4457fc28336a89373bc78e94a6ab513da516b15289c982653

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\app_assets_modules_github_sticky-scroll-into-view_ts-1d145b63ed56[1].js

MD5 9c15e69f34d72ab01a25575780a3dc9d
SHA1 4834bff994ded22703fbce6e1f04d5a13838354e
SHA256 a382c7be63e4761274ff6e21ef7e9596aa0eb700573a0ead42aea76c36e3e47b
SHA512 1d145b63ed56c1ca14a1cb8d7264bc56a9e0c3a7d11ce67b5b1954b034a9ab4c29d74f72ddf860600dfddbf1b73d38caaccecd5bc51dd4fde166f79d426aa086

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\app_assets_modules_github_behaviors_task-list_ts-app_assets_modules_github_onfocus_ts-app_ass-dbc08c-c80bb6d2e713[1].js

MD5 f5f1895fd16df7ec5de1ac0cb59c1f2e
SHA1 e65078e88775a6c7472eb5ef882b94eeb5d0ec89
SHA256 077048a700f11d1f982097569e9b89ed2422293f323465967bc1e4f2d28fc0d3
SHA512 c80bb6d2e71370895a987cd12251bfd3884a8d8cf392374c65b76115a769e1e08c2987c8aff1a7094f72c48af4faed2564ac51622c089451e462d18bda4cccbd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\app_assets_modules_github_behaviors_keyboard-shortcuts-helper_ts-app_assets_modules_github_bl-1f24ae-60413f6f3a61[1].js

MD5 149d13dbcc51fa331e11cfabac92c70e
SHA1 9153519b565a843dee2e9c5c4a80ded810e193c7
SHA256 9b2dec605c3d912a89cf87edb803b1110c7cfc2730bb90df7ea5bbd3edf29ef2
SHA512 60413f6f3a618e8edd9fff6ebdd34b274adbe5289ffb3894d6df4efb0ac12f70ccf33c57104ed8a197c596af0ae5f89f3929d3657a63aa57628133424f0e4ec9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\app_assets_modules_github_updatable-content_ts-70e6c1269039[1].js

MD5 86a00ffb34c4d73e3f3c3ba24756c1c9
SHA1 e2c5edad571445b52f611db67fd2d7928c203a1e
SHA256 35617d8843005118fa116252bed39f77de0e967066c1ba3f9b665ba1f6246a04
SHA512 70e6c12690398352b11576213e7e6908581bdc2fa7374409bface6053e05aef889e421bbb9dde3e566750677a166b0b31d8422e097ab52c7b11db8b589812fe3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\vendors-node_modules_github_paste-markdown_dist_index_esm_js-node_modules_github_quote-select-1bdbba-dd6debfb8eb8[1].js

MD5 3300bb1e43e1f3e0b54b12ef8374c3a3
SHA1 00827a47080d5a773e7be772db60ddc757c886fa
SHA256 b057bb407ab2e68df16830361ec5d21e19f1df0f1d262852032f49ffca0586cb
SHA512 dd6debfb8eb8b752c44b228fc2b4ecc97c13e4c4a70db3fd017c919dac8f8ace9c75a8857a8bcdce973becc3d3c1a6949934e14411219541343e1c06fa751d5a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\vendors-node_modules_github_remote-form_dist_index_js-node_modules_github_template-parts_lib_-273494-0fb4f42e57f4[1].js

MD5 f3ababa361da60a5a0850157f001e1f0
SHA1 d922d1351994e5bbb7300ff64fccbcd51d868efe
SHA256 3bbfa36699d3e10c2d6131124a6349bee69838b7c3bac42b23d7a4e95958ea3f
SHA512 0fb4f42e57f49b300ed87d266e866309fdecbd06d89ad6d91f4c89d7eee0302826654c890a040d595eb58eb27daa4535077fae5d50ff2d234124f829b2f92a49

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\vendors-node_modules_color-convert_index_js-35b3ae68c408[1].js

MD5 9dc040f59be2a61a2c9e74568e81a859
SHA1 7ea23e783cb7242b748c0630d5946c82777fcfbf
SHA256 b05a7e19c59be8422fa87b0c0a3ec37a9aa64757092ee6afc887500c186324ee
SHA512 35b3ae68c408451d73656d48ecccbb9663b4e824ba12a41275a8878859bd48ce96612c54d7a72e8201b61efb6054187571d3da8d4db02418d54ed74cc0dd6126

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\vendors-node_modules_primer_behaviors_dist_esm_dimensions_js-node_modules_github_hydro-analyt-f69502-d8672aa6f36b[1].js

MD5 e4012feecc28eedcd3e808d60e46b8ca
SHA1 9d9edfa379e126c74fd5d1d54b8ab44c455de132
SHA256 a1ca04d5bf323662e0954d2246375044d461303e6605b18dc7cfeae4e9f02102
SHA512 d8672aa6f36b0137c3a23b186456056455c7207cb815cc28e9b6b348e9f1ad25d34454d70af8610b3e1096707ec276a6378096d234d499c5a11f435f19092e3c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\sessions-4849c97a18f4[1].js

MD5 2bb72936e57438f307ac1d83dafb518e
SHA1 d8d0d2610fe499c2f2d6c4abad5c4ebc0387ce18
SHA256 0e6bace12a3476af2364c8a3f1b89bea228491d0e59920ad3c229903ee9e8d90
SHA512 4849c97a18f47cf864f8c5465a7959c2054b74401e82c1a7f66a290aa5ee89d60a26aaecc662ccb73187d3fbcca98e584ce697b4b1c7d3c8608fede252fbce2b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\vendors-node_modules_delegated-events_dist_index_js-node_modules_github_hotkey_dist_index_js-b47a28757074[1].js

MD5 c276f423c6cb28f8343853e1ac010b5a
SHA1 178aadaa8312ab8a2df9f0e7e660a953906ee8a7
SHA256 a7f7e18e890a1b333483033f30ac36bf70498d6d8a45c8056aab7e2360ec021f
SHA512 b47a287570740e0282d8e09ff1c842fac19f2f6204d0f92d6b4ddac83f54b577816b46c968ef333b83564c8c9652f904a6af678a767cf1b51312ba884ddf0332

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-ba0e4d5b3207[1].js

MD5 80de3fe499fabcd32f3eb5a1c8a080b9
SHA1 45c7a787dd927214b847550fcd44f37261413256
SHA256 0f0b5c21ea9467b911d1377fdff0272addf7fccc7a588f2f30ec6f07ffbdcb6f
SHA512 ba0e4d5b320783d52465d15d4a36113a8e10261eefc707314d7e6f211ebb57930b7cbf2568017febe5e47cb43749552e6992fcd652aec702110a330364e08506

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_alive-client_dist-bf5aa2-424aa982deef[1].js

MD5 fa2bd9163204e6ced0bf13f169206c40
SHA1 ea2d13287aef46af1ad0f04b04eada4e8a8966af
SHA256 0c2a6aa4860bd3d3a135d59418bf4e7a00173c3e974842ae436a0a2fbe3da624
SHA512 424aa982deef4fc0969c58c54d1dfcf1b589d6c9da95575e4b5f88ffb03a8457954a19c03b00afbb5f4fa0d64a6d7b7361c0a4737c1d21490d2767eea227e0db

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\vendors-node_modules_lit-html_lit-html_js-9d9fe1859ce5[1].js

MD5 29b126d180066f2cd72287a725af3dce
SHA1 da1a0918b337b6bcda086580271306fbb2d41ea0
SHA256 9417afb32e38d089ae0e18debddaec99629f25af815081ebf426a48066ef3438
SHA512 9d9fe1859ce5c02054af70a2435b2b137398d7f41f2b71cc138333f706bf3c175eccc001e8ba717e80508a10590fd40c91468a9ee60839cf2cf5464c2601deec

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\element-registry-232b7187141e[1].js

MD5 0616418cd2a86a108acb841ada777f95
SHA1 73a4223689e940597f37189796aa211bfaff8411
SHA256 c0bbdc2a2ea28204266e885aeea4d003c4ac86cb86c224bd735f08fb438c7532
SHA512 232b7187141e85857befc1433bad1f4504ae24f6913538a4d1f993ddb9609b5a0d762016b5bcb3e9751da34fd98f29791ae6b52f5fc90587f3659e7081fbab0e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\github-elements-5f0209c98275[1].js

MD5 cc26cd480b150f489db2fb850ba30252
SHA1 29a7c8dbef41ff2cc9dfac54b76081cf687b3db0
SHA256 cb74dfc2260dfd597e852ea960b0ab0ead49ddc122ebfe82af3c7823008859bb
SHA512 5f0209c982751c652a64d4b8e695028423f16f6380eb36b7f905f1f0c971653749c8bb653579542fabb5b14266540de55b895b61f3b6e341d05fdd0517c15fe0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\vendors-node_modules_primer_view-components_app_components_primer_primer_js-node_modules_gith-6a1af4-68db00c62e33[1].js

MD5 2de0975dfa6a7deb3210f0c45eecdca4
SHA1 2b42da02d3679c5ce9931842a7193d988360fb0f
SHA256 6a490ab3a7b8c3d69f2a81455cee13f846eb36765766fd397825b08df29a1408
SHA512 68db00c62e334ee79dc1e9cf40754676839e53d3df6709ec9736340208b2406b623d7076e1f8dbb7823ef6c5fb0c6a985d5f3e9bcb5277b0a725606903d2f40b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\vendors-node_modules_github_tab-container-element_dist_index_js-node_modules_github_auto-comp-bf192d-81631767a9f8[1].js

MD5 293d63f0050ea51645c8dacd1db64d15
SHA1 d4543677f93f8d3b6c0668b6e7f5bde78fb2d292
SHA256 7246e4fdd4fce24e9d15002dfc9e07db899a1704598444f31b4f9b9a34372afa
SHA512 81631767a9f813fc0e4c5900d24c30e3824860bfdfe913cf11a6eb7356ab8e8b99c5cefa5492e3daa5e49e468ecd2a765461ff4ff10c127f404e101118851dc8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_github_text-ex-3415a8-7ecc10fb88d0[1].js

MD5 bb1800636a88e2cf90f48ea181a1c3e9
SHA1 486238b0e8fbb84b4f92e462ba7f337f8c6c091d
SHA256 7bfa93a6b92eb9a2f1668a9b16ea5e1f7f2591d3664351788a48107ec879bf84
SHA512 7ecc10fb88d0dc86ce7d35b7a2be7b44f51904fbb1908b53c9afdf0d6d1fe9760753f6cf8f9ca1897bd537552d3f8238c68e9b993a167cc52f43b5f7a58b37e1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\vendors-node_modules_delegated-events_dist_index_js-node_modules_github_details-menu-element_-bb7a4e-8ca5bb7b5e7e[1].js

MD5 f8fd66fe242f868671c429712619f0ad
SHA1 f11152ea44023423ceabae57e8aedd6e0a989cd9
SHA256 b5b19cdc6d7cc23c96ca4214a7f915e99a6a3db99af3bf01432831cbe35f137d
SHA512 8ca5bb7b5e7e52344931fc71eeb1c2f79b08df6939f6f2bb5f7bd78bd225ba05ab794ced92dd500f89e1b4767e8cb8f106c0be926210f2013d27f1c8e0070202

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\vendors-node_modules_github_details-dialog-element_dist_index_js-node_modules_github_memoize_-8664b7-b1d9fac72bf3[1].js

MD5 e8daa8ae1bace46578621c25ea0966dc
SHA1 83571037fa8b308c87e365911838bb8e459e30f5
SHA256 c181db979284686fdac27e16a750d2176b10c3224d4e59a7882a24cb5a9be31a
SHA512 b1d9fac72bf386bd30e509cd355253b69060d7a72529b6272d53593f28237ccfc31ec334309638fc6c71e52c8fcc44294d3ecbe557013eaeb8f7dfcd71a03e32

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-44ef1e-ff95e778f461[1].js

MD5 5e5e12b8aeabb4b09bd21a35791f7a9e
SHA1 e327a6a2c4f32e0a459a6537017a379c31cdf7c9
SHA256 3b3f02fd63bc69bc9137be434e4eee05a4148ebff584f8945d808e9615b63a14
SHA512 ff95e778f461f30e5f1c3c6aa5be1f824a59b5a137b0a1e6d2e311ed44cb5729097e6008238990838a6d291bff503af37d501c4bb96840e78e9fc36470b17eba

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\vendors-node_modules_fzy_js_index_js-node_modules_github_markdown-toolbar-element_dist_index_js-e3de700a4c9d[1].js

MD5 186933c0117b94c9b8aade71f6f310c0
SHA1 ae67ade0e920b536137b6e98bb5e9e6c34b96925
SHA256 1465e7c16987bcaf9bb6209172d23d157cba309e9c8b2e4751b77ce4feb1b14f
SHA512 e3de700a4c9d4e1a490d2daa45c518f837ba0f6e065274231627b3911c43faf07e365ba42dc6d110627987662366ea1cdebc9ed4f5a8b88a04b64a7980c7b5b5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\vendors-node_modules_github_relative-time-element_dist_index_js-99e288659d4f[1].js

MD5 f491d4f9b68507dfdf90a5ef6d4f70f8
SHA1 dac15fb588758d0cf24eb922931dc367d9f0458b
SHA256 6f7e23dd694a3e70ef7b0a8dd6b30161168039187a16bb1f8ad56c0e385fc2f2
SHA512 99e288659d4fae2fc48756d2bc57e0bbe2add23ed9ff370f8f9643ee09585f4bcacc6688cfe6380e60dbe883f614bbe2c61cd7d52fd5109f20aa79b70df6f079

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\vendors-node_modules_github_selector-observer_dist_index_esm_js-2646a2c533e3[1].js

MD5 e5411d902c14114345232eab0b388a2e
SHA1 a079ffbceba09465e2546881d6b963d05edd3add
SHA256 3dd71977f8bc77d1d340787b166bb300047f951a16e440f75c9fe2599659a70c
SHA512 2646a2c533e30cbd3c0ef653c306fdd6052f00fb9479ea664f791ee17c4a8d8321a0337dc9f79b9a0aa0a1d68a9cc84b46bda6b2285bc16a8434712b54794f75

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\environment-9fa8265d4c66[1].js

MD5 0974196805e76d9e4241714b70e1ec07
SHA1 dc86f62d155288fcfb998a69bd9d0d40463c6907
SHA256 a0c66eb68f15054d3199cbae5e3219e95da1a81fba88c2113358e30721812d2a
SHA512 9fa8265d4c66461a7d04911b4b6f404d046ab47fa744933897c28d22cd523078b752b6f6a866369dd04f2a3c2d9c3ff04ecd2d61805a7a4af7a2c51f158d6f36

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\ui_packages_soft-nav_soft-nav_ts-de360abf3418[1].js

MD5 028e12d4e783074c81652227528cb19a
SHA1 29e174284b2a6afaa23d82b2c1272fbff4a74426
SHA256 ef763158bd70c92c72c9aa194111f4e5f3e774d0fa8b57b1580289e223405388
SHA512 de360abf3418d1f7917a5fb6cd9f8a459e810bf37d0932727a3ef37047ae3f0b333a480febba701b622f7e893e981471cbf02b8c26510775fe5757440a3309d2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\vendors-node_modules_stacktrace-parser_dist_stack-trace-parser_esm_js-node_modules_github_bro-327bbf-0aaeb22dd2a5[1].js

MD5 9fc89fa65a58962ff1ef5ba6ab4b7fe7
SHA1 cd29e761b12b62c2fd89f78e46cb7a1b3a138319
SHA256 a65b97799b96dc96f1dc22f0a05c4d5e737ec6526545987154d982bcebc37ddb
SHA512 0aaeb22dd2a58feaf4bdcfba5d98a6f7241825a8f4049facebc4392ad1196e41a22a898e35c7ee8b59c87c76814f45d06e9c366bdaaa2446985a7f9b6756e013

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\wp-runtime-4469d34ab4b5[1].js

MD5 3a26f235169b5d90608c0ef53c447a6b
SHA1 6aaf4baed7ae2ffa47ff3349f8c74aedd8260278
SHA256 2b717b23cce426b807903cc084f8a8f462ae37615e1475acaa0b2aecb4f176e8
SHA512 4469d34ab4b539a75d3b1ceebf297778f6c4cb503336830bb302cbf68c954a62b1b04b156a98bb5e67ce7eab4f397a4134fdbefeb13ab2d7977eee0b1d1d3193

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\code-eb757dedf4a1[1].css

MD5 1509ed536a5689e730f80e6a63e40f4a
SHA1 8781101dfa895853165f8f8607a03636f4602005
SHA256 1b07a0884e67b45947aba1ca661844dfd121e839c909933af78defd1848786ba
SHA512 eb757dedf4a1e8a8a1f9cf566965c98fde3aaaefca12700990c837caed81f1277570d8ac24001e2ceac535ec45a8132f8cd76a370a746870d215cd0a92b57a6e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\github-cec71f055b16[1].css

MD5 6a5fe2abff6ac950537b59f29e863cac
SHA1 d0e19430c99c140dda4dadf206d487cf7149cbb3
SHA256 36f5a259b868f73a395fd60dc359f63332e3de758bd4946f836a5c93c3370d46
SHA512 cec71f055b165c717d05a7fad94804bb01d1702d70cf5adfa890bc6d44037ff1dca91185e042d656ad9e25ff0954f317d831b8a6cd1f06e2e697967708389b6f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\global-8f2b2d4c7aff[1].css

MD5 1be523bac034abaa378b67806ef01ae5
SHA1 13577f9fe88ffe60e2983bbea7b773c5163a4e3e
SHA256 041e5c6ba3c4dd331dd6967ca2e3669a3c7d2b2455c06656c2c2e65676589a33
SHA512 8f2b2d4c7affecc64f5079f6abf50d90f87ceea1643665e3730eb644ec49706623c6f367566dd3fbc5c6110d3e4a907b387c2e9a68ad072ec21872da880d70f6

C:\Windows\Temp\MBInstallTempdb14be57d7db11ed882072edbb006969\7z.dll

MD5 ab8f0c1a37c0df5c8924aab509db42c9
SHA1 53dba959124e6d740829bda2360e851bcb85cce8
SHA256 6e223b275b84d948cc5ae1f161f0bfff2adb34de04634c84d7dbe9305a4998d5
SHA512 ff8a26e8fd5a08c74e5ba93a564e0d3cd932754e7f06993a365bfad06670497889e69ec45bfba1378040b72f82d468e79682beba2439937bb29d2a41da940d4a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\optimizely-88264c7905d8[1].js

MD5 e16477ffdbed182f428d984027e4bf95
SHA1 ccfa2b4acc1bad75764c78ef6282a687b91df3c3
SHA256 f740960a4fdaecda0672e08c889bb56c55fc948978f63aada9b1becc592f4807
SHA512 88264c7905d8ffe38490d7eb16c30e4428f19dd543c2d6276188aa8c688b790d6b16f14ad3c5c09f10a9ddcddcefd2d6df3002d880bb893932f43d6d9628522c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\vendors-node_modules_optimizely_optimizely-sdk_dist_optimizely_browser_es_min_js-node_modules-3f2a9e-fc88059edf41[1].js

MD5 7528cb3c6d2f4e157f284598427c9d77
SHA1 9284a13a46b40b5fba1d820ef5f3e84f943c2e72
SHA256 bc1269d6d3f2e936f729b04a73578432787ebb4ce737b9e05b167a029ed3eaa5
SHA512 fc88059edf414704493eac1e8b64a1a21665de715c404f57e543e6485aebeb4aabc4b586bb4acf9e141c8149c3fd76e815767df1570bf1ac5b0db12f05400f72

C:\Windows\Temp\MBInstallTempdb14be57d7db11ed882072edbb006969\7z.dll

MD5 ab8f0c1a37c0df5c8924aab509db42c9
SHA1 53dba959124e6d740829bda2360e851bcb85cce8
SHA256 6e223b275b84d948cc5ae1f161f0bfff2adb34de04634c84d7dbe9305a4998d5
SHA512 ff8a26e8fd5a08c74e5ba93a564e0d3cd932754e7f06993a365bfad06670497889e69ec45bfba1378040b72f82d468e79682beba2439937bb29d2a41da940d4a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7cedea5f6f6fe9e6cf08d4bc8bf4e5bf
SHA1 c6a9d41328d60e527881df7f2f0e2f1ce3f4b2cd
SHA256 c8340dcaa65adcb38844bd72e5963e7c452452929d6aa7bc36014821a2fdfaaa
SHA512 67e108bd4f85add8f488faa185357f27e96bd5d8d6e5841dc5b60550299a1225c682e9c08c427ed743b60efca540c7c25bdd5b17e7515e37e4b6a34a6ba5af1f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\MEMZ[1].zip

MD5 69977a5d1c648976d47b69ea3aa8fcaa
SHA1 4630cc15000c0d3149350b9ecda6cfc8f402938a
SHA256 61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc
SHA512 ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8OI4IV75\MEMZ.zip.qytlrdd.partial

MD5 69977a5d1c648976d47b69ea3aa8fcaa
SHA1 4630cc15000c0d3149350b9ecda6cfc8f402938a
SHA256 61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc
SHA512 ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd

C:\Users\Admin\Downloads\MBSetup.exe

MD5 1ed0d8b2214a5d067d5422145689f747
SHA1 e671419cc7957c1118b9bb84251a40c03351f07f
SHA256 06a4bacdae17ad89c8fc93fc4ebf6603ca406e8bcc51f3fd32f700d18436be56
SHA512 e2a686efcb1bcda6b55c5d10654124fc2b27c426a979929a1e9de171794745abc9f0cd9dbd302a4e02d95269c7abee5dd051c1687e8f794da317b3fc4bf665b8

C:\Windows\Temp\MBInstallTempdb14be57d7db11ed882072edbb006969\servicepkg\MBAMService.exe

MD5 df6a796460b0f70a9a42cb1ab98e7ffd
SHA1 657c2c3cdef7325c6331f377fe0227760f6bde1a
SHA256 676f3c56d6e5c8dddd7f01d5d10baad352683a2cb8b9bd4ce526a7629fc8fa43
SHA512 21b399a76845f81ceabc60d2225ddea30296f3ecd52a3668e60a51d9593c9444596b8ec041b53ae8d8f6f18ee54ab23db8678945e832355e9e76a6fbbfcc0b87

C:\Windows\Temp\MBInstallTempdb14be57d7db11ed882072edbb006969\servicepkg\mbamelam.inf

MD5 c481ad4dd1d91860335787aa61177932
SHA1 81633414c5bf5832a8584fb0740bc09596b9b66d
SHA256 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3
SHA512 d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

C:\Windows\Temp\MBInstallTempdb14be57d7db11ed882072edbb006969\servicepkg\mbamelam.cat

MD5 60608328775d6acf03eaab38407e5b7c
SHA1 9f63644893517286753f63ad6d01bc8bfacf79b1
SHA256 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59
SHA512 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

C:\Windows\Temp\MBInstallTempdb14be57d7db11ed882072edbb006969\servicepkg\mbamelam.sys

MD5 9e77c51e14fa9a323ee1635dc74ecc07
SHA1 a78bde0bd73260ce7af9cdc441af9db54d1637c2
SHA256 b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0
SHA512 a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat

MD5 69b658fbeec3172c7399a81fca80be51
SHA1 8f7b19f9428f3e53702209715d244f2516b7385d
SHA256 80f5bbe171839f4bc52616af01fe90931f72cba73c0008119e3046281c765b51
SHA512 8f609422356246b8f88f88545fc496ad18829241ce52ad05a764342c9ba7fc39d0bd2f5025d8a1dfc050389c6724d5d7d313c1d230a5074ab1c0173472e2fb09

C:\Windows\Temp\MBInstallTempdb14be57d7db11ed882072edbb006969\uipkg\QtQuick\Controls.2\HorizontalHeaderView.qml

MD5 d8c9674c0e9bddbd8aa59a9d343cf462
SHA1 490aa022ac31ddce86d5b62f913b23fbb0de27c2
SHA256 1ef333b5fb4d8075973f312ef787237240b9f49f3f9185fb21202883f900e7d7
SHA512 0b86ec673133f6400c38b79f9ba4f7b37ce5afdab1a2e34acbf75019e2590cc26b26d323ddc1567c91375053c9c8593be0615389db8eb1a8d1eb084ad4200b82

C:\Windows\Temp\MBInstallTempdb14be57d7db11ed882072edbb006969\uipkg\QtQuick\Controls.2\Imagine\VerticalHeaderView.qml

MD5 829769b2741d92df3c5d837eee64f297
SHA1 f61c91436ca3420c4e9b94833839fd9c14024b69
SHA256 489c02f8716e7a1de61834b3d8bbb61bce91ca4a33a6b62342b4c851d93e51e0
SHA512 4061c271db37523b9dea9a9973226d91337e1809d4e7767e57ac938d35d77a302363ed92ab4be18c35ba589f528194ad71c93a8507449bf74dd035acf7cdb521

C:\Windows\Temp\MBInstallTempdb14be57d7db11ed882072edbb006969\ctlrpkg\mbae64.sys

MD5 95515708f41a7e283d6725506f56f6f2
SHA1 9afc20a19db3d2a75b6915d8d9af602c5218735e
SHA256 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6
SHA512 d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

C:\Program Files\Malwarebytes\Anti-Malware\uipkgver.dat

MD5 74c6677020fc6b6c867aab117078bf5f
SHA1 8c46db37dc0b39eb963d4144539c8b591e122400
SHA256 cdbb9bc874d71e154c71b68b1fe959913d286036dac11e226e5620c919ba9708
SHA512 3f9db8d9bb25322f8d8e750750bf92dbe6ac63d686eced65cddfcd61178cf0e947118a491058414d4d2cbb4892e39815565669aee0dfdda23aece72d278292d0

C:\Program Files\Malwarebytes\Anti-Malware\version.dat

MD5 36be0508baac01f2e1f45cdce0b2c540
SHA1 c0b54d2b708abc622264691550e1dbddfa34fa02
SHA256 57aef74d0a6ac936df7fd8f8b2f5d8980333837e7b7d68c89d4a74ca8a15b748
SHA512 93807d780a52f550406612ee3e4078baeb4b72082ee687a004a2f6476b058fe022f0f143c6f2313d66125e992e271821b7fc8574189b881a56df5ad7e2c46466

C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

MD5 5de6761dfaf6bff8a566a80bad9c0aed
SHA1 7c513bf3de55d4a397b3f41e538fa4988c41820c
SHA256 74f655918435255fc9d1cc9a7be6750df82f5a5dc4d3e422c5fd40e686826d9e
SHA512 87d9a3a5a4d8153273b3504c86a3a54a693ce8f0b23c3ac7719bdc646b516d59aae4f4f25c4d16d7c3860111029f20dcc13be19c44cc8edc6ed05fac7e86a491

C:\Windows\TEMP\MBInstallTempdb14be57d7db11ed882072edbb006969\servicepkg\starfieldrootcag2_new.crt

MD5 d63981c6527e9669fcfcca66ed05f296
SHA1 b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e
SHA256 2ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f5
SHA512 5fada52ff721f4f7f14f5a70500531fa7b131d1203eabb29b5c85a39d67cf358287d9d5b9104c8517b9757dba58df9527d07dc9a82f704b8961f8473cdd92ae7

C:\Windows\TEMP\MBInstallTempdb14be57d7db11ed882072edbb006969\servicepkg\msrootca2020.crt

MD5 77ac2a1ae404c2e29334c4d0ce29ac0e
SHA1 c8eecd58d3b43a2ddec5054ef9eacdf0c2940e62
SHA256 626727d3f4fb4c4ef816648217966d5eb2a028afe03c801788b1834a456b48e8
SHA512 40bf30c83db166803798fdfbdcbc04d6d01bce7ec569d2f24089bf1b6d81f8694876d43c29ce78359d1101d40386044a0b9f11aedabb3a6348eb1a7da6762fd9

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 b02d6bd61c19c14c56f42ed44ebfc3b0
SHA1 5ae34f9125032f4797d309d53362e821bc1cb951
SHA256 64281f8df920dc267fbecd5f1a430442c3ea25bbf1fa6aae15b2f8b08bc55574
SHA512 c6d5b0bf224fffb90ea406813876a749772f5673c2261d5fb6d1dd8fd5e32feb62b3b8fc986d2fef5bb610568da375f7f1776ba029e246f194fc9f227ce803d7

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

MD5 df6a796460b0f70a9a42cb1ab98e7ffd
SHA1 657c2c3cdef7325c6331f377fe0227760f6bde1a
SHA256 676f3c56d6e5c8dddd7f01d5d10baad352683a2cb8b9bd4ce526a7629fc8fa43
SHA512 21b399a76845f81ceabc60d2225ddea30296f3ecd52a3668e60a51d9593c9444596b8ec041b53ae8d8f6f18ee54ab23db8678945e832355e9e76a6fbbfcc0b87

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

MD5 df6a796460b0f70a9a42cb1ab98e7ffd
SHA1 657c2c3cdef7325c6331f377fe0227760f6bde1a
SHA256 676f3c56d6e5c8dddd7f01d5d10baad352683a2cb8b9bd4ce526a7629fc8fa43
SHA512 21b399a76845f81ceabc60d2225ddea30296f3ecd52a3668e60a51d9593c9444596b8ec041b53ae8d8f6f18ee54ab23db8678945e832355e9e76a6fbbfcc0b87

C:\Program Files\Malwarebytes\Anti-Malware\MbamElam.inf

MD5 c481ad4dd1d91860335787aa61177932
SHA1 81633414c5bf5832a8584fb0740bc09596b9b66d
SHA256 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3
SHA512 d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

C:\Program Files\Malwarebytes\Anti-Malware\MbamElam.sys

MD5 9e77c51e14fa9a323ee1635dc74ecc07
SHA1 a78bde0bd73260ce7af9cdc441af9db54d1637c2
SHA256 b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0
SHA512 a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

C:\Program Files\Malwarebytes\Anti-Malware\MbamElam.cat

MD5 60608328775d6acf03eaab38407e5b7c
SHA1 9f63644893517286753f63ad6d01bc8bfacf79b1
SHA256 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59
SHA512 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

C:\Windows\Temp\MBInstallTempdb14be57d7db11ed882072edbb006969\servicepkg\mbshlext.dll

MD5 b7e5071b317550d93258f7e1e13e7b6f
SHA1 2d08d78a5c29cf724bc523530d1a9014642bbc60
SHA256 467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064
SHA512 9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

MD5 df6a796460b0f70a9a42cb1ab98e7ffd
SHA1 657c2c3cdef7325c6331f377fe0227760f6bde1a
SHA256 676f3c56d6e5c8dddd7f01d5d10baad352683a2cb8b9bd4ce526a7629fc8fa43
SHA512 21b399a76845f81ceabc60d2225ddea30296f3ecd52a3668e60a51d9593c9444596b8ec041b53ae8d8f6f18ee54ab23db8678945e832355e9e76a6fbbfcc0b87

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 b02d6bd61c19c14c56f42ed44ebfc3b0
SHA1 5ae34f9125032f4797d309d53362e821bc1cb951
SHA256 64281f8df920dc267fbecd5f1a430442c3ea25bbf1fa6aae15b2f8b08bc55574
SHA512 c6d5b0bf224fffb90ea406813876a749772f5673c2261d5fb6d1dd8fd5e32feb62b3b8fc986d2fef5bb610568da375f7f1776ba029e246f194fc9f227ce803d7

C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll

MD5 16663d125398773a90d0a53333b7cf5e
SHA1 f92928ae3c9292588547ceaca1cb1d372bfd7936
SHA256 38e6811b47262101759aa51a631263d9e3eee5d211164318a751e078afec4cbc
SHA512 091764b8ad80aa31eea0bbd91ee505ebdea2654bc8aeaa3081a061d0d37ab13d27dd203075fd0de10c6687591aa0e36139a38af846c4e34e6aa67ab81dc277df

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json.bak

MD5 b02d6bd61c19c14c56f42ed44ebfc3b0
SHA1 5ae34f9125032f4797d309d53362e821bc1cb951
SHA256 64281f8df920dc267fbecd5f1a430442c3ea25bbf1fa6aae15b2f8b08bc55574
SHA512 c6d5b0bf224fffb90ea406813876a749772f5673c2261d5fb6d1dd8fd5e32feb62b3b8fc986d2fef5bb610568da375f7f1776ba029e246f194fc9f227ce803d7

C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll

MD5 16663d125398773a90d0a53333b7cf5e
SHA1 f92928ae3c9292588547ceaca1cb1d372bfd7936
SHA256 38e6811b47262101759aa51a631263d9e3eee5d211164318a751e078afec4cbc
SHA512 091764b8ad80aa31eea0bbd91ee505ebdea2654bc8aeaa3081a061d0d37ab13d27dd203075fd0de10c6687591aa0e36139a38af846c4e34e6aa67ab81dc277df

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll

MD5 c447ffc8af4633daf687e0a943061a60
SHA1 2f0a1854d75a82929dcff5308befe3b83439259b
SHA256 c01804c902c5532517fa0ceadc91beed01d5ac67adf062b7ce7eaba8272c40bc
SHA512 e0d650c35a46063d0e3870e1888d95827050e7792391b8c6ba4b5cd0cf2501cf0eb3aeb1c4a9f524467b6efcc4cb44c8816ba91aa09858c3594d8334a3eb2edf

C:\Program Files\Malwarebytes\Anti-Malware\PoliciesControllerImpl.dll

MD5 c447ffc8af4633daf687e0a943061a60
SHA1 2f0a1854d75a82929dcff5308befe3b83439259b
SHA256 c01804c902c5532517fa0ceadc91beed01d5ac67adf062b7ce7eaba8272c40bc
SHA512 e0d650c35a46063d0e3870e1888d95827050e7792391b8c6ba4b5cd0cf2501cf0eb3aeb1c4a9f524467b6efcc4cb44c8816ba91aa09858c3594d8334a3eb2edf

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 f9dd1be743bdf2ed9fdceb973269f51f
SHA1 fb636ede31d1b300d7518e1b0036aafe3d011a08
SHA256 96fd743c527c04d42d1ce23c488174f65452d0f18d23a31ec341eb58aacec51f
SHA512 86436d61a582eb32ca1eec8b858fdc6997f8229cecc4c7029ee9bb29466dfd06e8bac7b5a649992086e944ee06a7e2172d1d9f3787ed607ad86cd7a12d26352d

C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll

MD5 b7e5071b317550d93258f7e1e13e7b6f
SHA1 2d08d78a5c29cf724bc523530d1a9014642bbc60
SHA256 467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064
SHA512 9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54

C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll

MD5 b7e5071b317550d93258f7e1e13e7b6f
SHA1 2d08d78a5c29cf724bc523530d1a9014642bbc60
SHA256 467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064
SHA512 9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\LicenseControllerImpl.dll

MD5 b7a9a7b44b82e954c1b77e7b7f71ee66
SHA1 02f3eabef778d5641eea89d318268e79949da7c6
SHA256 ba97bf9a2a0c454dbd965ef7b6c12f582d49391d5297fe2ef4a94bb13d2d472e
SHA512 524dee007193cc13ee81e9734564e8a121715f7ecb27d113eb7d8265b7562ab60237aa64c556a819239ee9b4abdc8523a57ca666bdd48de82eca79efba771bc5

C:\Program Files\Malwarebytes\Anti-Malware\LicenseControllerImpl.dll

MD5 b7a9a7b44b82e954c1b77e7b7f71ee66
SHA1 02f3eabef778d5641eea89d318268e79949da7c6
SHA256 ba97bf9a2a0c454dbd965ef7b6c12f582d49391d5297fe2ef4a94bb13d2d472e
SHA512 524dee007193cc13ee81e9734564e8a121715f7ecb27d113eb7d8265b7562ab60237aa64c556a819239ee9b4abdc8523a57ca666bdd48de82eca79efba771bc5

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 fb19cab7a79c769eb13a9514b7b34ad3
SHA1 9db09f91286149dc607c5851b5b529e070eb593f
SHA256 eb1b0cb0c61403255060985d2ca1e2c8a65905571d59b1faff8914362edf673c
SHA512 5510fe4cf6ebed4404245ff8592085175a8d391ee68ce0bdac4392cfc94de539f89c7f7d9d40aa001b3ab8f9629d9041cd5e56c76651a1180bcfc170726329ae

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll

MD5 d0b204fb32962798ebd9ab0ad336a83c
SHA1 f281b35553afa236a214b910c537ecad0e3bacea
SHA256 627db74adff5407a074e94997cb724434478801607c972ff2afdf10d4928bb98
SHA512 5d3aa0851b7479d3c6d092052fa8271cb335f54ccac526a01c64745c222f906b6a5ece2fb6637e6dee878cf76af3ad89e0eb7e7686a7061c134a9e8e6d0d3eac

C:\Program Files\Malwarebytes\Anti-Malware\UpdateControllerImpl.dll

MD5 d0b204fb32962798ebd9ab0ad336a83c
SHA1 f281b35553afa236a214b910c537ecad0e3bacea
SHA256 627db74adff5407a074e94997cb724434478801607c972ff2afdf10d4928bb98
SHA512 5d3aa0851b7479d3c6d092052fa8271cb335f54ccac526a01c64745c222f906b6a5ece2fb6637e6dee878cf76af3ad89e0eb7e7686a7061c134a9e8e6d0d3eac

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 e12fdf95d63e258caf38b6787229525a
SHA1 7284a312ef6899cb48b57c029f4066f53e55afa9
SHA256 a911c05d7bbbff401f06712e97e45d42429cc9a6a9f8b83fc585c554b579f8b8
SHA512 81f76e6387fa90f0d45cbb1bbb8db20785661848c891e910aa4699378c15775f02447794925fe92835d0b26196f3144e93be5912b5d82bd85cca8ce8b2d36847

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\pkgvers.dat

MD5 b37cbc5b675dad0410edd91e31cf96b3
SHA1 0cfc78636afa64e3bfebccbbde459c59059f2161
SHA256 93b45799c9def45fbe6d41b13140888f042a6bf0040fd79645b2787ed72e068e
SHA512 ad217203620f7321bb604ed4db49cf10dabfeb31c3f3212f8807c7d64172909cc3789d0a4db92355542a74ff3ec61a1198f10d12a4c52f12017c31581aa07850

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\version.dat

MD5 36be0508baac01f2e1f45cdce0b2c540
SHA1 c0b54d2b708abc622264691550e1dbddfa34fa02
SHA256 57aef74d0a6ac936df7fd8f8b2f5d8980333837e7b7d68c89d4a74ca8a15b748
SHA512 93807d780a52f550406612ee3e4078baeb4b72082ee687a004a2f6476b058fe022f0f143c6f2313d66125e992e271821b7fc8574189b881a56df5ad7e2c46466

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 8445ec99bc684d5e1414e7041f5a9719
SHA1 818fd8ce1fbe11f0aa6255c7afab638554bb9bce
SHA256 1b5e1620a9546e9da37f694775a0450842d3a02b6743e7df59a21f8a9a6a9a2c
SHA512 f213b1abaf4a148df9e7e7f106fb443533ba33bc62fb0088653606ad47136c7548ae7d96ca44f34d39e7e3ad86bac1bdd0a1644ac08c0ccc5136a0089e6eeef7

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 40fb019e8f6890ea8a7788b1e7692e44
SHA1 930eae9014688a24d5976da69202155ef3e4e0a1
SHA256 f53f7f53f3118ff51343235465cd5357fb2fda7067f0d1f720d4d78cb7c1d715
SHA512 f5e95ff5f1ea9d5b4636e1c6dc59a7f56983b77879ec008f36c9f347f6c840b877134d013bdb8b607b1bea3bbc3d7808881e318af4db5a6613756f5dab4a914d

C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat

MD5 b37cbc5b675dad0410edd91e31cf96b3
SHA1 0cfc78636afa64e3bfebccbbde459c59059f2161
SHA256 93b45799c9def45fbe6d41b13140888f042a6bf0040fd79645b2787ed72e068e
SHA512 ad217203620f7321bb604ed4db49cf10dabfeb31c3f3212f8807c7d64172909cc3789d0a4db92355542a74ff3ec61a1198f10d12a4c52f12017c31581aa07850

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 42ef6e963dea5defe8ba7d3d449819eb
SHA1 79b08242cccf21e9ab3ad7076f9a50f8e4ea5ffa
SHA256 2f0c07ded64efa9a034473a8131641b7879ac5932bcb9034023688b6ba9fcacf
SHA512 b42f866b809c00e482e5e69905b688f5123a0dfa43b1760b993a411df4a2a27f3b87a19a70be7ccfb2214a7326a5caafd46b7c2a14f542a225b3adb2c0382cab

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

MD5 6c0fc7729dbe061bf963d5057a0bbc20
SHA1 e10506fd48d88589295ad76e69aeb50730aecf8c
SHA256 7896cfb34aa58c284c1d12e43e3d2cb64bbc7fb8c570a8d2a994337befa6bda1
SHA512 af4c56bc9d81923d5235cbf555ef44207063ebcc967a48e6d3b73e6b5797841d2cb7eacb84e622e568a0509bae590a71fefbe4fe75020a00afcd392d73185900

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rules.mbdb

MD5 fe80fd3f423307586da24448b02fece6
SHA1 5de21d2ea67524e8bc62d1786a8a636a29a2d9dc
SHA256 2ee96aeb00055f298676b0bb68582d80d5671a4567a4b7926f233c1e5474be01
SHA512 d602dc81602378e72013228dd9f9b577a9c588ee96ce4f13d17379b794c982db5cb5b883d68d87991098fd62bd911dc3400ed8c1de277fa70e16d47c9bb800fe

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rdefs.mbdb

MD5 2f7423ca7c6a0f1339980f3c8c7de9f8
SHA1 102c77faa28885354cfe6725d987bc23bc7108ba
SHA256 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55
SHA512 e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\prot.mbdb

MD5 546d9e30eadad8b22f5b3ffa875144bf
SHA1 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d
SHA256 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f
SHA512 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\clean.mbdb

MD5 139463e2c959cb40c3cd45d9fbde3d9b
SHA1 366d67d10d35cc969de0119c43793944810eaf21
SHA256 db2c789d5b6879a3a3ba9bae5a928be8f930ccca617daff4f2d14d148a232808
SHA512 1a37f6bf3cc837a6582cedee5e72ec5af19dd9707015ca1ad12d20da6d5ab26efad8bf79ddecf3eb8e75f0c9b06edc7f9a6a0319e130496c10ef43713e0426b4

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\mbdigsig2.dat

MD5 1eae792873015a3c7eb28ba2ba3834f8
SHA1 db4b209eb0433c3363a0f473a6171bffee54b248
SHA256 b9ed5da8fde23e16680f7b7f84bfef8a5c7c6b3815b4c408672784b83f245433
SHA512 ca90c6d37b68be33a5d7c7472e0202d933bc2104e695224f48d2ad8a347eede8beaad064e600c027b341c1084c975f737e8cb4463745be0474175774d058de9d

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbmanifest2.dat

MD5 2c42b5e51c2d9106a7897acfd00b2609
SHA1 710a2113f4982cfd7b5224cacd9be60f9dd8ff79
SHA256 a629fa588c7a1fdf147f02b01bd0116acd3544d5233f61f29268027395cbbe60
SHA512 662fded4ab22ee59a69dc6b476d8d3192ff7a642aefb307d96316f393f14058690f708921883f46a0f7cb375286f223bb6e79c0b984ccaab82a982a84e2bd94d

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 6c93bf4441478ac1e14435005b4c99a0
SHA1 99b30d97bdfb8ffa409cd199423513b92c4f7740
SHA256 0aa922a752f377dc7c0413aea7af55e8e43b126f41227205a5c342a7eddfff8c
SHA512 de5467795814b2ab11a0120fecc5fc22e75d683c031efd06c25b0603224b04cf453193beeb58338bfa8a63d0a488969600a8be14740212154d6d45fec3160f36

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

MD5 579a6ae8838b6d228b7aed4ae9a0848f
SHA1 22d6edf328f104d64e02dc659ed7b38cb38f0d4a
SHA256 34701a6106be29c982869c9d5f6ff9e4f19067067ba115c5ed95159df357eb47
SHA512 c2d2967e66bfd658922aecb6a7e3f2d67260eed710d613a6667676c843ad98802c3c1f97a660c031ac0c869bdf91d934bfe08eedaf7f0b0314145f74b1455a74

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb

MD5 546d9e30eadad8b22f5b3ffa875144bf
SHA1 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d
SHA256 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f
SHA512 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb

MD5 2f7423ca7c6a0f1339980f3c8c7de9f8
SHA1 102c77faa28885354cfe6725d987bc23bc7108ba
SHA256 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55
SHA512 e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

MD5 fe80fd3f423307586da24448b02fece6
SHA1 5de21d2ea67524e8bc62d1786a8a636a29a2d9dc
SHA256 2ee96aeb00055f298676b0bb68582d80d5671a4567a4b7926f233c1e5474be01
SHA512 d602dc81602378e72013228dd9f9b577a9c588ee96ce4f13d17379b794c982db5cb5b883d68d87991098fd62bd911dc3400ed8c1de277fa70e16d47c9bb800fe

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb

MD5 d5c6118b9c8d985cd2d6cab62e00e421
SHA1 35b1fd0d1469ae0e6dfc5e6fc80ed161de341898
SHA256 0bca2aacc3d5bd02d36e6ff17c9a37aae755a84ad655d8d6c74d8a4fdff10ec9
SHA512 c666ad5f14c865beca2e53131564b20cb773113b8e100aace699ee5947211e2b3ef6e181d75b2c9f7609ae4e4367f44cbf56193447fc1e010e51f8256f81bc9e

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb

MD5 1ea93d79f3296bff87f1e9cb88574555
SHA1 7c855224471936c14f95ae5ef7425cd7e6de6583
SHA256 7ce99ad27af7a07ade3d1864e2c5752cc9949e0b6389beaa0e82d68945993387
SHA512 9254705dc20fbec7ac02416754ecf2a86b6811ef386be11093fd7d0957e8ae32acde9bba84369a0159005392e61bda5ca1d2882358bd22d5ac03dd23c478b8c5

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb

MD5 139463e2c959cb40c3cd45d9fbde3d9b
SHA1 366d67d10d35cc969de0119c43793944810eaf21
SHA256 db2c789d5b6879a3a3ba9bae5a928be8f930ccca617daff4f2d14d148a232808
SHA512 1a37f6bf3cc837a6582cedee5e72ec5af19dd9707015ca1ad12d20da6d5ab26efad8bf79ddecf3eb8e75f0c9b06edc7f9a6a0319e130496c10ef43713e0426b4

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm

MD5 a590b9a0392f031b7bf13b9ce826d115
SHA1 ffaf6113af9ac9ed1b75e9997470dd4611b7c1a3
SHA256 ac7181c2fc494823602cdab8c5321167f89684f63c12ed29ab08848645d550a7
SHA512 60479cccce0b7f3431bb30d43a06ba26a2b97315f9d6de960895256b2ebfb7c8dcf67620576b28975358ede32735f04d74db088b5b4826a768ee414da8f05a27

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

MD5 82d31a2fc73ce67246287019f9268c02
SHA1 970136601cdf054228a64d07fb28b0dd2a7c3289
SHA256 13b869536724ed4ce54cb5c3aaaf5e5e63cd6fef558fe87d4e42e74043fafaaa
SHA512 3985a33c202e65c72483bec71845cea5fcae33c7f70a1f4762184c7ae087de0d83b4d87079860f64d86c5b81e14185a9a7b52d65785baec5ec9d1820e73064db

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

MD5 3f2c1c195bb5b25a536aa76b5bd4fd37
SHA1 f10e90d3e277ec66cfe767a8c084c002d1c03cf4
SHA256 5f114cb8c3d3def0ccefed8246b2dcb5fbaecd93cf5660fe5600fa6147d28e0d
SHA512 1217c28f1c3797641874166248bbfec8c140390329f06e2bacb46fa95be9157deb8242f0d7e6ae9620cd90ff0159003ea896174d6f4219e9b7dd6d959d7f1107

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat

MD5 10f23e7c8c791b91c86cd966d67b7bc7
SHA1 3f596093b2bc33f7a2554818f8e41adbbd101961
SHA256 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc
SHA512 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt

MD5 aef4eca7ee01bb1a146751c4d0510d2d
SHA1 5cf2273da41147126e5e1eabd3182f19304eea25
SHA256 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f
SHA512 d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat

MD5 1eae792873015a3c7eb28ba2ba3834f8
SHA1 db4b209eb0433c3363a0f473a6171bffee54b248
SHA256 b9ed5da8fde23e16680f7b7f84bfef8a5c7c6b3815b4c408672784b83f245433
SHA512 ca90c6d37b68be33a5d7c7472e0202d933bc2104e695224f48d2ad8a347eede8beaad064e600c027b341c1084c975f737e8cb4463745be0474175774d058de9d

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat

MD5 2c42b5e51c2d9106a7897acfd00b2609
SHA1 710a2113f4982cfd7b5224cacd9be60f9dd8ff79
SHA256 a629fa588c7a1fdf147f02b01bd0116acd3544d5233f61f29268027395cbbe60
SHA512 662fded4ab22ee59a69dc6b476d8d3192ff7a642aefb307d96316f393f14058690f708921883f46a0f7cb375286f223bb6e79c0b984ccaab82a982a84e2bd94d

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin

MD5 544a36063346eeb1e751030008a9f7e3
SHA1 b5c44a037d16bfd5cfe0e6ba9cb770111b3aac82
SHA256 33a822063dc53b5a693b5920f6a14bf4c9c1905c08b3257b7621c9f0c41d39d6
SHA512 fb86ef1c271d10da364654b244253a4492b8331d69e2a71479671a44f613b88a72822b5a849159b63b7b28c7cbe0c6b7ed35f82cf749a598b23676fae70f279c

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

MD5 1eff53d95ecaf6bbfffe80d866d8e1dd
SHA1 d7ef7d7c77fd04b2c0eb8c16bb3cd08057f6742f
SHA256 6dd748f7ca56125cbe158fa3612f08e7312ef58ad5375e6b7ab5532cc16ca0ac
SHA512 c59b8e6f0b238a247e64b9c7bb42213dadac1dada63542830a6292361174c935c0c662b2d1aed3fb6100cc4993297b1eaf25e328f2b4613458c4ffca63b9f02d

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

MD5 1ed53171d00f440f29a12f9beb84dac4
SHA1 4d9a1e3579b0999f1ab2fa818b588411e9ee920c
SHA256 e659e687a872050f9e65d78992d16bd9b393cf3f8e8c94e0e15fb42b7065327e
SHA512 17161cfc672d1b996b8af4ebac17f9a8a3807f38c9a23e2e5b4dadcd9a21c3a64faec9bf59147022a9df88b80f89300f1b537091289bd7a42806bd206a317e6e

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

MD5 f712ebc5aa4cc78b7f1a0c8810ce7db4
SHA1 48899721fbcd93b7d5440ce269b7777a62582eab
SHA256 46d6f6dad272240bcdcfc0d5c42f88a2784a5ebf31bb284555cf260b21e8a4d1
SHA512 20ea70c3b4e3cdd3727207b9b13e54332bee15ca18cde5228c7f93982310d77e5f6ebccd1a8251ad4d8cbf9ac6646bf7f5856f1c82d3b3ef2390fa779ec06017

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll

MD5 888b794737cd78e918486cd2a4116c65
SHA1 335aa063439ee8c2242591dd4cfe6c9bc28531fe
SHA256 2194ea4af98e6ba23e14ac60860a6c727f4694a9d904025288997ad05f0859bc
SHA512 f6a15dc86a89adcbf9ea6b96eb7d5671a2077696ef4cacf88c36d7c73c5f28d96f4a257ae8672981a24907e0583bb15c01dfe09ee1ac5837ffa693d5668dbbeb

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

MD5 f4bcae29120428ab0d1b72acc375d7fe
SHA1 0970f103d74c634a91afd69388ab692f2df4819a
SHA256 f6e63c104b5a3714a035d2272e4663b0d9599c405bb31e7f9e7e108205707d4a
SHA512 078c4a5a15882ad74eaae3539bb787f28a5b3bb18e8b3a33bf44cfaf98d7dae05bf73245193ad2d3075686b6405c25a6cecdad3d6bb36ffa8b3da5812ae675b0

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 0bed0f6f26ab2c0e6aeb0413ea2124f9
SHA1 6f9eda0ad2359dfa2db38870791a174b8262b222
SHA256 55676a373d85ec4e520019db210cb7253733fd6b707161b5f566c88249a166e6
SHA512 c23ecf47486dc925b4ca791c2e117ef6597807ad80fa5ce0292779a23ca7d3394d6cd68387e6f1a40b2b436d4916e9db06f0f97afe64419c2e295e929307d877

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 2a6e8898c1b3b5d6f3dfd9833660c6bd
SHA1 334e039e17f77db95457a1dbfe68b4e3a1f26389
SHA256 3de8b319b1220efebbf6cfa391571f7279658a68c1e9379615e5f6f9d1c3b73a
SHA512 6ddd687be3d80484f88ed386e50f32d6a37e9c4b41c13516ac676195f0bcc1f639288f1da03edd6279985c80d1b6644b5f8c77a213b9963ec1304bf48cf802c5

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 fbc185ebffa11e2d531a485bf7fa2cc2
SHA1 8c4522373dd0900403e14bba9fbdac29c4ed0c9d
SHA256 ebb0fab2a07e8cc45c45f7daa9899b45347e70e784bc61353348b7059fdc9db6
SHA512 e3f539e510bd7522875cb30d2f40eba930828e8048e65d9751fcde6294b6d0aafc24336c631735182e46b8fbfc54f90335e76e9fbf99ca8ed5789a781cda775f

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 c34883290d4547db2546e5052d93928f
SHA1 548b43822136a080c864707e8b2a6a8a59ad0ddd
SHA256 0d6613dd03e31c43998edbb42e3dd082ce7c9e1ed3368c8152418a8994af5e59
SHA512 6abba6f3e8e76aa66829a09b5069ac3c23fbf17d4035d33f0c09ea483e39f121cd15c2fd014922741324f511021b4719f3d80f818fd40a9e34152e4d6f35de46

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 ec42f66dfe19222641010448bb98d3a5
SHA1 89c734aa14c725136fafc13824cb99af37a5b658
SHA256 566e6a16220ee198fefff092adf278ada60a903b8d32718214a29cda71edc20e
SHA512 3692928c3350f1b937825ea5b81cc2442258a5d283085c959c50ef931a5728587c35bc1abdd6966de5489697a9b12c8e58ed6267b1a4115f28e8dcc7e1db33dd

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 b6c7738c176e4aba409a3bd1faf25d2c
SHA1 cbacf7224597a6db885d01a46bfcf76f7363b5e7
SHA256 99269a30fccb9363424ac9e582574227a19780e6591073c7108e34cbf8c2a9ca
SHA512 c58f6dec295a53f0ce9b23ad47196957ede2a83f9d8b2c846c5a37f1ba3c3dd605d515725639624fe5459e9e84e1ea47e6e334f04f87d84f61d8eb41a0596eb6

C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys

MD5 1dc6d344ee9b6b024ba23278891db9a5
SHA1 519b792d11daa2bf9d127f69cdd603a236576e04
SHA256 823e1c7321e177b006c1f3fd1ec8b99607a12d2c3c321f3a6cbbcf7030b6c240
SHA512 fb96c4ede03c3aa729d2ea5a72c5f14029f6d69a79b6e0d5449e371bf3acdbbd1cb2079e8bbac3a3140a257c71018bc7a2a31a45ad5c8b65382e67cc3431ab6a

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 51df0781096797179129a1d43441a133
SHA1 15899eedd406d4826f9d22516193dc4c4276f9ad
SHA256 b386710e726aa22adf7427d315e163ac462251e57a433830ed1d93b70da3cf22
SHA512 397648ed6c4bf71604fad030994ae6170f0049fd08e21a9800e2715ce06dec7dbe4a9b62ce3726bc9fad083e1d8a2b85705f1c107e2c4169b0b8b2002d2229d4

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys

MD5 6a21162e1c8a9f65787b14bc439eb077
SHA1 1bf68b253edd6cae098144e24e09b4e22178784f
SHA256 8b7990e1c676f53918e41f6b18b20179d77e598352d9243b05e2ea22b2d9e4fe
SHA512 a0dafe66479b9e68ebf04a7e2fa7c7cc352fb075356b7eccebee7af527393711e3cb36c7ff6466a5e28b17d1d003c1c49ef176b448f5de36a7c8177c9c8808c4

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak

MD5 7ce87fe4aaba4095e6df63cfcc57f502
SHA1 71c38c55d670de4a2863edb1d295940921166bee
SHA256 0b7b5d08707d02eae2a97e1fe68c2032f484b4a1ee722158e53b95541958461c
SHA512 4060e0b531ff39bf480c3c1be9c1c536731638adab4473557aa48c30441b07789934b7db26d1f808ce1b26aa58324ed1dccab23df68e108e1715fa778eccb41e

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 042faf2b0f3c03348a69b56c5408ea94
SHA1 02b5fe5da87a126110ce373f29c7a99cae5de75d
SHA256 324f2e7e56677bcf3d372413c3c3cf20877c7cf7c695e5669d1973d186e547be
SHA512 efe91a4c82adf560e341ca9b231ae2b44675504f4dbb4a28fcf538a9de635c896879dd8b9ba93368359a3156c801a289e43248ee34488c5524e56e68e5122d6b

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 e6cdd912a69f5da7d06d179b645e142c
SHA1 51a04b04cd78fedce1a51a601e3e463834188965
SHA256 b3f87aa355cbef29ad16eef89f86cb5f1e56b2f00806b8cd347997a5819e74fe
SHA512 8bcb939c78a81a6c2d47213f0f40522793b3f0a9dae87ab5b5485fbe03795df878d79966f6ac156c999987849b8b4782c04b747caa805cf5c2aaad46f7a5a5fb

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 4d77df5aeab284b81af0682c92f82363
SHA1 aec722264e7f71285ed568ae4d996cce0f95f517
SHA256 32f851c6f0be81ee7e4218b8d9fa76c3211f4ea3ae793bab075f1efc777e7fe0
SHA512 89c46600dc512e89f73507431ee3ad055c58ae093e10d49bb1e9b338e18bdd08a2dcb71519046fa4ec4a5f84a12592eff010dcb5e1dea30cea128ce501aa0929

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 fa778165891efa02c5498b15aeef5343
SHA1 1e0cb8facdcf47e84575b9356eb4d2970168fe1e
SHA256 d5e69b3dbe91132f688dd5ea284762b0f3870a928582998b642a91bca3ad5af6
SHA512 d53ae4de3564450dbf43a68ce0018f2002e5bc68422c60e0243b4765c28a257c9036b0d54c64d800b8bc9220201e7ede18a418d8da0241ef70bac86ad7af8913

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 5574f5de75ea1ea1fd5f61b320c48c28
SHA1 c4a19e70bd4bca7ad35c352016d5d7ec860ea995
SHA256 8768dc0a203b103ec7262224452f891d0b23fbc154c44d0f4145c080c7996c28
SHA512 eaf23911461a5af09c40de6a05c40f50a0b2ca29ecf34e053b78307cf3cef459d0d2cb46a425d448ca789167059c156ab19a39cd37ac5b54824e8fe59359c1af

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 bc9a1a41811bab3d01486635bcc4548c
SHA1 403f4019616bb4a06c4eeeba2858fd7a556dc1c4
SHA256 517b7169e994075e7c2a715aee3832aa7a63b1432e996e2d853d23db32acf9fc
SHA512 0b84cf39219e2bc4d0405890854ea1cf49665faae340f0b38334493c98e636ed49ecccc2c8adff585634058d7d56a7c1db82db7c45ee62fb48f49025df0914cc

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 b2b2bb278b691ce1c06f509b80ff279d
SHA1 47edb8574baa339ea8e35f1bba0f0cee753bb207
SHA256 2ca66770b2847c41f33b8e3123a68673b1893f476bc8b8bc043ac7cf6489c04e
SHA512 50f125103bd84c61fe075ec1180fdb25bfb365ad8d63e87eea06e1ceaf82a3fe8ae0e91be1e1b04bf7d4392552503b5e6df9ef2771075e6c9f44fbea1d0e3a46

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 a94729fd8a322d324a453ca732bb9d03
SHA1 8b04488904ca04596a22245552df6db20c75b5ca
SHA256 af0faa07d7bdac3954d9cf222d0bf3c06be5ae4a63fa7a0373fadc6e23ad6193
SHA512 96f69b7e72d84057ad1df8fc62b999270678683a107ce885578b716e2372e20678c0b9689d5a665975292728c75580bac166f2f4f0621972898f5e984d8592b6

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 c96fad3e48fbfdd3407c63d197250413
SHA1 48245720d9786fd3fa7325ec887baee24549052f
SHA256 83228098c78e5ee6172fe57f51c8b12acacf30cef1743482e3be3d507501aa1f
SHA512 3065624d34666f701d8cc3240fda19d1a5d1f7adcd2204285f73e5fc7cf02d3943349a3f4a77fdfb7f5be071532f6be277b8e18191465dfb7547397eacf961c1

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 901b9cb3425a7d3b2c5cad8f17ec3cac
SHA1 72e2c5e4405cd4ad121f3289744e6557a509330b
SHA256 80bb234b5f5cc9fbc200adaadb36b04ba9a7dfdb21c62ec16cc3a324f0aa0d0b
SHA512 94dde8424c394c1179b3d0fe2f1402c851601b6d45e1ba6dd3461fe4dd6554e993973d0e948e7bf3dabaa4b0fec00fd3112e249dacf224a3c8882c18a442be2a

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 b3dce12ff3ec9b9c50af2f74c1e3334d
SHA1 405e5e6132a5707e7e21abd09b794065bd52707a
SHA256 be5437618074dae879bf4926f7d3327df4db7605a29ceacd6232d5b695c222f0
SHA512 6301bd44e77c4ba98d8fc13520848a7a3e5d28eaa731f00156aa401cc52a8ce78ea28038f7f9b38870c4a3466eee46134edd2ad75c89a7c2aabb1d528323c6a3

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 5956da9c1deb07c2175b03fd5f410b69
SHA1 2cd883aaa53d8bf8c1a7818c5bab21866c56be58
SHA256 009ee570085edcf38e4e9db9b54d8e85a8383f4ba1f1fdf9e9bc188256eed36f
SHA512 fffc2627f50d6d934fc1ba5d62a573416a39bec3712f3666a30d8460ee7697f9b8310c2b6b91c227d35a38f8ffb419aa7ae412db4a71d6da77b81f71b49a1ab1

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 d961e44561538c50ff889f978b16c1eb
SHA1 ba0dd99a6fc9baf6604c9e99f08fb73403e69b82
SHA256 2c77c623fb5d9ecb3535bb17f1da105bb603682d6a52a0b9ac830d6b98e7007d
SHA512 876b3d48f40b988464c7a3873d780d2866483928b2c151006c9e3cbc659e9415d6c1a45e9072b4e4f2ff02c2f3c8a282def453fae37f1495abbf81095de7a986

C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

MD5 0eae912523483b77c66ebefaa361fbcd
SHA1 28fc9c46b610ab4b94ee4e6d0c33d5b155fb5175
SHA256 cc3c1308301e3916a9bdc0c00aaaefc5f4e5207b4626364500d30d7d977d3a9f
SHA512 d302b81a4f7bd9a8120e437b9448b36760cde3ec061b971895cb7ebe08ed7c502428302effec80c895237719323bddec585526665fc7cd8e2beafb67d7abfb1e

C:\Program Files\Malwarebytes\Anti-Malware\mb4uns.exe

MD5 bafe0316a997b14cdfd91ea213c67542
SHA1 5f15257200374c7f3fc7e8858578cf2edd1fc58f
SHA256 08ef4e9363d8117bef551cb3ebc1370c066ecfecd10781b64a6510b7d2d8247b
SHA512 931fa97c40e7a8822dda69af856343effa794e304b3d22f8c5489db1b05440c2d84b9dae37a0d0429987aa4f0dd5b2399fe228b494efd1b8c27c12a4a522abbc

C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

MD5 bbc2f701f6397724ec997def851785c0
SHA1 ca16d57b0defe2f4f0bb4d14bea9baab5bc6874c
SHA256 083c0d95f234f624559e19a3be6de5bd304e0d0c43b68a78487cf01240bc08ae
SHA512 d0efe173217fcac12c0b1c366b7742ff8d8eeb4e8689b73562e5b1ec57427b0b94b249efe05d63f8b14684a1a46890c9f89896b01882ab31bb0a601d13b7a49b

memory/5624-5143-0x00007FFD63330000-0x00007FFD6389B000-memory.dmp

memory/5624-5142-0x00007FFD638A0000-0x00007FFD63CBE000-memory.dmp

memory/5624-5145-0x000002E5E95F0000-0x000002E5E9A30000-memory.dmp

memory/5624-5147-0x000002E5E9A30000-0x000002E5E9C30000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 78c7656527762ed2977adf983a6f4766
SHA1 21a66d2eefcb059371f4972694057e4b1f827ce6
SHA256 e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296
SHA512 0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

memory/5624-5154-0x000002E5E8A70000-0x000002E5E8A80000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 099b4ba2787e99b696fc61528100f83f
SHA1 06e1f8b7391e1d548e49a1022f6ce6e7aa61f292
SHA256 cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8
SHA512 4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8c11c73f04f2d990d31290add3b152b3
SHA1 0fe13aaef273ab4fa6e8e500a672b9c26a20137b
SHA256 85cf97b1ed413e5b92861c6d1d305d651d0e98a37079e459add4b2c4bd47e288
SHA512 7f7b1b2a0f7ed996de483d135abcaff8094c02e53829b903b26517ed0ba83955cae8e613ee80bb5893b3228372abdb6156f3d5688e60e82910d0356fec8abca9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 02ee7addc9e8a2d07af55556ebf0ff5c
SHA1 020161bb64ecb7c6e6886ccc055908984dc651d8
SHA256 552d3ed359b7a52278ce621674d16428d8a7969f6cd5663df18e240cce66aadc
SHA512 567989543c3848a0c3276d96b96ca761f750e4b71fb74f36d809f590ffe16a72fd5ece251737a8b1ffe65f0051e211bd7ad19d2b8b0b7ca1b7ffc86dd2a52883

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

MD5 b16122cfa7621b4b8fe4916c0814af06
SHA1 3b2a6d09db4e0227ec44dd8bf422f11d4896cd37
SHA256 2d5f21727d8792edeb7b417fdfa14fc8bcbd139cafc1df26fba8a5f2676f3354
SHA512 f83c080dd76cc57a402d85d48e0e85071adc56c984265abc0aa1eee8956203cad2e9458d4fa5573a9457b565b1df7e6a167ded0c6341af7fe887043f5468a30d

memory/6432-5248-0x00007FFD638A0000-0x00007FFD63CBE000-memory.dmp

memory/6432-5249-0x00007FFD63330000-0x00007FFD6389B000-memory.dmp

memory/6432-5246-0x00007FF7D0500000-0x00007FF7D1AF4000-memory.dmp

memory/6432-5254-0x0000016381F00000-0x0000016381F10000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 16109cda71c087e852d17a40eeba4ba7
SHA1 8a30a51aca913b50d04ec07c13351ef0c4b00b2f
SHA256 c521014dffd68bc028acffec5a03bbb1b192871c60e6f93fd75925452f6a70a0
SHA512 cbdb6a6317e8f78cf93e6aa6930f32603d126a20b0bd4d221ce749ab1c807d9364b060a1c02d147c04712c2da807d697ab63bc570a702f4fb5fcc736ee0b92cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 aace1657536d089b95aac410d96a28d0
SHA1 735b65adaee9e136772ed37859a85b765c04d71d
SHA256 a8280cc56cddb27709ab65cadadbcdd8cf03bfeb216f526c7d12801d019c4c7b
SHA512 8ed87df635703c5d8b0a27fc26b1d25d9e42303515d5a45b2837288ce568953552aeb1eb8c74fe7f8cd0b478c2b1e9cb7eeb27852bbb1b2938864474ce74d249

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 7716e124e19760049484d1bcde4a8af2
SHA1 51d50c9e9b7fc658c1316d1844418cee0baffa2a
SHA256 fa7968a9a888e1a6dc6ac6126b8edd6e73974c2b0629f669bfb74916f0e7d534
SHA512 1ed454872f7b74892c20843446f914a6b0b985d6bc7579130188a07aca8c5fbf0a8759fa63ae33649b06001191e2637f55c22661a5c55a259971b409662be00a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 4ab212d67df0d744f74a6f6a257b2653
SHA1 7844504c6b52741b4467b98856b2da4d2e276630
SHA256 6b5ed11f9d9bfad094e0177b6339804dbdccfece80ea0636343349543ca69c63
SHA512 49007eda96079f2a85bda5836ee21c5e9e1812e4b2f286551e6935bb61534981b4df7dbbdedc6c1fce487406b934a674ef4dc69308bca6579b93c9c220065e6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 f75024a7d56d594307f8960513ef2caa
SHA1 20bf6c585e8fc8013905aebe71b3badce53f2807
SHA256 41fcb42cc04ac80cffc4311cb331c6dd07963390b7b2cc313ef50117c7ee6b0a
SHA512 02b7e216976a4f6c60dce92c7d683ae5103b6b4dd5b0e7ca7b833149c5d07d4209c3be42d66dd46ca204540829449cd7d33454f360ca57dd4f0d8024a47c6985

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 419f5f96000a86c0bc2b1d8827af0fe3
SHA1 5debeeb31047c9c5c34fe9a648e61d9687c5d118
SHA256 ce1546ac0d4e5075e46e8e408d1fd2073cfb04684d3b5a5a975462c44c335fe2
SHA512 4e428bec326181b42d5a97e1c1ec6b9af279b362dce31e4b6858961052ca2c4dd0c3b7e3a29a1b7900e34e51036ec8bd958822311c377dc8ef5a295de2f99e7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cfac2b3dfa88049363a0555ff46a983a
SHA1 b9e22e151038b7fc8bc831707c4a97dce2750df8
SHA256 49b65be47bd8bcc4af09db7f4d23116506d5b84d4b426478dd5e7400aa759ab5
SHA512 765f90851ab49c26c74b7d22bfccdfc6d88c57f76b58b857bfaf67cfe0984e41366c2cf554f6f3bcdb0944b9c7d3f9925c3173cb81756241b30883d79c72f37c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 28bdefb0a621abc3b9b1bae9be63e30c
SHA1 5b572ecc7cc2d2ded16b5ff293f15613f982453a
SHA256 0f59300a8b983d420bf76eda3de32e8bfbe4582255bc58bb15f3dddbc7408a96
SHA512 5751a5be08cf823b527f8f0c52aac3545e3e022356ac4d2a2833b9ab1714e5921d947b2d43e7cf07dc542ff4c1691c7b860cebacc841e9e3330df76733e74a7f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 057ef20face4e9add03a87b182a54f40
SHA1 6b057392156035a6d06b3fb0ba9895de280f9ee2
SHA256 c6b4eb209588e2769b61663d89879cc51bf314f59237c420cd4162bfc513c495
SHA512 ae2183d8f80ef2ae39528c8c98a4f028c7282117393739450c33c92f0512fa97a31587e02154661b2839d8f80112ea410455a1ad610dc0656da5d6c378edd0bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5c27b2f51fd9ab29a17ff1a08dd72664
SHA1 7eaf2036a03f0daa680f72b44164073dd0e6756a
SHA256 59e7fbbfd85af47265d07319251b22dd6bdc5323d1e38a2d164bdd3537142be4
SHA512 e087537fc59bdeadac52f82e43ac864f8bbdc91ddba6b4400f378fc0b57e666690c3312a24623cc7db0165b435ad8cde1c0dc900c68a008d55fb6f6b2e9072fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/6432-5561-0x0000016381F00000-0x0000016381F10000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 54a8eea4eaf7b8e1d37a45c46169d8ac
SHA1 805bf19d02993d92101c58da2c5fa81f69af5ba1
SHA256 0e28b80e274e4ae748aadbb6ed3063ff68b6ae04f4215cd47eec00546f6004f3
SHA512 765a660d027430178cc62194035dd280414a3b8ae7c06b71343274de24d54a737e349332060eeebd1c98f80179b9a225e650913e579a62365916e2fabb231b12

memory/544-5585-0x0000029F14200000-0x0000029F14349000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 81bd9282857b45fa61352a8c787e37e2
SHA1 3d088f248815705eba3a54d5dacebb9069b3beab
SHA256 96d1a8c05c914965cfd270a3a191e23a12a5dd000d7ae47a328f7cf932b897db
SHA512 d6e4400a275cb04083cda8f2ae978489775ff733a364aaec5f5abd76048da53d5822545a3906270da04df42ae072f29c96094c06b615ec88d0d689d42eef2033

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1bb3061f2f56d4b55c8c9574ba2c3d24
SHA1 20e1efab09bf1307dcc2267b36699102f4fd83fd
SHA256 92014ee1a3341677e57ed86bd2a764493ffc057a2fbedc4fa8cbe55330ab464d
SHA512 2da10139864ff6339ce6ab4195bd3402ea574867a4378bc9c2c3dde82a9924194d4ac16d7b197bcacb74d29b64edd07014fc7ba215e61860fcc7d6c0da86d8da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 756ff205dffe6e8f7b0a5e1a943adc6b
SHA1 69168bd7db89bdcb190e79793a36ee2021d9a6e4
SHA256 56cd86c02b31949f18dfd768f4aae9f731eac8745349b4bc2e760d58b837f0aa
SHA512 9a81033b47002a94f75f32eb1a04272a3a8d682a1aee6cc23750f096d07e2e1ac6e79cc53e551a9703ae3dfd7309eb457f126ca3d48ae8e01de8f28e77829797

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 35c52a9f76019d3f439b12751e8c1023
SHA1 9f7982051472e60335fc81a9d95f9fb1638e0ee5
SHA256 0ef967a1b48ccce65276e625e1c959c5b352cca6b612f243d4db814caae10b67
SHA512 3613ffe54924299788245a2c56ea0c657ebf107b6e8391e4ebcb8c0a28322bd648616e157370cdcb9ae227443a6d18e10b192f3d3ece37ed32efd0c3d77d3016

memory/6208-5784-0x00007FFD63330000-0x00007FFD6389B000-memory.dmp

memory/6208-5785-0x00007FFD638A0000-0x00007FFD63CBE000-memory.dmp

memory/6208-5783-0x00007FF7D0500000-0x00007FF7D1AF4000-memory.dmp

memory/6208-5849-0x00007FFD638A0000-0x00007FFD63CBE000-memory.dmp

memory/6208-5850-0x00007FF7D0500000-0x00007FF7D1AF4000-memory.dmp

memory/6208-5977-0x0000029B65340000-0x0000029B65350000-memory.dmp

memory/6432-6008-0x000001638BAD0000-0x000001638BAD1000-memory.dmp

memory/6432-6009-0x000001638BAD0000-0x000001638BAD1000-memory.dmp

memory/6432-6010-0x000001638BAD0000-0x000001638BAD1000-memory.dmp

memory/6432-6011-0x000001638BAD0000-0x000001638BAD1000-memory.dmp

memory/6432-6012-0x000001638BAD0000-0x000001638BAD1000-memory.dmp

memory/6432-6014-0x000001638BAD0000-0x000001638BAD1000-memory.dmp

memory/6432-6015-0x000001638BAD0000-0x000001638BAD1000-memory.dmp

memory/6432-6013-0x000001638BAD0000-0x000001638BAD1000-memory.dmp

memory/6432-6019-0x000001638B060000-0x000001638B061000-memory.dmp

memory/6432-6018-0x000001638B060000-0x000001638B061000-memory.dmp

memory/6432-6017-0x000001638B060000-0x000001638B061000-memory.dmp

memory/6432-6020-0x000001638B060000-0x000001638B061000-memory.dmp

memory/6432-6021-0x000001638B060000-0x000001638B061000-memory.dmp

memory/6432-6023-0x000001638B070000-0x000001638B071000-memory.dmp

memory/6432-6032-0x000001638B070000-0x000001638B071000-memory.dmp

memory/6432-6031-0x000001638B070000-0x000001638B071000-memory.dmp

memory/6432-6030-0x000001638B070000-0x000001638B071000-memory.dmp

memory/6432-6029-0x000001638B070000-0x000001638B071000-memory.dmp

memory/6432-6028-0x000001638BAD0000-0x000001638BAD1000-memory.dmp

memory/6432-6033-0x000001638B070000-0x000001638B071000-memory.dmp

memory/6432-6027-0x000001638BAD0000-0x000001638BAD1000-memory.dmp

memory/6432-6026-0x000001638BAD0000-0x000001638BAD1000-memory.dmp

memory/6432-6025-0x000001638BAD0000-0x000001638BAD1000-memory.dmp

memory/6432-6024-0x000001638BAD0000-0x000001638BAD1000-memory.dmp

memory/6432-6034-0x000001638B070000-0x000001638B071000-memory.dmp

memory/6432-6035-0x000001638B070000-0x000001638B071000-memory.dmp

memory/6432-6037-0x000001638BAE0000-0x000001638BAE1000-memory.dmp

memory/6432-6038-0x000001638BAE0000-0x000001638BAE1000-memory.dmp

memory/6432-6039-0x000001638BAE0000-0x000001638BAE1000-memory.dmp

memory/6432-6040-0x000001638BAF0000-0x000001638BAF2000-memory.dmp

memory/6432-6042-0x000001638BAF0000-0x000001638BAF2000-memory.dmp

memory/6432-6041-0x000001638BAF0000-0x000001638BAF2000-memory.dmp

memory/6432-6044-0x000001638BB00000-0x000001638BB02000-memory.dmp

memory/6432-6045-0x000001638BAF0000-0x000001638BAF2000-memory.dmp

memory/6432-6046-0x000001638BAE0000-0x000001638BAE1000-memory.dmp

memory/6432-6047-0x000001638BAE0000-0x000001638BAE1000-memory.dmp

memory/6432-6048-0x000001638BAE0000-0x000001638BAE1000-memory.dmp

memory/6432-6049-0x000001638BAF0000-0x000001638BAF2000-memory.dmp

memory/6432-6050-0x000001638BAE0000-0x000001638BAE1000-memory.dmp

memory/6432-6051-0x000001638BAE0000-0x000001638BAE1000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 cbc576cd0785ff7c9a8e8ff96bd438f1
SHA1 e59e4477c2567a0595e3390438ce36badf5f1856
SHA256 e28cc3fa4492a0f50281c3f92d79e1bda2f1dcf2e95657f8541ff7c90cfc8486
SHA512 a3355bc29f87ad0d800f446f59fde1cbee65840957b52ef0367de12da3e525758a91d945cd3e9c6d42f39adf9db0fb9fbf5f381384505c972feacdf055e675c3

C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json

MD5 65ee9f694894f0ebd3ace8af90134be2
SHA1 0945dd27261c278d1ab9a3a8656a05c384ad78f6
SHA256 af2027cb845197bbbd37ee5cd4d3f04e520a382ef2120e4cbe260ff55a288d48
SHA512 a1edb314dbf8a09cea1e673f8723d41932df8efcb48b3f3e21efa957b4244fc5a6c37a3a4f2106b5e83642a4a218161ce46d6d9708de2848341f4b807e00146e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a22ca6cb41faa05fcefdd17f787b61ab
SHA1 c8f5484c29756e88e61029963b0b332eaf9d4858
SHA256 210e668f2e1fb865bf83247432c9659e6d580160f90c740351f3c4e531f5ac1b
SHA512 3e7d26df1bd07e59306e9bc930e36e9b142d07a47d7895c21df5b76232555f25955586a2fdfa47f040fd7de7e9be755bf6d61efc9d0e313092bd859060e5e239

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 9bc1a4a51ee97efd27f84de66f7fd756
SHA1 6a10ed61fb3a8023d661a878779c08b223cb573b
SHA256 2c9906054b29eb1251debee6d9d55a7d3681708a7015241cd2faf79f0a834ad5
SHA512 b7f75632546ad70cadaf8b3b62cc9f9f9b06856a765107fade596e6ae9d06cc4b1b78f5d111391717eccfd4d46fc0cf7c2e0645e70a84ee469dd885aaf093de6

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 724a1df49fe8d0f22be97f20eb8b3353
SHA1 da029d5de27b8842c1a84e3fff5754317909e363
SHA256 119a2c9af6a91a2a780e7a8b62d42fbba5f70737be74ecba64c7444f6f7ffd85
SHA512 9f9d432615d269dfb8aa1678e70b48650ed6e65d293c4f1ccdd6719b955e248c102d7d663a56d4b491e838dc172b988f17cb6fefcf2639d1e1beeb857808fb1a

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 d3afc965fb0ef9853c24d48715dfbc5d
SHA1 ef957ae3b815137ef6ecdba0c43e4f5464651c2a
SHA256 31fae9c4515c7b77ccf99688db34a66b6ed53e1b7a70ffc5a6f66bd8accd21ad
SHA512 ff54ca7b097e08a8a53933351977519776ac28746d724f3a29f15fa1848eff43de80e53e3fb223d1d443a5236f78accc5631ee3bb2d6e2d315dd3a9ed9c4f151

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 c9b0a33f3728266fa94901d66e19cde0
SHA1 7244c443f1642645a128fe7abb5220632df637bb
SHA256 e7d04a09eb46486508a1ee8985975751c667dc4652b633f210c4eda9ec836737
SHA512 5a920c20721497ef6a73ffffe4afb2bfbdbd81fe23ffdb4445d46c2e416d8455679632a6f5ac07614f7472cf17db59fb9df7a468d0443ed9a323c2935d989fbb

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 3ee3de734729c911b8348b3e90fb2d33
SHA1 48b8af879274c88864d817b777fa656083a7f328
SHA256 49b18b72c09cef9cefda7d690d2f3d7d1c013af8998a52615bf0747bb0178948
SHA512 ea91658a64ee113792af9fe881e05c8c9936dda726f223c4dbebb8aece3f1a8c897ec514f9c60a784ec05bbc1a98fd3514a37509d361d33aa42fb0af9fbbd368

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a712c324879904b1.customDestinations-ms

MD5 87f1b8593c8b4dd8dc4fab15641515de
SHA1 7192fbe9a8607bd8e0ce3c4448d9a7fd8c868c3c
SHA256 42ecc650243da65d04589d8eee1f3f89fe64e68c45f639ad56ab5a39344b9571
SHA512 c2678f2eb6fdaa952402aa3d631d59f97653eee7511f2a0461d3f46a32279f821a9e77b2a05da24338bc1e1dfd9214ad63c1878242a05062f346cb8c34ceff65

C:\Users\Admin\AppData\Local\Temp\mbam\qt-jl-icons\16385ff3d70.ico

MD5 91a74c169917bee7cb2c8ef9dc74ecbe
SHA1 8633b44ae58c4b201078114d925f551b36c549b0
SHA256 1e5eaee00708bb44d5d053ee25da5b273ad855b7f49456268dcdebac5d5d5710
SHA512 d5274c14e4f1aa99d5ead0cafa5f42fad074092944d6f48c3fb0cc6a311f958f97e23fdeba3c5639fae0751f692f9e5f85dd065baf2638291f2ba2a42c4afb72

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a712c324879904b1.customDestinations-ms

MD5 8550795df71d4fb9a8cd9980cc6921d0
SHA1 973123d671146205ccf5abf2b08e5f848f9f0885
SHA256 a9920af7e2d860f5a6b2f9cd91f465c669d52b7a9da730cfd6072a834ba93245
SHA512 c662b47a2264c252a6a97372709ab02c10932d9f92b1f5189f2382c9c874aeb66fa144795bc34a8bdfec7d68bd503e60e43403bd62e71d5a6174af915d99327d

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 6401c1914e872dfe88f0f23a91bd3aa7
SHA1 30b0cd8a74ad197d5c97c96ba06743864b376abf
SHA256 53cf0012c9c4cea4073da5fb7669767ae524509e752d14471bffc8ebc0c96ba3
SHA512 a4e29510869ec12b07ff7a681b6be2030fa92d2dd64c12b29d600f94a0f86e1d48bbe08667f9b9a1a37bc301df7ed05c2bccbbad662d0219e28443c7794eaabc

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mwac.sys

MD5 1e12dfd5396809da1c6cc5bcffbea079
SHA1 db1aed7c81a618af1053e8c20a8f06facfc0835c
SHA256 5afffafc7392d7e587228b50862cbf2c435e45e596148fa05ac3c2d0af7721da
SHA512 cbf33ba1c0af4ebe85764a969a8b60fe3e65162f6f8f4eb91790d8aee4c09a7d4e8ee6a438116103fbd966ba2c377ce538801140402711543c402e3a7a375462

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys

MD5 b97e91c67832f1ff52fea79bae37372f
SHA1 6b7d1151878730cbfd15bccf19026df88ef84b2f
SHA256 85dd0da0b7340652038c46237c14309bc8c34107353050facf552805f7d7853f
SHA512 d1c012bb4dbb368cd149a49fa52aa5f9ae546956f86901e4990ef46af4b658680830ce3a0b3a52af5dca2deb86d2a5567eb79e968e84e5588dcc8a81b8f452cc

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf

MD5 e5bb98e4d7adf79cf7355aeb4a12d3c4
SHA1 c2996909b98b95863d54c6a2f7843e5c05015596
SHA256 1f2ec66c3947802dd97abead84d71bacebf84e4a2e871852cf5291958d45a189
SHA512 f65ec684a21481c66f4571fec4f5cd17fb629fbc4b5fda88bfe00ada30573f3c74313311f5e8a164709824b8033a60fa2ae0f1643d0ee3ba8ae4fd558709aa7f

C:\Windows\System32\catroot2\dberr.txt

MD5 0c1901d6d589e4ccd9b9a910ecc6c489
SHA1 d9e9e2552dc3f642f70906ddbe797462930eafd7
SHA256 6290fff8a83d9913099f89ca7647729f0ad0687eb25d9a16e1532b6842e0e6b1
SHA512 9c1d2eb7e41004bd33f8b869d1aa7e5b61c5d3fb090b1adf927b09525fb61542d1eb55cbd5e1c53ffe1aa5d920aff8816ed73fd2ba9bd70afb4f1e11a224fd67

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 1c534d95abe786b75751f20cd9cbb3e4
SHA1 a55e267d490553644582dd5a701d37da5c58e534
SHA256 148ac69285d6239a82a057ea5a6167a2f9febe3fdee7b7ed66c642e1de8b3f32
SHA512 224f777644ed737f757bd9b6a334f300c310976558a9d2c1806e899bf3c1dfce1a415f40b226bc36e33fb83b6a5c2233714f4159c87823b1a00e04c68d73a0b3

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat

MD5 dfe383b7b48853f4c3dd383fa40de764
SHA1 68066a7ca36ec32699e645fed7bdb33be1e2b395
SHA256 552a30fb8aa05793a5c78028c3e1ff9658b1a7c831c5b60a5c74a10f0f1127a0
SHA512 21bea8f59bb7f02a52e16b5404ed522b6d1a8854f7ca6c9d34031bb02ccef11b0f1a53e36fb7031ff943add4028195d92de0732856465b1ae3498e1e1e50daa7

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 c6fb959a96139c7a7a0b98fd319beaf7
SHA1 f00567d6b8e91fba08790a17948793de13b14df1
SHA256 cd076b9b8d4d72b6c643c8c17dfc862744cd7871bdb38e276a78618036669ebe
SHA512 dc831258cf9d44845919b77dab88dfba4b55afda639efde4516c7da20920f6f4478451ffbfee74d7ada9c0ca6c3004805052ec082d7db8482b38f410539dedae

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 c6fb959a96139c7a7a0b98fd319beaf7
SHA1 f00567d6b8e91fba08790a17948793de13b14df1
SHA256 cd076b9b8d4d72b6c643c8c17dfc862744cd7871bdb38e276a78618036669ebe
SHA512 dc831258cf9d44845919b77dab88dfba4b55afda639efde4516c7da20920f6f4478451ffbfee74d7ada9c0ca6c3004805052ec082d7db8482b38f410539dedae

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 f0a4f95cd43583801183f6a3498aa698
SHA1 aee6ab24fdc7dd210ec462c8d895ace0257a7ff6
SHA256 2a3665d7e6fc84a62d4f4adf336b1cba4040f89bb4bcfa415a10a5a03392b481
SHA512 ff1983562de7c0bef23a73b7a3c7c91fba2481bcf7faeca4bad5995c3a1411e780b18e5f7c667eafa34e74ffa5617f93573ce76beb96d1110cbdceaf8a0f19ae

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 91d98a566c72c381e34fa52811642d96
SHA1 3b0317d8afc40ecaf2674153878500bb180dfcc8
SHA256 6eb704ec9046d90c203c2ad2af4b73376e991ffade6a5810e4131490491e0eee
SHA512 e751b5bbd3c70e9810044e792c9acda9e61c382f3f25f1b752b637885152c7be629a920c3caf0df7468b82cbe75e61abf562559444bed4ee793da125773e87aa

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 f05f12c4c1dcee096b0c404806c0b127
SHA1 d92edfb97a4fb40d710c96976f38b144357f0c13
SHA256 6e2f4132167fed9052e2e1a3634833bd5e3b8a2e3a67fee0d555729d3730a2c7
SHA512 1fd50f9c609748edd46fc551e8ecbc5d52b0732878b7ea896dd318b1a104bdc397071cffc560dac93f6f72b5625c4ef0785a3dc6f38368cbf964f09baa57d183

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 35e246be407262aab1d0308676879fcc
SHA1 c065d7d96b7dfb18520941c36f09a537ad88a8d6
SHA256 ecace68fe2e777c7a15b7bf5fb8537480557e7db2b8d9421d42aecab93837b55
SHA512 9ffd1e2c77035749807c48ac79d12a52560b0780717ca485132245c48d771b4896deb29434e5986dada6e6799c8b7c38e44ef6d08f7ce381a58b780854950602

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 b4960b98a53e347e0b5ee466ce26f8b2
SHA1 323c744520e8db28cf943705b5ae83bb8f0ee20b
SHA256 a2c08455a35d3b332b87bcd4afeb92ed74e59a78e36b05595a3b9645dabbd1d2
SHA512 a4d73eb8af74882b009330222f83a971bd1e74b9fc2c819936a19ff07a635e296440ed0d6078dcab4903b9cee4880ec9adbcdf4998bf45865ae2ed708c7a3cd3

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 2821be19f49c33d19ddee77ad1992aad
SHA1 398428b1681c632b69d7bcb9bbc6f9e3a98b4c95
SHA256 27cfe5618905ed140695e2e50949dc5b49e0ffea1c07cc232f345f5a368941c7
SHA512 75cf83849b04c3f7473b20d2538928922cd574200d5bbfb489f5bf1622174f7b41627fb6575acf8d4f3edf6197627dbc8899cce074721bf55e7ffe92160b585e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a8e0f172ebaebc4308d23836df5738b1
SHA1 44b9bb34e7569fd26414b018d28529ce0ecd7a9b
SHA256 ccaeb388a2d910c87c43cf0f95db4815d1f79b8b04d3a907eecdd08911499344
SHA512 daf011289dd0f1666649e5ca97bb83308d7a7d1f3fba5c9248ab4514f8c620bfb80409e5c60e55a7786874cae38b6347a1a8b400caaec1863767065a1e86492f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1e4ae61521a10183a0158a09b5703ede
SHA1 d80055e07c90efe3d4124f378090fc6c401e8625
SHA256 c446c5d31ad429d4e917787bfbbdb00329ceef9cd9db2d09ff33aea8adc5d884
SHA512 9fdc2d637179d6afb69b967b17b17bfacd468f188ddc43d54295da9b789b249f1f09cbda8ae3b2fae452d99ed04d29d9f3e373e11869b7e0f702238afd7bba70

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 908900afa5cbb4eb93721491ce66c58c
SHA1 eb7c15b091624b2b9593a9ccaeadd3e178afe827
SHA256 1eba6f31c816e98b3f7195b3e00e2e35a3f6948301bd30b2050e7fe0cf7a9da2
SHA512 37b619a48f736f481024f157cc0d21d51aa3ab4e7112f5522078307eeb9973fe97620850044c737bf7475c7fa337d3e9253aed762b41ce0e595e5963a0b2c96a

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 d148f444729ae98ed662c029d8836eac
SHA1 71096b04fa66e36e5c1bc67b3f5c1cf0cf8c6c35
SHA256 7e41cfb6e0bf263f884a96515d28320d4aaa31030810c6fe7d34278e37685504
SHA512 04155e70aec12de8b622c12092bb3d7bb420f907788f5f4f14de40ef4cd680408903bb0ed80e5adb92be41c282c0eb2df0af67fcfd51b8081b26e8df0a909947

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a712c324879904b1.customDestinations-ms

MD5 f7a7ff355524061d93555848e24fd411
SHA1 e9894030e6e7d02d256f3076ff1dbab97f2b461a
SHA256 64ba482fb11229b54ceec909ceeb6895a858cc52a3d00dcd9abb68fe5ee2d214
SHA512 00d1ff3b93046a93dd267afb08f14fedd464f8807151fb9967fbcce2fa1ea15e8e94f26d0e4daf073b01ca3fb44cae6006b048b44c7a25680cbc683450060b7d

C:\Windows\System32\drivers\mbam.sys

MD5 4b4f4a100699d1ebe7f98af1411f6dd5
SHA1 2490765c943e059bfdadebc300bba0e9dfe63894
SHA256 9db95a82528f0f554677825dd50fe186f36fef26cc6b627afc82fd86a5803b69
SHA512 d6961baf162b3a9aa63365402d08728d6f832e2af07a4400abce30681b03697c561a28f8f35225b024dd454ae7e3910b0738ea38f89b230b472f4e88f9de9c37

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 f7c28f933d463925b150e128d555c2de
SHA1 3a6a5357290bb77460352f3f0c991b7aa4437214
SHA256 f153f3af7be21194b8b39c6716445ddb4753732cc27d1665daf6dc1f6decb658
SHA512 3dcc9876de8afb32f16303413acd3bcce2cdf925869c9c8f1abb67c76e6f5f4b448fa749e4321d3323f6b14e23fd93ff06f81fca3ce18b0c58e623196b940864

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 9c2c72db8c4dc528d661ab55afa35441
SHA1 e3f9844bb61021dd033e5f18ce983786c70304f1
SHA256 1e8544b082fce755709b30957a48652707da9868e4e71914244b55126fd2d279
SHA512 6d6285e959ef73ac9b45497342e2a98d24c14018a4fa2854895ac1f0c1009882988fd21da9d41dbd6937763db2926c10621f79964c5470ddb16fe7f80c6f00e5

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 62b263b28a3be1b7347a67269961590f
SHA1 590733814a11b14a9d3c3571bee9fd3b50d8c5b7
SHA256 a951cff793d04dcf11aa4aea3dfbdf190f8815c3571956a1c743e4254b82ee29
SHA512 ddcf895e9412733850843a9718c0568ed87930b0cc408da372653164c80be5a6409596d7516e6b216a5254e047d453d7a972155b8ca66d0d31d1416394aab44c

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.tmf

MD5 5a1907db4e5a38aa11e5784c59642466
SHA1 a0f94411bb910fa8c494f3665c2c8d345d9f06fc
SHA256 c80389df55940986bbfc8ef6ddc9191f10a8cca9500fc73722325973acba4d62
SHA512 05c0fcda376d34f62fc401c4fa6b2ab5ff978fa8c51037de9490ad5e6c28716ed9a488709c5b85fb4d4a94ed5424229c225107cabfe600a8abe18f3a484a5c3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 59488d37836222fb4ff7bc2ea936ccc8
SHA1 d8d5711839b406469cb5f13ad78efe5df6975e36
SHA256 0c1df826e1b7fea7c434eee491a0bc97b465f0743639b1d41eea67afd407ba56
SHA512 b4f6b50e3d661eb13a369bb8fd51038f5a7d73ad7b03955c1e7f2baf0a22fc9d3686c778040388ebee7dd6ff3590d8c59ec85e178517737d9ee9808ee7b8b15a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cee658bbd665eb27978e17dc2b13d1d4
SHA1 d18d734f088741561800c2f7e84c10e6345c04c4
SHA256 2c42f3f598776fbc3533b322e3b30d0e7966bd6eb9561a4038cb32ca59c45c23
SHA512 81d7795e6a6e6f27173dd2b7c4fbc046796b2674b6b665ed9b95497a5cc9d7fee01d5f786db34cb2b46c3776f5d5cfa95c282b32db303faa612ffbccb672dfbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 12d1ec66931e5d1838cd2b86fe830175
SHA1 263a295c39cdaa970807d766df6aace11deb5994
SHA256 8b895e63f7608cdc3c621d6155def175c6447db18ccc6a7e308b870b94279727
SHA512 c999712ba09f3c52c0f7f72e6529c37175de3d3f27c9b0aee61419617e2e4bd6f63c36cd4a384dc77083b841a08d27cf6815c81a559cbcb62e25ea6778ffe240

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c335c.TMP

MD5 bc72c12aa3417f902c09263799f5ac90
SHA1 b298809047292ca3155013a97c8ca8f2452234f7
SHA256 ec33c5fd4c17fc98647685fe837b77e20fb8c3b6e79be0110590d7305573798a
SHA512 d4c4601e676b4f4c937bd8a6af9702a40d659ad98d58cc68e0922be5cf52526924d62cd34f396d7b4a396e850754f9570b00b02cb25b7fd2bcb553573d7af9a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1b3f62d24e2e8fa773b798db7ec6e4bd
SHA1 98af7e33ccb41d9d4599e0d5125272a6b03c658e
SHA256 7ea56be3cc93ca2647764ebb78c01e8a04c40e24924fea7f1ec598765dd36458
SHA512 66274aa2bc8d66d4d74c56048187b5f7c876b9c415d34374f8ad790a8a8d760c13d34862f9ede303b8f720de8158c3959df0b37e9671e82cd069a417a985e8c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3cde37df6801092209894bc7e2fcfc03
SHA1 058f62fe2e2ace2e28b616171a265553ccef4b13
SHA256 b7baf4dd39ac660fb7c001bcdd4513f541cd412430d39cf49f82c7f059f2f714
SHA512 0308098633263a7cf7da5a2618343dd4af9f4a8b965693344411211058b10e944784ac7815ff7c3b913239f3a6cda0849ad1c06fb8a4875291cf8cbd95ab7880

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

MD5 dd28213c26d7454c81fbd5b30a8d7e0c
SHA1 3302f4c78cec0366b9d3cbb5905dc9c8563d9a01
SHA256 58940eacc696caed03f44910a7db04e8b4193134e3a36ee54b8b057c6c340c7d
SHA512 c2c5ae96fcdfa0aa89eae44fcd0d87ad83b2407213d5cab5da4ec420038d21422bc3ecc1c86804ae3ce27eaa6d670f44f231f6ec9a5c456229e4bd066a060a48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d0b0f3acde4b1ebefb8cacfad3be0a52
SHA1 2e9049e84a625bf06c617f52fd13632cdfc8a516
SHA256 605369b2389c9a97a61476cdff6325a7754876963633b3404a2dc660f7827510
SHA512 a207929f7e3af6ecd556fd8bf790f02908599c5bf7b726341540c2fcd9165c487bb4fb2c84ad29de9c90c52376fd5da43ff29e9e76edfe608829ab64c307b9dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 62c4a18ef630d6ba028d5edb1ef1cd98
SHA1 b85cb63e6239a9a8eee87bd8d14725775a8817b9
SHA256 ee97baeb8473267b78ca579e2e83825e8ba5f9272ce0035d903a81298a0b0787
SHA512 19228d8f1a513390efccd25f7498601b8da1883ecb6157b31a39bd86d6dcb9e1e670a24bdbe8e4910132da8ba2067fc9581f7b9bac9b6505599b65adf1519428

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

MD5 4454d4694e4d8f6253205c1ae4b95b37
SHA1 eff6ad1203cfb74b55243c9a4da73817fe865e13
SHA256 ba396cfe77f268d7e144bef4b37e8b66511112da3f5ac39a2c6b1b4e73af6ca6
SHA512 4afbeca38c5ac1ee88864c138cdb827f72408258112389c76fc50ae849e6cd68bb952cb7883ff9111e5c08e3c1ef669620aec5ace273ec8ba7fbd3ccd7334c8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 51f45e5218334be28303f404044f02fe
SHA1 e3d06720fe7b29f437ad82962be07fcc3ccea390
SHA256 377de9a936f9de7a5d62b07e657e72e87b83ebb4c706b1b3e7b16fb725b0399c
SHA512 52fdacecffc82d87fe1227933da14fe7e9a13ecf4f37f61360c03c259461e8601c2e7d6a484afa41e7591fe17522f99c2b2b40be215e0a540f3dc39892689733

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0ee95c33dd431a3fadb9ca917cbe278e
SHA1 4257dc28c6f662b7f4e0dca3c83b9ff282268988
SHA256 dae5c5e1fd89b62fe4284b03ea54eabea481c92b4c45abd604c704704c2dabdb
SHA512 2c4575855091a311c841975ad651aec8682ce53fe2e0a559622d1b783b393ec439ac3331e8edf0ad72e4aa77e344db7d8e2a6f5397b5ccd3c39c47c5279f87c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d65b906ee76a2517b05a80c002b50718
SHA1 7d5291e2e4005e47147751e26399ec47551c9e95
SHA256 ff5479f20868acfd07cdd07181a6136eebf0473caa16bda3159deb01c446378a
SHA512 84d70878cd1772ee2f35399e64de907b28f820f6df3c07cefc023ee05543afe561cfcb9e81eb6c601fc0459e6d2cbf2f3dd64926f5363d1b1ceb4ac4c8fb043d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

MD5 47ae9b25af86702d77c7895ac6f6b57c
SHA1 f56f78729b99247a975620a1103cac3ee9f313a5
SHA256 9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224
SHA512 72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 17cbe59fa846cfc13cdc87fb938d7bea
SHA1 ba9ec25c80d41a6b2201be227be5a25611689a4f
SHA256 8e85f4e7ebbe310c8e6de6a04870b54a015c79da221d9c989106c1056989fc0c
SHA512 2efd6d0792ec5cc2b61f34a87b3eef27fe46608cb177ca67ace537ea27b27f1f492a0db90a5892d57e3acc4fbf2aaa3afc7f7466558b841a21c98074372e2d16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2afee4bc2031785370cf5da887460a92
SHA1 7428d8869ca79bc9b1e02edd2b96a0eff7218ca6
SHA256 ab41bccc00a7617201a8a2f97c540a428bac8dbe499aa1831e4acda220374847
SHA512 34ef81628023ac24df0df62bd3a06c0e440b65257782dd6cad81139ec34da5220f453c938e44c210bf711cb2079bd9dbf960c9b3392d9d3a8e36539e075e07ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 e65bb0b4591c3517d1bcb3d2d8179e07
SHA1 f3121e7a06b3fdca1eda9c67b12adaa2830d036f
SHA256 764234d0ff71af420b3c103fdfc0e0cc3834c5730624411f533650133f666db9
SHA512 cd7bcb899728c34506ed9de474922b8bb4d4ccd0906dee21e63f195e77170d22176226edf4bf4e54a0957ee789bdf446055f3ece181dbc5dab292e1b270f347f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d188c.TMP

MD5 e812a6fd9d6994f69a6c68a80845af76
SHA1 766e5d38724736e13f125ad2051ff193537d6dbd
SHA256 c02afe80246191de9e29c1c82db7e51dfab008779de5dbbc95ee16449a52f824
SHA512 ee150d6f1d209dfaedc1dd8dc01ba0e43350215127f0562b516009042da0f8e2dcb1a7b1c63eaa8d2d373388a21faba3798e99fd34201000d3f1305ba6d115bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt~RFe5d1918.TMP

MD5 e0d4914d916617023cc42481cf684000
SHA1 c879cb450d9ef44584ead6dbca68d406956dbbee
SHA256 2bf1864fd321273a0a916d83089b27a292b01dc37b4733bdd68ee8e7d3d4b349
SHA512 9a4e5e06fd2c7fdebe5885dd0381db6df692d4fbbfe45c899de52321dca5d7f20027d53ca9609975c13616ad60883b730350aa6bc7f1bd7206fbafaaed03cd02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt

MD5 dc9bd5ae5671150422217a17e2c8126d
SHA1 3c6be90487e901f6c24788b6e718cc494729b07c
SHA256 37f36368a21731d2952d4c6f0e1802c3a356ccd798ba3ca1f11ae411edd909d9
SHA512 872da68f89c32dc53a0c5f8c18437a531fa85dcd5be21ed62a2711273fdf2eb0912be7102e146435dd70cd6909bd3415cd04a39caa47f5c3a3819cc23666b6f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 695fbab06df94a9f5b29156e013129bf
SHA1 7ebac1bef18fd410967aba3d5863b79b227e325e
SHA256 1ab63abecd461b9863d0f36188ea3a4f7d2af11eb16901010c7f9e308eaca895
SHA512 282f4cd57b1869cbbd04ac9b2fdb06ff80b7357b04d9a3060e339e8b5954f23583e15dc16e7d402cb6e7371c90c2ec78a298fd9bc92b89c83cb22400bc88bceb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 270a187f8c85a9b55f0d6e97874fda11
SHA1 25ba205e0cb5cb21b83ff05ac5781bc6ead96545
SHA256 05b62565f8e6e118f1f03b51a2eae8e73378829cc4e189236c27482a9b12e2b1
SHA512 f54c9759cee97321c06d4f6c06a3cd919f2cc02efb21c08a48140d4e60f9759ee8bddaa470546972b36422459f6512eea8f34318f070737d9c228a34db921863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 66609fd70a942ba10d62e53388ed942b
SHA1 3c5972fcd9e0af339564ce975a502537f62bf353
SHA256 d5b155549db3e0842c6e1384aa9c166a1b69e7228d65f3daaa49b6589ff19b71
SHA512 4cdde62e0216606499f6e4e3203660d44ff7892c0ba16aeec669a97d023d0e9317d9cc48414db75340c37a9fc686a43f451b20c6aba07642e3b94c8f36c9bf10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9d07dfc28f66ecc28db2c9830ecf0af5
SHA1 aabfee1d7a72daca235e3a103594bdf767ae11ea
SHA256 91af54af9bc4801661c3d34f330c149938d4db7fce2645fa3647cf079eb0398c
SHA512 8a2d8adb39393f73bbd3a994c9f5e3ff74bf425cb1ba79abdb687fb2edb3d4906e58f6590d835065e755981d44e8995208a53422b40a1159ce215925481abc00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2c33af627b423dac0f898090ba7de3a4
SHA1 3fc635dc968d1c1bb762f9d7a43dbb8ec5c4c3a4
SHA256 2b1c2956affab20242b1b44a6f10765927e2645a865d2b1c65c88f9febde6365
SHA512 e0cab82738f21f72b73062456c5af064da4b33b622fa0cf09b25a1bcc800ce28898dfe78578744a73cf75d3fd92036c7e1ba7f2d03ea71183ef789de5656abbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 2cd22e8e71607c89726964cb85608be2
SHA1 4772cf894d43fc57aa5125401b6bf3afa32a59da
SHA256 2a833622469732180c07ab27eb30f2e2dfd26012e87f608dfae1bc154e1e5257
SHA512 a929f85c115df98e4e4c0f0a5005bcb797a5abde34801e093355a602739218c3550491e4344809cef16683caec1ca47d3ae4b9e3a99f35cffd408884b7ffaecd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9efa9c46e3aab8cf8a7aac46d9b52a3
SHA1 5c84a92ece7fd2db9477149995329fed2206f7ee
SHA256 b22dcb024f0dee79db681a0d74429cd12ceb17e8c02211da5cd81dc2e6e9f274
SHA512 45ed8da958f778aff9a445172399dacbcb68c72e1411a59a94a1c7394b3ab3279d781f3f937a1e5938dd982876b905b559ed679e24eb39b4ae449dba8ad50dd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0de484c3-97f1-4845-8a41-19a10a4f2645.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2e96c1bc125bce0a9cbeef0cf244ffa1
SHA1 9213146dce0868d76486df9aca8509bb303d495a
SHA256 b75ed12dad5e9dfd76001051d0e265b6afb784dd97551348a919bed5b6e87267
SHA512 db5ad823bcc25935c553a2406cb0ce40d202b823d33937bd5b6a4b7ab233dcc6e81ad9101c4ed9046fcb2e8352e40ae1357ee0556e6df9d3da9fd84310a323de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fcfb2cf16df909fd6062ef97262802cb
SHA1 210fc600bd592be2b47027a47f85041387840811
SHA256 6c5d673fe2474af4f37193ec5a286b5e570b75bfc3cff87118d5b3f03a3ff2fc
SHA512 87d4e03d1fcb1f89f789191cc60dd23b8a0df4698ccdd4e9f836a586729eb0df312561bfe9be423be4d3fe97a110998f5e1bcc7e645431537058bd436a62c0ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e726349ea574f6332b4b98a1b1d108d6
SHA1 7a0fc71968c99b90063048e8a179ff5b21562e0f
SHA256 7c1ae73e2f239fc25613c2db410a38e6ed84df801406439dc24d345ffe43a8e7
SHA512 9f5cd36c686b83f27b84438a2fba70d55cde45c7d942d4aa7e88866aef6c53dca03b4a6a1ad76de8a6629dadf57b26efb3be5da6aafa55a69de8da406f2f35c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a73e82800ca4fd21f543bc2cbd701b69
SHA1 6c13788367063aa58e2050516d4526260ae899f3
SHA256 c3d86adc063a829a68996caf312ace1d70abf70cf77cdc7b83ea2b9c1cc1b430
SHA512 7e6a5d55bc88275d4d745597699239cdfd9cd1f8ac27b4c8a3550b9764f1a2401db294248376bee0e683407938336d63471cbf249c6b11d10ab7e52161fa53a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 241535b2ef18a513b10c3af07237b8b6
SHA1 2233c64fff9baa437d07886c9400bbb804d755ab
SHA256 ef7fede5e2829f37c0225f9bc0187099dbbfa6ad32c2ad027f87a2759fb3f528
SHA512 03a9b0c68c4a4e1bda617f8b36402d231c8480c53b42852345f3b519c07aa1c5cfac56fcbf39f4f114e9f2d8c8beffbd23b56e18c9de94406b03b29143296155

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 60062d06e37055b4d45036a1c78ed973
SHA1 675bca92d69209ad061369dbe42d2ef2dd8f4a29
SHA256 0140d0811636ffc970ab39ae52422cb60b3cedd90e7ba640a9ec327035d94045
SHA512 158f266dbd4ce5d0a19a411bb201ea4e237d78dca5036e467e6d9196e51488bc952b703737a71a02fd229fc948e4494434d816bd86e25c2de454f681ff119e58

C:\ProgramData\Malwarebytes\MBAMService\77b7f49f-15fd-c759-37de98abc8c7e904

MD5 856f6ba813d0bd232817be42d277fe0c
SHA1 a9f8be1ce91f9b8fa7e967ad30dc5c50cd6b9b5e
SHA256 f4fced4fbba70a23e261cba1b765d734de2cbed3c8996095117375906f6b8a23
SHA512 f5f88a23541f25ad880b30758fe835001a2f2fa1668ff524eb7e7d6c8c4e03b6c319101d5cd7e7a0117bbb648b7e2543d75c823814492b5d655adade4bd178df

C:\ProgramData\Malwarebytes\MBAMService\tmp\d7a8561cd7dc11ed9b9472edbb006969

MD5 1a0d497d31dd5118afe9b87952e05260
SHA1 dcdb6a641b5d8be1201de93b18435185edd83fb8
SHA256 4a93be6cc85f80b39dbc8fac88c0494f5ee5ce4b27693e52fa99549451cc1249
SHA512 6da38585986c91e60e5622b20d90dc83c2332224d6eb097f57b0c2e481894a9bcecbde4c7c05bbaecb2883c520c4787ce46c1658ae6a9e9c4f50675bb810af7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 82c46a0caa68f83eb78d412bb4b24805
SHA1 70a977923caa9b51fed02c94febdfb4e30208b9b
SHA256 295b680ebdd9630d88e6e33ceac0700ed93fb761cf26c2b2138cd26a4ba1913d
SHA512 3d53623d00cdc0388eabe68186090515305de434508fe772e7feda517d1774264872597b2a01a1ad16ae883b14bb31ee993efa0f1859d77885ca75beaae30f70

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 4089cd4cfd59c69444f3b2a0f792f171
SHA1 50932832d6fe636b1aa19e889e588c6b04861f6e
SHA256 11f6ad62dc5fa3f7ee77921c54de1f6bdd0411e31cb8bea2fe0ffd837ae406b4
SHA512 b2d7c767e89fdb528dfa4b15dadd8afdfbb340ec690be327372149ae665e8ba920fe6cb2006d62b899926225358ff93c56923bb67c9e1dc93b7169cdc7fab758

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 657c1e602248961d9ca37593d3e2e9ae
SHA1 f67cc7f448bd3729b6d3900edda809651b1a49aa
SHA256 6ca22e4bbb6b8d273e44638f94f17ec62d9246cf90df21f160a08f80c460430c
SHA512 f471fbfe461378fc41fc69f2381d8734054078ff88a4c2c7ea3c2f821223ed3fb3011f635d50229705d05efec8754f0b8543e46a2a46e866c42cb149251bbe37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Temp\~DF571A4C9444E88067.TMP

MD5 166573081d6d72cee597b9372d93c66c
SHA1 b3d55e5098659cb3425ae34cf3016ba29e19712c
SHA256 a61a567500417c086f280c5991190822d32e6da2e3ef5d634178f104c58855d4
SHA512 1fa6c9eade91bc6ba341562683802c3c7a62b2192ca5bea80168e25d46fc9bd0c7f8e28842f3e6b5c6e03c1be58a27bcc72223bb4447e543a2f522bd6dd24e7b

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 64885b2a1fe20d5eca11a12e62d52f68
SHA1 46d00d927b827acd6c7c1bcc23b1ef55773f97b5
SHA256 68cdac1c1907f4b6a5c93ff4b0a5f8abaddd751935d7f5fed0cd0a392a858f30
SHA512 59b4390c34ea03f358af15ac96441637bd82020869e4e524868d9e240c37f8ff6070db10503fb27dfc126e65b52e47a9051fcdf41f4b8ac3c6be55f263df10cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 30b8a7bb9aac5eba7329d734c4d24983
SHA1 3890f34cba2185a3c3807f43fcfff8ee42b17a82
SHA256 90e649300c236572571f618ca4a850bc4ea9ea37d74abdd87d4776d7b9e1f06f
SHA512 e9ca88d7ef87ef9921126a36e6341369a234599eeb5213fedfee04338659fa467f23f75cbd1cdd5e2210393eedea191d10abd06944e355a9a583e95f710bd579

C:\ProgramData\Malwarebytes\MBAMService\version.dat

MD5 e45eebee17ee249b591a7adde926fb71
SHA1 c032ea44c7e3f6399032ee722ae9e31548933df9
SHA256 8fa72522a6949eb5bdd26db1f602b2178929665cdc256474cce1ccd551123dbc
SHA512 2c02485d797c79b599e65076d93c085d4c0711a5250417ba986d73859d4fabab4736b5c1f62afec7768366203c24d7eb9bf34487ea6dcff43223577a4ff8ac78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2230abb3b80f54aa88d70f675261d63b
SHA1 89db8252f8a64f5eb3f2307b3c9bf4906edbd477
SHA256 3afa780643323aa74bbc970e9252393b41d29fd831c9f586223fc587432c712f
SHA512 7f5846820993fa9979808d7d35733f87a8530d6e9e1f7a34cbc0115a64ed8c5a61bdd797bfbc059589da59d8a4936a625fa732e4a0a78be295385a615e3d1706

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 803aa00a14b6741fbaf7f7d509fbf37b
SHA1 80fce4b322a09a7f56a29a57f5b7b5b0167785d5
SHA256 fc77ab64f37afe1adda3b284baf56229342be302c173a37649de5872f3b30c11
SHA512 19e2450c4c3e10704c91f8ad8e9534458a38d1054e8881168659c754ef4e17b9dc493c2b7f6356776f120251901cc9b602e8ef6c49778aaacdfed2d3feda9397

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9325300f7521d77491ead0c8cb24a2dc
SHA1 14e7773a92a2ffbb1b9fb81cd38e1476645463bb
SHA256 2030bf60ad7d2e323dd081a81e4a7b647b1914dc078d67df9a83c70c8e69bf9d
SHA512 ec27189886033119c85e55e5afca9e94be8a8e29900630c316596221d03a83df47b75d9176a830cdf017a2563d4addca5eef0f12a81dd67d1fb9466d3ff7b9bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 226de5685b72f041e4dd332f1c8ceefd
SHA1 89954506be5e609c88bd514299bc25d7caf19088
SHA256 2684c654ef081471be0c5e0a8de3ce6ced1ff5d641a2371c433f0acb19957338
SHA512 96ad79680d519b67cf286818e827e774533abf0a169a74e3c5f586526651117da182cf67364f1140468fc5e6470f1f0616b24ea1fe6232c4a4211bdc580d613b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 913cc4b24062503af65cccbb41a31e4b
SHA1 07e58676e90d4d48d1fbef77b0fcb5e4349d1120
SHA256 fce87f3e6819286c1b707b2b3506d65cc963e9ea7e25191d3b3b747fd33ab7d3
SHA512 a14f72a25632279b926cefd9cb427d5ff3e22f57009ccb41a1af4d19329d67c3ac23a3c7efd9d7df6993fe623e335e8e8eca25a49db2723963d8f72db331a388

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9f26f2cc9cee8e60c742be25d1567f3f
SHA1 743129f703302c13150afc4a336c6c7a006af483
SHA256 c91199831f5bda61f290e548be35d25f8ecc8ea75f6f1750c45084d46d7e5f97
SHA512 e0354e2b5efea869268a79751267d9870fba43cea58110f9b31dd2519cbbfd33a68e4c352785a3f6fc8e708bbf29208cd70ce7e213f513d3bef9279d5637cbca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 16883c03549207cb7c03fa5b2320fd23
SHA1 497da2c0614f159f0b3b39433618f641fa43cca0
SHA256 d3f9bb79cf810a0accfadc8010b49341a3620eca0bed81d017c43b40c3f3060e
SHA512 890bf863dc0544affc97aa7f805c39a8051ef38987bc9cff197a271aaacee8a1a5ea29776b2825444fd14abbb029d58a85aaea6aa658134590d11bfb38a7d3d3

C:\ProgramData\Malwarebytes\MBAMService\config\IrisData.json

MD5 b2fd1bde1c212218161d9d8c9becd8f5
SHA1 d1d84b0c33c65c2481e359e6d499b27b2465b78a
SHA256 0103e77ee19a3031b1ea890180a9b5d6cb78b83f8056e3f6146559e48bd1064a
SHA512 ce172d1efa8aa228a5db3cba2276c44ebdd29e3ae210328fdbb1b58036ef8721edfdd224dc80ee88d97a6be42746588ad684409c8f6b4f99e418fa12b92c9937

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f4f023eed959467b609733968ba7d91c
SHA1 e17773aeaf87b44675e56bbbd7633f6ff84207a3
SHA256 71ff0da83e7001e0478759945ec1720ec304db9cbfd6dc5e8b1004293aae1179
SHA512 ab5f0c2fbe237fc4b92b83f5d3c0ba9d7cc400627a65e7b00753d9db5f838590c3d43f740125a12e8fcee8e5d92e23673fbc844fe9a14be444ecae8d5089786e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9205de85546418e79c12cc1ed73e6a15
SHA1 ab64742aa08083f42b8ca23338968c1752dc2425
SHA256 5cb906807064f3f6eac96c04c7e7502d9a07036e6da479448d345a67bf1115ae
SHA512 6113ab54e6616100ef6c3667b8db7176a1e671abb22fc17616c9e046757a181ee30e9e6839c131290878ee87f04b135093fffe1ef28e38eee321890251d0ce13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1c5929644b7c38d3799ab49b2d3b2d9e
SHA1 6810113ee5007dfaf2c75dc2f5d246023a7c78bc
SHA256 beb376adbf563d28ec2adba62c05f0a1a8203db88381403beb9eef02409b6292
SHA512 7000375b89ac7baec0030e1f81b5433493f43e8403c96ec1ebc87ef7b262a81365ade812f455f35ff2fbaba54c6c9b1f464ba4d51ab9fa8d7bc4c5c63f0003d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d8a75e3d9af7756667f556b2a88d31f9
SHA1 ac433059d7ccc32acf872aad4c52a8bc0ec405a4
SHA256 c75bb5f4fe6ab915c71c9c945b45a262072cee2c65b66d9c76e67b536bcdbd63
SHA512 0406e7cde61d2224cd1b1d5dec418fd7563bd33829ffc6520a602cdb8c2a7eaf406ae6c61b08c009ea23eee569ab45d54deb34d8cf6c3a81d01f660f54ac89bd

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 a735878ebed78070fceac9604de8d426
SHA1 df08516affe0154841641fda5fba6bf78217a420
SHA256 dfd99521dc6da6341520a886c61b131b4c394102048812a7546f7473f0e53c95
SHA512 016a036b6fad0ac0aec280e6c12e8e6f3a77dbc5aeacbb8c801575030f50cccae78a4a81f07592d6318ce383250cae0f96f86e83c1bdfdb37e3c05a5e93f0d43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d4601c78eaa95a69617ce0d22c24b060
SHA1 107612923a68cb6e4cd4a5bcb41df354e4e22b22
SHA256 f02c081795f1b6132f6fee3dae04be807e6be9febf5edaff84c7575fbffcd26f
SHA512 916da6b137f9bb0bf18283c256a1bfff94e7c0cb0b3e648974f02996d23fe5763a39653417f602687d88ab60322279d163b397aeeec55023dfb935edb2643996

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 63a80574c231862a3e92c762eeac4de9
SHA1 f1a57cf87d2acf6a23a882d3a15e049366a543ed
SHA256 9d702589529188cf81ff12d0b1ad5c622b9e84fbf141d0ca059638113cf87f58
SHA512 f89469e2987ede445f23a9d722543927ca8bf6c6392b25f89b9e8b3488009a1c095291256c08896a46d0eb611c009fed47f0137f1267745cc8cde560844c84cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 101e09668b8570722b670dfe7ff53918
SHA1 8bc4b9748b034d9c6cf172afbff9611f8feff2e2
SHA256 5384d192e58075e036769b9a30dcadd3107fa65695cb80e9cd269786b1d284d1
SHA512 fb8d9bfcdce44e9a45ed250179e7188c10c8147eeb92f66526cd50472505cf7b22bf9654c54fb80dc27d78266da4f290377e1b2f637e408af978e3836d6534ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 815437ea8f37ca46ec098c8f0d102647
SHA1 fca7d9bf8b96adb6022422c811aff418a5d7c91f
SHA256 446c6e12729d907f4a7710dee8b6af86d9bf7f685e5b54802f6c05cda3df6e22
SHA512 6cf152d3b2e9c03c2cdf702205b52eebd3e73ffba03c1ba5fd5a901fe6dbf8de076dbac192b5a980da115c5928bc76e7ff4b24fa4b2f02781f60a3c80ec4d4fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 69bb5afb18844da585247304b70c217a
SHA1 414dbf19d3054a828729ad656e34df3da8dfe4b2
SHA256 a35f5a253e3ae1079904277b572880544b2fe8e51110a7c50b2dd5cac8b9bd75
SHA512 ecd821677154b9c0c3cba3a0d852d40632ee7c206f658ddadb7866ba2c90ec455f04ecbd523a5dc95101933ae68f3412600b75ecf0f56e4649086b0d6244207c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8e7514d665e32fa415db9fc27bc3e784
SHA1 6af61aca978b32deed0605706d3121410783a222
SHA256 bd00f943dd2b2527401bf1c4d90b4329e77fcdf7f2d9227b4983756959631148
SHA512 98a45c0d05f308918d5a452cf0a2d52f099c0079c63cafefed08bedd8eb47a26a916c170cdb45f1859d2766f584a436e790ec44e941568facca0ec1be931d7f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3881f1b9c5a1dd586f658743c1f01514
SHA1 854010acae9fa2e28ff3ebc691926e65af5b56fd
SHA256 424a85f2a4659369097da6125056a6bcc3b497646c36d95cacb272d7b5805835
SHA512 7fdf0c3caaedd224f4a60ee14e34f46594e5c690c9f325a7debef6dd724571d4e7fd57fbe4525d53ad2db8b9a5c17a4ac24ef6ca21b02d2f223fcf1aa58e0f3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 05d4af3c7177fc6ef59bc757362189e6
SHA1 9bd382b8256e9e4fe5904f7e9d4b165514224f87
SHA256 e521fb8a0489927b21f6a8d2b09ba516fa205e4ad641b3b573c201cc2eb1f4f2
SHA512 8d2b30e2f8c209ac94653bd8ace132a2e4089556b6da4f15ae6e74712be89982ebb8018d1180f991b783295ac49888a35a42b213e67bef73a55520b8957b58fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 61b4a8888f51477ee2a7c02438f311af
SHA1 938f0eb469c0f9beab338607bd0fc63e6c4df562
SHA256 9979a388a7d05b7f9388f6f7c8469a2ecf8e820ff78598858827539a1d42bdd0
SHA512 a900a2cf6336a21c6ca560fb9a3024cd70580556491ad8842ef5279106df56ada203eeb15e15e5df57ebe27de42388f0f038ef024a30286044dbb176589a8ee8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 89f94c9effa5174bc1f4f3049d04afaa
SHA1 d35b5525c4b7c9154ede56ff5c32aa1b2dc0d27a
SHA256 0a9c1379f29628f6ebde3906f53e1f88fee775d48dfb990989918b237092ba07
SHA512 ea464191143b6daf50faa541e744b7e547ff8d5ff84f646fdf0bb42a8efa4d74ac9bb9affe7fe98c09175f1a7e0bb054c188aedd305c7710cf92e102aeb07d14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 72b4ffdae2809d9290558b02c2215ad0
SHA1 6abe6ede22400f02be75e9c0ad2e7fbc8e85d082
SHA256 c50e49015e3f009de56997f89c0cc2453bbeb52fdd3056473613b5aec6748814
SHA512 602ef64ef93734cc69379baf80898833343c481bfbaad8337a6c31b967e7ad1dbbfec01f3a36fe8122133b7ec1d53d27bdc553e181376278688cfb741b031d22

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 c018752aa0eeadae06cd4add8198f7b4
SHA1 63b949c75777f08c618f8b3d6641e12fed52efbd
SHA256 fe381810bd1e92e4852701086cd8bd0adc3d4a5e00bf6e5bb0317d85ae21b1d6
SHA512 91a0471bd931d495b7e368992f93c1b673ae9c0dd861738e3c3ee4abe479b512935ca4d554e7ec59651ca4dce608561f03768d606a30fa553fed551198a96eee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000078

MD5 ec3cec405190f46721873a8b2a13e07f
SHA1 fc36862879343d95753a74c0b3b3b8bebf1086cb
SHA256 0b78b7decd34ac4e254c1511621fc9fd5762e15cdfc826a9edb7442143f932b1
SHA512 cea01c7eae962da712d151a293a539fd622e7b298aa3caa85126e3aa06b98b6ccabbe50837ae96d1a2614295c6f524a5e9aa4b804a667adac457f3cf7ee2982b

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 64c0dbc6f621b7a439d1301d95c6f87d
SHA1 d6255f0d96cb01ebc8d47ded89941e014db40cb5
SHA256 34ee5bf968ed5cd8d8a12f05abc216b750fa40b2deaa125ee27a36ec8dd5810e
SHA512 2ee0790b13776dc2e8d27a2b435a21e463c03c5c8525908ef2177a61ffceaacedc7c26848cead52f7993640743d6e2fa9981a8eb2718ba60f3ea351465312e4a

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\6e4aba20-d7dc-11ed-92f9-72edbb006969.json

MD5 abb64bcb7e98c7f5f0db2b333749b241
SHA1 9e9ac3f819d168d10e833b867cfa900a53f8cdf1
SHA256 393b4bc7f803b1c4817996b769fc5d3c72fea35357d507997c9235a73fdb91e5
SHA512 148b129ea43ea0808d597dbc7286678401d772b068497c7d5adc4a15fe2ec05ddcbd277a08a5b2eca1724d9933bedf2182a14903cc10e5682efabf59fe6fe5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 db3128516e069ae2f9b02eab1001b800
SHA1 260db0141f060c35149cb379a0257097be944d88
SHA256 fe98fa0ef0888527c2e29b98791c855f6122e19766e92067c33c566a8445e202
SHA512 d1f844237e3c09e0ee71c7c0e56285914728d7919fa481f66e93d849c306e673e37ba43e8fe145ba5122adab92b52c676ce94c4103603deb01dac71433bd1e95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8f827338d36d11721d4ce3f188527b4e
SHA1 e0f1845f15fa06b9bc525dac9f275109798de44d
SHA256 0de719a4ca6549aa41bd1662bcdffecf1dae068fe26d954a0d5a57c614c59845
SHA512 1a818670db8c865d76145f335f734cb2e5c939085a6e40c5437371966248b7be62405d68f00a27db69affc9fae2af02f9e73035c277ed288dd8f414e9feff2bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3d4789f5d19962a55c72fdbb5ad28402
SHA1 6c823454a6bbe6968bf3a76bc6244b2aed20f36e
SHA256 396995c8c6620fc82f4733f10c9473fc1ef68e0b8fb0697f41ae28972b6153ac
SHA512 adbb6ee13f7010e4d8b641702218e4eee88187a8538bf9dbeb00f3b413c3bf772a1eb4c3533c2114e6f4f5ab215ec77d51460d678b291ec6084d9a856f614f35

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 1fdf9d64afedb52ad67a4bd62a4e4cb3
SHA1 9ab0bd5e4a0e62b8ea11faa9cd2164c3009adca4
SHA256 1d14b1df4f85dbd1f1ca364206936b29f606ba7daac11da04423877cc72bace2
SHA512 c2ce1a1d0880ca21063d2e219fd7c0b3ff1c08c3e76566757a07613f75bc78fe05da9fc9b557ac7baf64b17a21284be30c051fa24f36237b3c5173839db335e3

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 63e0223c44f7463fe6ea646dce1a0be6
SHA1 fea5842a26889fe7520c2ae34fa93bfcd3793774
SHA256 95b6755864aa3b5611571a2e60854b330c51610cd4926a970d7bd107f91965af
SHA512 6dee61b841058d177140a46b3b9f35054577d83a15fa882aac0236161bdf3be60e271a7f7026b78ec60f215129dcf32bc4ba6b6b6abaf5abd3c4773b4a7b1af8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 66c522ad9d1a6f9989936b54a35827cf
SHA1 1f377f96b9635f7e6bfc1536decb024de464f071
SHA256 b3a2fed8461c10643ea43b709e83b3b06f22cb1c4108869f7f7c1d1fddc685ea
SHA512 e48c8a37b9bd89b4c18a0d6cb491a42df64fdc9528f0db8dfe52b3d1c22674363b1b93c3eef74a8de7db586504f060e5eccf5f66a535b5a001cec85acba7c9e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a063056147ad3f4f9c994ac981f9ebd1
SHA1 72fe39e72815249a0ec68ca3e30e0f32cc5ff940
SHA256 2e3c3e45c881fa73999e868e081bee006c1e354631e3d5f239869dde8202ddad
SHA512 b18a0f09477aa9930d00b35b4bfd4357591552f50b6231ea345fa95a157a3329a7389c2b34e68bab78ef744092adca0d523c4fcbc6e9c90c8862f27c5944c23b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8f4ed13ad94ceff014367a52d8920920
SHA1 9bc4545212c26b99b3c5f9fbb6993715350e22b6
SHA256 897613623bfad024736427589d3d105ba477f3b9b259ca108292850fd7f9d604
SHA512 75ae44ccbdf5d1c6863964c0c9a3ff5c054a7a101e19fc3492cf05ff80b0dcdf8c185451efaa0832c850e45edd289090f4b98c99f46e2c2c97a9d8a1080a443c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5fd6b2.TMP

MD5 9eefc7aed08595447bdda4d26ae1a519
SHA1 33a55c3c11c9ecc07a7ee6baffef9ac595259efd
SHA256 c8607f375c1c64e4cd087a9e01722cf5fb6a0edf25005f5919352ce5a44b2136
SHA512 6d1241f4e452acdc83fa55392a8bc00e66b5c830f2f7c6d777795476016e18b14f28e9444f64dfc461e0324b8af88f3c3cbb0e69b47de6c5636cac2d0c843273

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2892eee3e20e19a9ba77be6913508a54
SHA1 7c4ef82faa28393c739c517d706ac6919a8ffc49
SHA256 4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512 b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13325631607964110

MD5 f30d2470263c8afa5aea3cac6742e479
SHA1 0b71c983afeef5eefe4b40abc794788cb678353e
SHA256 a8178eef68beda021e6d1c82e7913454b6b55658f585e0c9bdb09023bdd805d1
SHA512 f14f3afe7d42c392fc4f338293391325cb1139137db19591abf25fe9752af35f56a3f05992da7a4413d3a7723d5f09cc22f9c11804ded4614ce266d06d62e654

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f60b1f080518832d62c4df920db9fcab
SHA1 bbfd4eb70fe52941069ccdd93a37bb16b06772b7
SHA256 f4c425d18b6491c72e0f9e84e978bd1fe89e1342dbf50452f361ff672371fd00
SHA512 d95f82555a6e9c380dd19f48c1aaaee25efe79d2978cc506914f46629fc5be63ede5502ca6e05d41eadd11f7541f88ea22a3be680114d260204333020b085899

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 55b0a1c24afe6eafa50b6dbbdbf62d5c
SHA1 4147e8e185d6b3695f3415ed0b040e611319608f
SHA256 6fe55aa7b19cf09000a6300329d2ad9c7e33acdba57ff3437404dd9e9ebd8268
SHA512 c9acc48aadad75e5e0a776081dc0616e7842de9560d9caff365ef93d0faf781d5b11207f9be2d59d55ad511732e1916e86b029cec3ea275321b8a9b36f37727d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c04499d5fe26150a572311478abf03ee
SHA1 b0455d1ef530a6c2f7921739203c0c0ad7a82671
SHA256 c9c7e974b9e8fc1f332d65d2eeb2fdf536c4a99279bbe920579236515552475c
SHA512 865ebd4ee87c6d73987fa2c313e939ed9bc684b733bcfc627760dcae01f7d8bbece1f61443d97e1dcf983d9c6235cc7e54cdb50438fa1da3685e73d87064c39e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0fe8b7656db779c5bb92db128686e59e
SHA1 7067c01444d076c695d1b77cf51cf7f0696196ad
SHA256 bf0d7ce4ac69f5188af8847af9f12b966d958f1f9cc668f0b1f78745a51a729e
SHA512 b3c4c038246501b60402b8bd946c960e02090415b28a7b80c42f00b0faad0c7a051a28bc62218f5ab0b72519c808a2c9ad31b24430a8f59b8c97bbb2ca06df86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d73b95570abc66f8340a6ff13a4819fc
SHA1 83274cc324a79742fd4cfbbf0ec57b2fd85a04cf
SHA256 f7767eeae278457ddf9d1a547f19c75743b07f3e0549683472ef29f1ae868a02
SHA512 bd54500a2adda7b9bf8beefaf76bde586fcc7b4e6ef30080afe08fbe1190048176eb6e669632637d9a6db262feed3c3ddfe037673830d8400d486a32a6ab1735

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1da9cce2a80c024cda4a444882cc9332
SHA1 805b63ff1e8539e406510352afb088636c7b2b5e
SHA256 11663a1bb30e67e28e5d158f38827d4ce5b077513b4bad5fdac92a1fa069c025
SHA512 8adecc41b4fd5ed609d3f5ea636b1a32483c96562506a6b33bb0abe9a537cc682fdb50e8a4968387e3fc99d431063c4eede8f5e0aa4a0d9f9cb6d95e365d0679

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 903127afe7bfd9c3361dbbe8bd82d834
SHA1 f784a301b49aa8c97cd58c959b49af1a95f00ab4
SHA256 9a9e9b0d660bfc79ab7934b90a5070dba3c0f1a9d9c11d13be23b6513d92ec16
SHA512 024eeaa4e56a8ca3e63976cc43f1e6a04e2d3b22157524a25d6093b488c1030e0b47a3c74ae9446642c1d27324e288ae664dcdc62f939f3902944148cc119922

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7362921191fd90a8f67ba0d264a607e6
SHA1 8f74e5182507a812ffea2599cd86795b3b44bba7
SHA256 168fbbae1aaf80cdafcf39190b752e11c24869bb31b78ae334ddebd33634a09c
SHA512 cb481ed6c98ddbe04c97998a8a2e3cc91cac3bb14977fcfa2e9b1e5db7eaca78bf1fdbf75befd85f02ae63068af6afd73e462e76c191a5b3939732b786795b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7aef9c719cc13fc06ce999854b03b374
SHA1 f609e788b089b15318e3464b0e077fdfb6f44126
SHA256 e229015a85acacdf23abf658408f78b6a7067ce36d457b98e41930d689770db9
SHA512 21d528ea50c9d9cf9e7dbbc5f60d3a5949f2fa07e0dd18a4d6421479fdace4d6ef9b09d0d456be73053a7e89491b33401af4d120545e7d42ad00a0476b8c3842

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1e788d0a84fcaef46fa79088379192d6
SHA1 949f04a8c4abd1ffcc0f8249b54e22e683b5fa8f
SHA256 43b79ecbbc541aca07491a7901e7f53fb2f86396945ce9e9e0e9f3f53b12983a
SHA512 717b0353e6e0c968157b803c02f36788f17fb1dab65d4138ceb005d3fb1fab617e32503bb7bc18ca50de0f233700aab038547b89e6e61f68399ead931fb35d51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e942c3ef7797ad799ebc7e1d7461d96a
SHA1 5aafd1f924ce73ec4c3163a9d6413c942857f589
SHA256 0485608ec34c7cf4f507db59a0decff76d36eb1267793f228bbd03571355c3e7
SHA512 121b3f60e7a9f6cf968192d324c0bffd8290e96d1c756c5584d7fadf1cc951401100f9db5bbf1c98e3f16516cb81af101b76ecbe33182977ceb20d9b9d456b55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f25596b0f24f41cc1a3322006764690b
SHA1 960b1dd6d5745e7e53b2c4c73d7323e6b7eb66fb
SHA256 d05974ed6e63dd8a01271d90b7bcd23dbcf41e775d1a5549f30ead926cc1b8d3
SHA512 128234dad4a3ddb7b781ccd10ee25658c9e961e193f0f870c69660c198f4e64eeebe83c0d5949fa69e3013334e55739eaee0024328bbc8ac46078f171870cfaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6149808022d50524c53365210303a8ae
SHA1 4991463957b233e1aecbd6689bef48216833af6f
SHA256 92d5c8a4b2c5aa9ce0ee02a27ba008d5d86c7e0b78d9a2f7712e632a31a2a1a9
SHA512 c235e004eb6f6bc5208911bf710ea90b18567c4c67b47f9106da58e1cee91acfc73a44f4a6692cf42f6cf3febb5567380852d28d0b2ccf327a28f5c092c8aacc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c7c86aae273c6f72ed68f38e60e3b3c3
SHA1 f370ce1e9d04b70704d423a93b6cc09e61bf9d1e
SHA256 ef11fc7ca5fc69f4007f00d58f921bc37dd2af36199b82f037accbbfdb4f6b77
SHA512 81775bff2dcf242dfcbe89ab690d5dd86aa12055ae9ceaff7e3d86deef57a5289364ca78b57ab4683e570321dbd2a1d1f2bb9d9c2b96ce67cb538583496d3e1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097

MD5 8c6dcc6fe77d8f3c73d9edfe51cb2603
SHA1 fc3397f9e7f9386eed5c8f29664dcd9b9ecad179
SHA256 31ac1c5e3bcb44d4ebd5a2cf1ab75773761507d334e116b8a4ac14e6ae86bdad
SHA512 c38b7a084cb28e735577a5a4485d50be6605304a4a6479383a1939c802978451d7489fd1d36647c0c57244cf8b064752ac281d546d209f4caf500421a6c0cfca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c732372dbfd5c7a124fe4c7ec25e7255
SHA1 c4195871a1ee72319f5bc3cd24655b7f74e57917
SHA256 cd12043761ef4099dcefb4413483276cef5cfe45a5bd4cf6982a81baaf2c04e7
SHA512 aa087605e639e5ba3c895713d82588e57ab8366fca0fdcc9496a98e2eef87740e54789fae2c44751063a641d3ced731bc03773df4e9d2800569bca4046cc78b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 04951b47eaecd955fbbb89bdb640776f
SHA1 1da6aca267689933ef961fd969608f867250590a
SHA256 8acaa43c75207b6838b2f7ec882a1d1244f9b496a9715eb7332319f460277622
SHA512 958baec20d79042586096f87a3651e53390a5e7f371dab46272ecfcb8d98af1e7e3f95b19ce57831cbc03ad1d5367803426c4a09b3e6c662ecc828439f26b910

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e16a27201df9d5a3f07fcedd037943d4
SHA1 f63a6e90bda067072f45e1173353cbd47333241a
SHA256 0cc91a9001c43113c40c83cf4028f4e959394f390b335a3d36c331ea0ef43767
SHA512 4e3037731fbda08ff229748f8e5385af3742cfabb5097af57c580d069d592ad3de97dd23f2effb3cecfb1626b5b28457b7e28258b8da264bddabad174a77d89c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c13b83c0c6b854f17ae76dbf7e0eae11
SHA1 2d9b8a0c35a8af21c663e8f3fc6d68869a80ad85
SHA256 35d0693f62c9fbfb8f3ce79e1e11b300c60c62e90621a1a36198000d2f4c654a
SHA512 299019ca8d6bd14c3325b554dc425d8f9520ef6466f4de624b8227bd82cff7f503fdfe662d651a174a2c475014d420e441a2b250f5cbb2ccea0e29270d48a821

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fa31677806b8afd34252b1d6084a5d1a
SHA1 695dff5cc6f629c0f8cf9e307fb08b2f91792574
SHA256 7e80f394821e5355e360ab793b6be487ca63a06bb9eefbb28f10f938ebbf5c52
SHA512 5c61f2cb4f07ff54e86576fdf770682fa6121608e908d96b7256dc6cfbff8b636058a7200c1d9fb916a08c92a23bb9cf7342fb8b510891faf2d4002572de216d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 51f18e69c574683575238adcadd55c77
SHA1 ab7e9a4c02962245020a05962f742d5c211eae01
SHA256 e7537896f35cee4b24f7985dc513db03c51ffd2b3f7c42f425471044e2c89edc
SHA512 0a4ca1ff22a1aee806c9a3a53607a0c99dc2cf4e5ebec5026830a44f1e8f8c127c892da2a14c96ac76ee1d8b25c65c96859ebe5209bbf97803af7e1d0d39728f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9e4924773b7ddad53d109db502cdf357
SHA1 5b71edc7f0e35ac43267e5e42fc9ad1f516f4e75
SHA256 0375bfb0f0d9d81dec2931edf158ca0f537cbb3d23e05c90245a247d37f28890
SHA512 de9b83b691fe639bd7f4d8db594856fce24c393096ce03b2ae482afe1eff98813515926ed06450fa8c3104417e942763e4ba6bc3af494c43bd20f49246b5386a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bd14a2ca733a04fa72a8190cb6c4667c
SHA1 f7e096a6dd4bb2fb2dcee51dfb489ed85d199014
SHA256 014fb4982712a1461744afed580f5c3a2845fced657ddc9a3b07f3448a394136
SHA512 9bd1deac52a678d7e6994ab23893a79e66c1e6a208b1af1e51d449184c9b144abc65406b558ab7618c05b2fc5151199d42b620aff0a6112b2d61d2701e580ee2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7ce6e9c1dac6a9b6a1461ea2155e63c8
SHA1 874a66d046d2033b9e0ebc6458477acbae74155d
SHA256 2dae5f2f28ee5572699c1428ecf264a58428b821b30d4d4930bd015e182e0947
SHA512 fb51754be24950b055ef9571b17949959e934edacbcd1b684646c17baa331ce83b7bf3d92cca33e07f9b2770495ac29f23c13bbf78f19f9974f329091df3bcb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fe2a75157c97220d64a8ae877df6d134
SHA1 9191fb3153b303209a2f00464a8054d0dd3afc6a
SHA256 dd821216b8a1299c7ee3246077fe5d1168ba23a8e363857d6b0b133801174cda
SHA512 c0df427953150a6376ed7260d4912851f9ccc1b15ee36c15e7dabe446fcbb93b98546d8db80933ea852514105e969888ee030e6158ae2f1a1307794cb0008e80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2d8bead5d278f0934ee77805f4940815
SHA1 f436667f7c85255be79b0f2bbdd28b171f598115
SHA256 2b65ebb2638909aa1b78e3991c0b807b499908e3c8a9a0df1ad474ea676151a3
SHA512 cc28f88bb648881382ad979b914220130a78712530b723bf9602620f2b4ead4fc6bbf721a8af9a260e4a83730ce66c912bfc1091333c67c3185a9925266a3a57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 98c5d116a281269addf9fc6b0ab68806
SHA1 1e057149b7847d8d9ae580d7d48929b209542297
SHA256 a7df3c5c785f854d5a06fb8b78b024fabe6ef18853b79a865e5a3a9cb13f2c5f
SHA512 4609c64db17bdd3f79d1f622b4886c6aba343f689a5f57e967d341411f29a6b6c3e898067a80628609feb560395d33ee6ad25a90110e31e100cd46c633f82a0a

memory/6432-11550-0x0000016381F00000-0x0000016381F10000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 333a0a4b65933479dd406757897bd86e
SHA1 84e27cdbdcde7cba7bd48fe41611f12e513eb86b
SHA256 d8fc4ed424208768a8e25793ce1c65cc02a6deb372ce840c898df456a1e45fb1
SHA512 adfcea748716e36c9800417d887a9efed5a4d137fde20e08f6e05ed240a1058abefc04092f43a8be6c12d4196da7829fd5e5e8b22291bc3e4f557679eaa71191

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7cf9554364231f5ae3a46724b3f1f512
SHA1 f20e3ee08c465f06131b777da0f3a993120355d3
SHA256 23b2d828be1ad582e5218a02452bc83c271510acf821326a34cc73d35df85037
SHA512 8c4031c45a7799115e7d10975eff26e864a3c6a13df722e5b7e53abf80ef5666fa90dff97742935c296832ee8d836e486e804fa7f14f694d64d664a4eec864c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e63b6c7a5d28f79a3da88c46ecdca67e
SHA1 029329306acc33faa73216cc3059495eaa529d52
SHA256 142dab109b0784f7eb8275aa10867cd545abafe27aaa2202dd8c17b601ffdc5d
SHA512 27fe63005cea44eecdaefb1c82af1d7c7010b5997f1f0503a49d137fdb1945e05d08e844c5eecd8d2c0bb4e2d8e1945a6544728102fc1c8350ab2f4c0ccaf5d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2d57ee4a74d93add61cde22cb915016d
SHA1 cadc1ef72e589dd2b08c5441c2b44a016cab4d6b
SHA256 37dfe431eaed7be8f999c9c264f77e1f34b38aecddfca94cf88f514183af0c48
SHA512 765a5f46c914e98df2042cfaf4cded28e8a5c669d56086b5ad4a35c8aea47dc869c893844a1353c2e546c6c7ecec6a7df8ba2a17aa41befd305fcd8b7a9ec25a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e9c32d779c258d13eaa45c3f4bcc0d2b
SHA1 8d633aaa66b3476507ff27986d15c57f2befdb0d
SHA256 70c25a067f65517d9c65bb33819d4b769a2ca4f3cbd48a8e2efc3d915df1bf60
SHA512 0edd7e5235e3ae0bd3a7243b533878369b3f723147bb1e31892c7226f301b97dc203de186710ccd025116919c547fe887d2e9133432ad105abf34938b728daa5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 98992f2df1c7155f0ff5a2ad5d5188e6
SHA1 71653ac526e35a8752373b6476d48b314e756d4f
SHA256 70301d907757604ef9bed563050043729ebe660f15c588c134906a75bad986e5
SHA512 f189d2733a3caf9e7a72d164c9737d61fae0bbf4a208bebbd35b7f679b74bd6b1655ea175c6dac13d2d2aa4b27cd8ee39322e614f29166e4fa9f8fc6f4c4731c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 53a6d4017787ecbd6dcba83098d40802
SHA1 aa4849ca4aeeb7aa4cf169f640c5a7831b8c5fa9
SHA256 82799544a14d7a49ab7e9fcdd8a3c83a9de57e982f3b4e8b35b8061aed414254
SHA512 206b24ec43753d3d31b6ce618dba645b5a5c9fee502260c5ef7c5456dfa961fcc0be53c91225fb06918e0006709eb48b208f415298102517e6047e7bf06c9400

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 add08f54295af8f2362bc98a499bf428
SHA1 0a4b28c738ee2a39efa6e52348e20ef75d316c13
SHA256 c1f6e8fc803a5422aa9b73f72ce42a86ceda6959ed6a691650b4afdb4128f0bb
SHA512 295f9fe0fb72949694b0cd2939628559566d9a351465073bf76f989eab5ac6d92a46c0805c371f10946d2763ca78c86f54e19d6867b799fe85bc4c7a031e2fe1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 ab6ab31fbc80601ffb8ed2de18f4e3d3
SHA1 983df2e897edf98f32988ea814e1b97adfc01a01
SHA256 eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8
SHA512 41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

MD5 a397e5983d4a1619e36143b4d804b870
SHA1 aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4
SHA256 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4
SHA512 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e7f94e9ad4fe1476e59c95519c348044
SHA1 307d507058254c1b3d47afcb796bf4c65ab3904d
SHA256 282b1863b4e7501e33962590aba8ae076c7648765a7c32cfebef13f41e6ca4a9
SHA512 f143aa996882849c1f4d044c8189812e6866d482d10946380216a8ed7a5d53d849383e5f8dce1924fb046eabe17f73fad017cf54d624474b2132d48dce1d9bc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a6

MD5 94e281ade5ef2175af33e44cde5df633
SHA1 06175bb052e5d44d982431a0f3f8dbf9457f1339
SHA256 098574bb7b2b9778de53b5936994e5213747a982aca2a11d5306b689cadcbd37
SHA512 40a83317c86d93a11062df3e684c302e43212f27d9d9bc3b52412155e9d45d4480c521ac4c859dde919efdb3a35869f0cacf5407df4bb1576964d9c1b55c4efb