Malware Analysis Report

2024-11-30 11:32

Sample ID 240224-2a5jzagf3s
Target a23b318f6c7118191e14c01fe72b65fc
SHA256 954d1ef6afce8843a96769f710d52f407777a6c294ecb3539da592f3f72a560c
Tags
lokibot collection spyware stealer trojan lockbit microsoft discovery persistence phishing ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

954d1ef6afce8843a96769f710d52f407777a6c294ecb3539da592f3f72a560c

Threat Level: Known bad

The file a23b318f6c7118191e14c01fe72b65fc was found to be: Known bad.

Malicious Activity Summary

lokibot collection spyware stealer trojan lockbit microsoft discovery persistence phishing ransomware

Suspicious use of NtCreateUserProcessOtherParentProcess

Lokibot

Lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload

CustAttr .NET packer

Sets service image path in registry

Sets file execution options in registry

Modifies RDP port number used by Windows

Downloads MZ/PE file

Modifies Installed Components in the registry

Drops file in Drivers directory

Reads user/profile data of web browsers

Checks BIOS information in registry

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Registers COM server for autorun

Enumerates connected drives

Checks installed software on the system

Accesses Microsoft Outlook profiles

Drops file in System32 directory

Suspicious use of SetThreadContext

Detected potential entity reuse from brand microsoft.

Drops file in Program Files directory

Drops file in Windows directory

Program crash

Enumerates physical storage devices

Unsigned PE

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Uses Volume Shadow Copy WMI provider

Modifies system certificate store

Checks processor information in registry

Suspicious behavior: LoadsDriver

Suspicious behavior: GetForegroundWindowSpam

outlook_office_path

Opens file in notepad (likely ransom note)

Suspicious use of WriteProcessMemory

Suspicious behavior: RenamesItself

Modifies registry class

Uses Task Scheduler COM API

Suspicious behavior: SetClipboardViewer

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Modifies Internet Explorer settings

Script User-Agent

outlook_win_path

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-24 22:23

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-24 22:23

Reported

2024-02-24 22:55

Platform

win7-20240220-en

Max time kernel

1800s

Max time network

1747s

Command Line

C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe Invoke-WebRequest -Uri "https://download.sysinternals.com/files/Sysmon.zip" -OutFile "C:\Sysmon.zip"

Signatures

Lokibot

trojan spyware stealer lokibot

CustAttr .NET packer

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2872 set thread context of 1680 N/A C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2596 wrote to memory of 2616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe

C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe Invoke-WebRequest -Uri "https://download.sysinternals.com/files/Sysmon.zip" -OutFile "C:\Sysmon.zip"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7419758,0x7fef7419768,0x7fef7419778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1256,i,3978569405145211245,13543720098417564307,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1256,i,3978569405145211245,13543720098417564307,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1256,i,3978569405145211245,13543720098417564307,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1256,i,3978569405145211245,13543720098417564307,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1256,i,3978569405145211245,13543720098417564307,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1488 --field-trial-handle=1256,i,3978569405145211245,13543720098417564307,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1344 --field-trial-handle=1256,i,3978569405145211245,13543720098417564307,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3456 --field-trial-handle=1256,i,3978569405145211245,13543720098417564307,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe

"C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2676 --field-trial-handle=1256,i,3978569405145211245,13543720098417564307,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 vihaiha.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 vihaiha.com udp

Files

memory/2872-1-0x0000000074610000-0x0000000074CFE000-memory.dmp

memory/2872-0-0x0000000000A40000-0x0000000000B04000-memory.dmp

memory/2872-2-0x0000000004C40000-0x0000000004C80000-memory.dmp

memory/2872-3-0x00000000004B0000-0x00000000004C2000-memory.dmp

memory/2872-4-0x0000000074610000-0x0000000074CFE000-memory.dmp

memory/2872-5-0x0000000004C40000-0x0000000004C80000-memory.dmp

\??\pipe\crashpad_2596_TIQSCHFYDTEUIHIN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/2872-55-0x0000000005A80000-0x0000000005AEC000-memory.dmp

memory/2872-56-0x0000000000A10000-0x0000000000A36000-memory.dmp

memory/1680-58-0x0000000000400000-0x00000000004A2000-memory.dmp

memory/1680-64-0x0000000000400000-0x00000000004A2000-memory.dmp

memory/1680-66-0x0000000000400000-0x00000000004A2000-memory.dmp

memory/1680-69-0x0000000000400000-0x00000000004A2000-memory.dmp

memory/1680-76-0x0000000000400000-0x00000000004A2000-memory.dmp

memory/1680-81-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/1680-83-0x0000000000400000-0x00000000004A2000-memory.dmp

memory/1680-88-0x0000000000400000-0x00000000004A2000-memory.dmp

memory/2872-93-0x0000000074610000-0x0000000074CFE000-memory.dmp

memory/1680-94-0x0000000000400000-0x00000000004A2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 873734b55d4c7d35a177c8318b0caec7
SHA1 469b913b09ea5b55e60098c95120cc9b935ddb28
SHA256 4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d
SHA512 24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

memory/1680-106-0x0000000000400000-0x00000000004A2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2721934792-624042501-2768869379-1000\0f5007522459c86e95ffcc62f32308f1_dbaf3979-518f-4824-86e4-f33db9fb991c

MD5 d898504a722bff1524134c6ab6a5eaa5
SHA1 e0fdc90c2ca2a0219c99d2758e68c18875a3e11e
SHA256 878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9
SHA512 26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2721934792-624042501-2768869379-1000\0f5007522459c86e95ffcc62f32308f1_dbaf3979-518f-4824-86e4-f33db9fb991c

MD5 c07225d4e7d01d31042965f048728a0a
SHA1 69d70b340fd9f44c89adb9a2278df84faa9906b7
SHA256 8c136c7ae08020ad16fd1928e36ad335ddef8b85906d66b712fff049aa57dc9a
SHA512 23d3cea738e1abf561320847c39dadc8b5794d7bd8761b0457956f827a17ad2556118b909a3e6929db79980ccf156a6f58ac823cf88329e62417d2807b34b64b

memory/1680-160-0x0000000000400000-0x00000000004A2000-memory.dmp

memory/1680-161-0x0000000000400000-0x00000000004A2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f5e2b29bdf7ca58e95f933342f372d14
SHA1 fc7f306fdbb62f7a78863b7a53f7434f4fe74ffc
SHA256 c7abffca086af07d2272b981395041a764373be0d6e959f3e5d4658d83263770
SHA512 f2ba3077b9fe06d6580420272eeb3061b6bcb43f940c5f8425fe9e722aa14abf2c3d27b337e0d47f58383bbf55b813fb0ffe14d3c3691d8001dcf9dafc8e3cea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 db08d910a1b8c2d63615e309e2edd216
SHA1 3eb99a6ee88fd9187ef9fcf89ea4b8cf57cc126d
SHA256 96d121e91aebb231dde14b6ddaea0b705f2b5e74087012efdf8e0cd22ba376b5
SHA512 3622fd000739b39cc0a108c18a9a7d0f5abf109cc72518383da7c624a7149d3f931a92244fad37ebc67bf8ecd3120f41edbc5b4ed9d85629144f67bc1b415c68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7ec22d742c8aefe7_0

MD5 e73be9559407f275a4748f49f460fc47
SHA1 42d9b8cec63949ac8f660209c16462934c274e0a
SHA256 264e914bd90e5b1c344b688f088ec71a298b9dbd346ebb25c212fac12271853f
SHA512 0c56a7a7523713b6d68f4ea8d20aaa9fba14fc2313aa554decf697c6ade4b68c9dd620888a58710c036a9eb74130070f3fa6f872a83f714787244a9547dab7cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f2d0ced5480d05bf_0

MD5 7f5675cf4e26b26649e904cd768a691f
SHA1 631b3750a09904ae9739cba94a59bb6190ed7d41
SHA256 99be8a8ad80a09f3390c812c149fa972aebe19cb7226f6caa65429914f58cf93
SHA512 c08bd4df656ef3b9c62affd5af8ae586c69c62a120e43000195ba46e91a743c4c8fc6978a78560226f9fcd1824323663b39448f51f5ba40844c0e7b37f473b40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 21af2b48ec4fb242f035f5d89fe8e604
SHA1 7fa3241a840f06a378b2448e72d71023c679dc65
SHA256 1091e702b660c79596af20d98c31255168ce7d15686d6afba2ad715c8bf999c4
SHA512 f41e17c138ea4c4343e939e1f4de1d13f8067d088d90844a7257204a067278b4ae8705565b577fb689c521d3fa642ae435369f9f2b41395cd45bc980f83cc97a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c802e8fa85747e9f54abc998ccbd153e
SHA1 da434651994f99f72626c24f294f69e310456d0f
SHA256 edc8070af994b0f72727690b6dcbe7416634d0d594df3d4a0d03e2662f6b93f2
SHA512 5420028b5e0c889c9ab5022c0689d786fdc379d85746d611b68242c93c4239476e0412c1efc7a2e85d3561dbe8fdab1966c3e6038d85a05f4f1a34b2a78993ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 803fb20751053d8022857576d2eaaecd
SHA1 5698d66d33ce2906afdf922e744f22711fd1a79f
SHA256 30f0d06f3b287988c695c95f984ed0a374ad89522768950306509272ddf11a3c
SHA512 70cf27250a89bea8cd3fa9b5c546fa13c6e9ab3e10c10de65d271417dad836ea31f0ac9e4217d8c6912ce802a22c97245d9b808ac1b1c0fc9ef88f5016f0fa65

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-24 22:23

Reported

2024-02-24 22:50

Platform

win10v2004-20240221-en

Max time kernel

1115s

Max time network

1360s

Command Line

C:\Windows\Explorer.EXE

Signatures

Lockbit

ransomware lockbit

Lokibot

trojan spyware stealer lokibot

Rule to detect Lockbit 3.0 ransomware Windows payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 5596 created 3224 N/A C:\Users\Admin\Downloads\MBSetup.exe C:\Windows\Explorer.EXE

CustAttr .NET packer

Description Indicator Process Target
N/A N/A N/A N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\DRIVERS\SET479B.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SETA35E.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SETAF27.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SETBC57.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\drivers\mbae64.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET55E4.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET7EFB.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET88FE.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\MbamChameleon.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET3990.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET7219.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SETA35E.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SETC9B6.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET1EE.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mbamswissarmy.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET6537.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SETBC57.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SETC9B6.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET6537.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET7219.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET7EFB.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SETAF27.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SETF0E.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET55E4.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET88FE.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET962E.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET1C6D.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\Downloads\MBSetup.exe N/A
File created C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET3990.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\farflt.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET479B.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mbam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET962E.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET1C6D.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mwac.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET1EE.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SETF0E.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\122.0.6261.70\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A

Modifies RDP port number used by Windows

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\Downloads\MBSetup.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\Control Panel\International\Geo\Nation C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Sysmon\Sysmon64.exe N/A
N/A N/A C:\Users\Admin\Downloads\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567.exe N/A
N/A N/A C:\Users\Admin\Downloads\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567.exe N/A
N/A N/A C:\Users\Admin\Downloads\ChromeSetup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\122.0.6261.70_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\compattelrunner.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\122.0.6261.70\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateBroker.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Users\Admin\Downloads\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\Users\Admin\Downloads\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
N/A N/A C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\compattelrunner.exe N/A
N/A N/A C:\Windows\system32\compattelrunner.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B50B3FA2-B519-4C16-A932-46E9FFD1D910}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.372\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B50B3FA2-B519-4C16-A932-46E9FFD1D910}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.372\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B50B3FA2-B519-4C16-A932-46E9FFD1D910}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B50B3FA2-B519-4C16-A932-46E9FFD1D910}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.372\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.372\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.372\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.372\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\INPROCSERVER32 C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B50B3FA2-B519-4C16-A932-46E9FFD1D910}\InProcServer32 C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.372\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B50B3FA2-B519-4C16-A932-46E9FFD1D910}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.372\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32\ServerExecutable = "C:\\Program Files\\Google\\Chrome\\Application\\122.0.6261.70\\notification_helper.exe" C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B50B3FA2-B519-4C16-A932-46E9FFD1D910}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.372\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\U: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\U: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\572BF21E454637C9F000BE1AF9B1E1A9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\netr28x.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisimplatformmp.inf_amd64_8de1181bfd1f1628\ndisimplatformmp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_32a9ad23c1ecc42d\c_net.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\netrtwlanu.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\netrndis.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_8b2087393aaef952\netimm.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\net7800-x64-n650f.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_f9e30429669d7fff\netvwwanmp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\net7400-x64-n650.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\netk57a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\netrtwlane01.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\netwew00.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\netloop.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\kdnic.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\net8192su64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\netwtw08.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\netathr10x.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\netjme.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\netwtw06.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ykinx64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\nete1e3e.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_8984d8483eef476c\rt640x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\netvg63a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1bdf7a435cb3580d\netrasa.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{a7356d90-e7d0-b74b-823d-27ea0a6e8095}\mbtun.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_dba6eeaf0544a4e0\netwmbclass.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\netwtw04.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_81bff1eb756435c6\rndiscmp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\netsstpa.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{a7356d90-e7d0-b74b-823d-27ea0a6e8095}\SET7798.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\nett4x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\netr28ux.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\netax88772.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_b06c3bc32f7db374\bthpan.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ipoib6x.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\net9500-x64-n650f.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\netbc63a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\net8187se64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{a7356d90-e7d0-b74b-823d-27ea0a6e8095}\mbtun.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{a7356d90-e7d0-b74b-823d-27ea0a6e8095}\SET77AA.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\taskschd.msc C:\Windows\system32\mmc.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\usbnet.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\netax88179_178a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\netvf63a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\msux64w10.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_07ad61d07466a58a\wceisvista.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\net1yx64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\netxex64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{a7356d90-e7d0-b74b-823d-27ea0a6e8095}\mbtun.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\eventvwr.msc C:\Windows\system32\mmc.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\dc21x4vm.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4768 set thread context of 5968 N/A C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2652_466921965\Chrome-bin\122.0.6261.70\Locales\ja.pak C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\UIAutomationClientSideProviders.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-synch-l1-2-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.Linq.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2652_466921965\Chrome-bin\122.0.6261.70\eventlog_provider.dll C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Input.Manipulations.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.runtimeconfig.json C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\SQLitePCLRaw.batteries_v2.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_ro.dll C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2652_466921965\Chrome-bin\122.0.6261.70\Locales\de.pak C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A
File opened for modification C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_sr.dll C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\UIAutomationProvider.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\System.Management.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2652_466921965\Chrome-bin\122.0.6261.70\mojo_core.dll C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\vcruntime140_cor3.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Windows.Forms.Design.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\PresentationUI.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\WindowsFormsIntegration.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2652_466921965\Chrome-bin\122.0.6261.70\elevation_service.exe C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemCore.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_hu.dll C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2652_466921965\Chrome-bin\122.0.6261.70\chrome_200_percent.pak C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Loader.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM146F.tmp\goopdateres_bg.dll C:\Users\Admin\Downloads\ChromeSetup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM146F.tmp\goopdateres_sw.dll C:\Users\Admin\Downloads\ChromeSetup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\goopdateres_zh-TW.dll C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-handle-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Extensions.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\es\ReachFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Input.Manipulations.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Drawing.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM146F.tmp\goopdateres_ja.dll C:\Users\Admin\Downloads\ChromeSetup.exe N/A
File opened for modification C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdateSetup.exe C:\Users\Admin\Downloads\ChromeSetup.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Globalization.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Forms.Design.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationProvider.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.Tray.deps.json C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-processthreads-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-private-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\Microsoft.VisualBasic.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\version.dat C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2652_466921965\Chrome-bin\122.0.6261.70\VisualElements\SmallLogo.png C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Threading.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Resources.Writer.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\de\ReachFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2652_466921965\Chrome-bin\122.0.6261.70\VisualElements\LogoBeta.png C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-file-l1-2-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\7z.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.Caching.Abstractions.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\sdk\mwac.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM146F.tmp\goopdateres_am.dll C:\Users\Admin\Downloads\ChromeSetup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.372\psmachine.dll C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\UIAutomationTypes.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\System.DirectoryServices.AccountManagement.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\pkgvers.dat C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\Microsoft.Win32.Primitives.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Web.HttpUtility.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Net.Quic.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\security\logs\scecomp.log C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes\FirstRun = "false" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1691A7E8-B8D1-46D5-BB29-3A4DB2D809C6}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{503084FD-0743-46C7-833F-D0057E8AC505}\ = "_ICleanControllerEventsV5" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB586AB4-56F2-4EFA-9756-EE9A399B44DE} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{778103CC-4FA4-42AC-8981-D6F11ACC6B7F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E1BA0B73-14BD-4C9D-98CA-99355BD4EB24}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DC2F8F62-D471-4AD5-B346-9F214FE941A7}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EA248A19-F84E-4407-ADD3-8563AFD81269}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D81C2A20-D03D-40D4-A371-A499633A2AD3} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB81F893-5D01-4DFD-98E1-3A6CB9C3E63E}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{560EB17C-4365-4DFC-A855-F99B223F02AF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{55D0C28B-2BF3-4230-B48D-DB2C2D7BF6F8}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{83D0C30B-ECF4-40C5-80EC-21BB47F898A9}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F81B1882-A388-42E5-9351-05C858E52DDC}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EA248A19-F84E-4407-ADD3-8563AFD81269}\ = "IArwControllerV2" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B50B3FA2-B519-4C16-A932-46E9FFD1D910}\ = "PSFactoryBuffer" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8640989C-20B4-41BE-BFE1-218EF5B076A6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3498D9E4-6476-4AC0-B53A-75BC9955EF37}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD3CFEBD-3B8E-4651-BB7C-537D1F03E59C}\ = "IMWACControllerV4" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E8D2DC04-56F2-4F6F-8E11-8CB2BB337FCA}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{46AEAC9A-C091-4B63-926C-37CFBD9D244F}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{34544A67-823A-484D-8E18-371AFEAEC02E}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{638A43D2-5475-424B-87B8-042109D7768F} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\ELEVATION C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{553B1C62-BE94-4CE0-8041-EB3BC1329D20}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{02143C0F-1656-4B2E-95E7-EA8178A29E2E}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0AB5C774-8EB7-4C1B-9BBB-5AC3E2C291DD}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0CEAFA7-4F65-418C-8A61-92B2048115EE} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08927360-710B-483B-BEEC-17E51FF84AF9}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc\CurVer\ = "GoogleUpdate.Update3WebSvc.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.372\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{106E3995-72F9-458A-A317-9AFF9E45A1F0}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EBA4A79D-9F4E-4E7A-AC00-49ECE23C20B6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{78E69E6F-EC12-4B84-8431-1D68572C7A61}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\Version C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MB.UpdateController.1\ = "UpdateController Class" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A0EB1521-C843-47D5-88D2-5449A2F5F40B}\ = "_IArwControllerEventsV4" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79CAE9D0-99AA-4FEB-B6B1-1AC1A2D8F874}\TypeLib\ = "{74630AE8-C170-4A8F-A90A-F42D63EFE1E8}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59E42E77-5F19-4602-A559-3FFA9EE51202}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BF153224-DA64-41F1-AA87-321B345870FA}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9F798C4B-4059-46F9-A0FE-F6B1664ADE96}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B9442AA1-AEB8-4FB4-B998-BFBC37BA8A99}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0C4652FC-FA35-4394-A133-F68409776465} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BADF77CD-ECCE-4B36-88FF-6A2804FFE307}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C30B7D9-82A1-4068-8A5B-F4C7D5EF75A3} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CE18DD5-2BD7-4844-B9AD-DF6A995750A1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\ = "IJobObserver2" C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\Version\ = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F22E03D6-F159-40A0-9476-16F3377B58C9}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{638A43D2-5475-424B-87B8-042109D7768F}\TypeLib\ = "{74630AE8-C170-4A8F-A90A-F42D63EFE1E8}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2A153977-1A37-4EF7-9226-9E128FA51AE1}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF} C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\LOCALSERVER32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D51C573D-B305-4980-8DFF-076C1878CCFB}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3F967173-2B83-4B7F-A633-074B06FD0C64}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8D488C7C-023D-4561-B377-DD9FB7124326}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\ProgID C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BAFDF38F-72A8-4791-AACC-72EB8E09E460}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3F656FD9-2597-4587-8F05-781C11710867}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7BCC13C-47B9-4DC0-8FC6-B2A489EF60EF}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3641B831-731C-4963-B50B-D84902285C26}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe N/A

Suspicious behavior: SetClipboardViewer

Description Indicator Process Target
N/A N/A C:\Windows\system32\mmc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4820 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4820 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe N/A

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe

C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe Invoke-WebRequest -Uri "https://download.sysinternals.com/files/Sysmon.zip" -OutFile "C:\Sysmon.zip"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc70379758,0x7ffc70379768,0x7ffc70379778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1684,i,11436233592568189603,10078464137603898940,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1684,i,11436233592568189603,10078464137603898940,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1684,i,11436233592568189603,10078464137603898940,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1684,i,11436233592568189603,10078464137603898940,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1684,i,11436233592568189603,10078464137603898940,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4484 --field-trial-handle=1684,i,11436233592568189603,10078464137603898940,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5112 --field-trial-handle=1684,i,11436233592568189603,10078464137603898940,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1684,i,11436233592568189603,10078464137603898940,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1684,i,11436233592568189603,10078464137603898940,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4812 --field-trial-handle=1684,i,11436233592568189603,10078464137603898940,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5168 --field-trial-handle=1684,i,11436233592568189603,10078464137603898940,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=1684,i,11436233592568189603,10078464137603898940,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 --field-trial-handle=1684,i,11436233592568189603,10078464137603898940,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe

"C:\Users\Admin\AppData\Local\Temp\a23b318f6c7118191e14c01fe72b65fc.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3756 --field-trial-handle=1684,i,11436233592568189603,10078464137603898940,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x410 0x2f8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2316 --field-trial-handle=1684,i,11436233592568189603,10078464137603898940,131072 /prefetch:2

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc70379758,0x7ffc70379768,0x7ffc70379778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4656 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5184 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff69bb37688,0x7ff69bb37698,0x7ff69bb376a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4848 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4816 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4208 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5628 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4080 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3116 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3384 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4784 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=960 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1028 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4784 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3160 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4764 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Sysmon\" -spe -an -ai#7zMap7153:74:7zEvent6893

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Users\Admin\Downloads\Sysmon\Sysmon64.exe

Sysmon64.exe -i

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5044 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:8

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\eventvwr.msc" /s

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6024 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6452 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567\" -spe -an -ai#7zMap2727:190:7zEvent15931

C:\Users\Admin\Downloads\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567.exe

"C:\Users\Admin\Downloads\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4884 -ip 4884

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 264

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6112 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6868 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7064 --field-trial-handle=1916,i,10545251938442700481,12428872306629131040,131072 /prefetch:8

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\msedge_installer.log

C:\Users\Admin\Downloads\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567.exe

"C:\Users\Admin\Downloads\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4856 -ip 4856

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 244

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc70379758,0x7ffc70379768,0x7ffc70379778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4696 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5212 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5224 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3228 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4140 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3224 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6132 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5592 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:8

C:\Users\Admin\Downloads\ChromeSetup.exe

"C:\Users\Admin\Downloads\ChromeSetup.exe"

C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Temp\GUM146F.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={79D7124F-2656-F014-F66E-A5B075D98A6F}&lang=en&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zNzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QkZERDk2MzUtNTlDOS00MDU1LUE1MUItREYyNDBGQjYwNDBEfSIgdXNlcmlkPSJ7N0IwRDQxNTAtNDE0Qy00QjY2LTgzQTMtMjdFNjVCOUU0RTk4fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezlEOTI0N0JFLTFCQzktNDMyQi05NDI4LTY2MDAyNDdCREY2Rn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjE1MSIgbmV4dHZlcnNpb249IjEuMy4zNi4zNzIiIGxhbmc9ImVuIiBicmFuZD0iIiBjbGllbnQ9IiIgaWlkPSJ7NzlENzEyNEYtMjY1Ni1GMDE0LUY2NkUtQTVCMDc1RDk4QTZGfSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIxMDU0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={79D7124F-2656-F014-F66E-A5B075D98A6F}&lang=en&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{BFDD9635-59C9-4055-A51B-DF240FB6040D}"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3196 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6008 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4764 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5728 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6260 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6188 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:8

C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\122.0.6261.70_chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\122.0.6261.70_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\gui7DB9.tmp"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6180 --field-trial-handle=1864,i,13454299305338438435,3146486168140020100,131072 /prefetch:1

C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\gui7DB9.tmp"

C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=122.0.6261.70 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff7aa6c17e8,0x7ff7aa6c17f4,0x7ff7aa6c1800

C:\Users\Admin\Downloads\MBSetup.exe

"C:\Users\Admin\Downloads\MBSetup.exe"

C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{BB407232-D1D3-410A-8AF3-AF93A4D756F5}\CR_DCE02.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=122.0.6261.70 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff7aa6c17e8,0x7ff7aa6c17f4,0x7ff7aa6c1800

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNzIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zNzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QkZERDk2MzUtNTlDOS00MDU1LUE1MUItREYyNDBGQjYwNDBEfSIgdXNlcmlkPSJ7N0IwRDQxNTAtNDE0Qy00QjY2LTgzQTMtMjdFNjVCOUU0RTk4fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezJGQkRDODk4LURBMEEtNDBBMy1CNjQ3LUNFRjQxREJBQjIwRn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTIyLjAuNjI2MS43MCIgYXA9Ing2NC1zdGFibGUtc3RhdHNkZWZfMSIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIzIiBpaWQ9Ins3OUQ3MTI0Ri0yNjU2LUYwMTQtRjY2RS1BNUIwNzVEOThBNkZ9IiBjb2hvcnQ9IjE6Z3UvaTE5OiIgY29ob3J0bmFtZT0iU3RhYmxlIEluc3RhbGxzICZhbXA7IFZlcnNpb24gUGlucyI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9lZGdlZGwubWUuZ3Z0MS5jb20vZWRnZWRsL3JlbGVhc2UyL2Nocm9tZS9hZDJvdHB6cG1oenhtY2t1Y3Q2eGpmd2R4bDVhXzEyMi4wLjYyNjEuNzAvMTIyLjAuNjI2MS43MF9jaHJvbWVfaW5zdGFsbGVyLmV4ZSIgZG93bmxvYWRlZD0iMTEzMzMwNzM2IiB0b3RhbD0iMTEzMzMwNzM2IiBkb3dubG9hZF90aW1lX21zPSIxMDQ4MiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzA3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNDIyIiBkb3dubG9hZF90aW1lX21zPSIxNDUwNyIgZG93bmxvYWRlZD0iMTEzMzMwNzM2IiB0b3RhbD0iMTEzMzMwNzM2IiBpbnN0YWxsX3RpbWVfbXM9IjUzNDEyIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc

C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\setup.exe" --rename-chrome-exe --system-level --verbose-logging --channel=stable

C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=122.0.6261.70 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff7849f17e8,0x7ff7849f17f4,0x7ff7849f1800

C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\setup.exe" --channel=stable --delete-old-versions --system-level --verbose-logging

C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=122.0.6261.70 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff7849f17e8,0x7ff7849f17f4,0x7ff7849f1800

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=122.0.6261.70 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc70dadc40,0x7ffc70dadc4c,0x7ffc70dadc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2024 --field-trial-handle=2028,i,6381464963888368437,12704105215312055924,262144 --variations-seed-version=20240223-130108.897000 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3236 --field-trial-handle=2028,i,6381464963888368437,12704105215312055924,262144 --variations-seed-version=20240223-130108.897000 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=2028,i,6381464963888368437,12704105215312055924,262144 --variations-seed-version=20240223-130108.897000 /prefetch:1

C:\Program Files\Google\Chrome\Application\122.0.6261.70\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\122.0.6261.70\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4236 --field-trial-handle=2028,i,6381464963888368437,12704105215312055924,262144 --variations-seed-version=20240223-130108.897000 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3044 --field-trial-handle=2028,i,6381464963888368437,12704105215312055924,262144 --variations-seed-version=20240223-130108.897000 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2928 --field-trial-handle=2028,i,6381464963888368437,12704105215312055924,262144 --variations-seed-version=20240223-130108.897000 /prefetch:3

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000148" "Service-0x0-3e7$\Default" "000000000000015C" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4656 --field-trial-handle=2028,i,6381464963888368437,12704105215312055924,262144 --variations-seed-version=20240223-130108.897000 /prefetch:1

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5100 --field-trial-handle=2028,i,6381464963888368437,12704105215312055924,262144 --variations-seed-version=20240223-130108.897000 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5700 --field-trial-handle=2028,i,6381464963888368437,12704105215312055924,262144 --variations-seed-version=20240223-130108.897000 /prefetch:1

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /broker

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateBroker.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleUpdateBroker.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\Windows\system32\compattelrunner.exe

C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW

C:\Users\Admin\Downloads\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567.exe

"C:\Users\Admin\Downloads\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4356 -ip 4356

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 228

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\Users\Admin\Downloads\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567.exe

"C:\Users\Admin\Downloads\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567\1866b28b51045944df18e63c9a5989afe985e30ff1944db6544ca76b32235567.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3912 -ip 3912

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236

C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status on true /updatesubstatus none /scansubstatus none /settingssubstatus none

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe

"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no

C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe

"C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe" --ContextScan "C:\Users\Admin\AppData\Local\Temp\mb_4F75.tmp"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c

C:\Users\Admin\AppData\LocalLow\IGDump\rgahgkmjfliwcqtooxcweqzrwuozrqjz\ig.exe

ig.exe timer 4000 bjqzxfdkjgbodrfgkstdkzvcilhnyalp.ext

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /cr

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource core

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.malwarebytes.com/blog/detections/ransom-lockbit/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffc615746f8,0x7ffc61574708,0x7ffc61574718

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,12261302608368331280,7620402956841666992,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,12261302608368331280,7620402956841666992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,12261302608368331280,7620402956841666992,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12261302608368331280,7620402956841666992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12261302608368331280,7620402956841666992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.malwarebytes.com/blog/detections/pum-optional-disablemrt/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffc615746f8,0x7ffc61574708,0x7ffc61574718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.malwarebytes.com/blog/detections/pum-optional-disablemrt/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xd4,0x110,0x7ffc615746f8,0x7ffc61574708,0x7ffc61574718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,2381477287719006152,14635089666898852607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,2381477287719006152,14635089666898852607,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,8706970660506945370,5286791933289902925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,8706970660506945370,5286791933289902925,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,2381477287719006152,14635089666898852607,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,2381477287719006152,14635089666898852607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,2381477287719006152,14635089666898852607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,2381477287719006152,14635089666898852607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Malwarebytes Scan Report 2024-02-24 224632.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 179.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:80 google.com tcp
GB 216.58.201.110:80 google.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 vihaiha.com udp
US 8.8.8.8:53 177.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 vihaiha.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 vihaiha.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
DE 172.217.16.195:443 beacons.gvt2.com tcp
DE 172.217.16.195:443 beacons.gvt2.com udp
US 8.8.8.8:53 195.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 vihaiha.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 vihaiha.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:80 youtube.com tcp
GB 142.250.187.238:80 youtube.com tcp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 108.177.119.84:443 accounts.google.com udp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.119.177.108.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 rr2---sn-q4fl6n6s.googlevideo.com udp
US 74.125.3.103:443 rr2---sn-q4fl6n6s.googlevideo.com tcp
US 74.125.3.103:443 rr2---sn-q4fl6n6s.googlevideo.com tcp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 74.125.3.103:443 rr2---sn-q4fl6n6s.googlevideo.com tcp
US 74.125.3.103:443 rr2---sn-q4fl6n6s.googlevideo.com tcp
US 74.125.3.103:443 rr2---sn-q4fl6n6s.googlevideo.com tcp
US 8.8.8.8:53 103.3.125.74.in-addr.arpa udp
US 74.125.3.103:443 rr2---sn-q4fl6n6s.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 vihaiha.com udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.178.14:443 consent.google.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.213.14:443 apis.google.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 216.58.213.14:443 apis.google.com tcp
US 8.8.8.8:53 learn.microsoft.com udp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 2.17.6.67:443 learn.microsoft.com tcp
GB 2.17.6.67:443 learn.microsoft.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 mscom.demdex.net udp
US 8.8.8.8:53 microsoftmscompoc.tt.omtrdc.net udp
US 8.8.8.8:53 target.microsoft.com udp
IE 52.214.81.36:443 mscom.demdex.net tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.6.17.2.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 36.81.214.52.in-addr.arpa udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.42.73.28:443 browser.events.data.microsoft.com tcp
US 20.42.73.28:443 browser.events.data.microsoft.com tcp
US 20.42.73.28:443 browser.events.data.microsoft.com tcp
US 20.42.73.28:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.200.35:443 id.google.com tcp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 20.42.73.28:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 download.sysinternals.com udp
US 152.199.19.160:443 download.sysinternals.com tcp
US 152.199.19.160:443 download.sysinternals.com tcp
US 8.8.8.8:53 160.19.199.152.in-addr.arpa udp
GB 142.250.200.35:443 id.google.com udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 mdec.nelreports.net udp
GB 88.221.134.51:443 mdec.nelreports.net tcp
NL 108.177.119.84:443 accounts.google.com udp
NL 108.177.119.84:443 accounts.google.com tcp
US 8.8.8.8:53 51.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 bazaar.abuse.ch udp
US 151.101.2.49:443 bazaar.abuse.ch tcp
US 151.101.2.49:443 bazaar.abuse.ch tcp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 vihaiha.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
NL 108.177.119.84:443 accounts.google.com udp
US 8.8.8.8:53 vihaiha.com udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.3:443 beacons3.gvt2.com tcp
GB 172.217.169.3:443 beacons3.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c38.gcp.gvt2.com udp
AU 35.213.232.93:443 e2c38.gcp.gvt2.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
AU 35.213.232.93:443 e2c38.gcp.gvt2.com tcp
US 8.8.8.8:53 93.232.213.35.in-addr.arpa udp
US 8.8.8.8:53 vihaiha.com udp
US 8.8.8.8:53 vihaiha.com udp
US 8.8.8.8:53 virustotal.com udp
US 216.239.32.21:443 virustotal.com tcp
US 216.239.32.21:443 virustotal.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c43.gcp.gvt2.com udp
NL 35.214.142.18:443 e2c43.gcp.gvt2.com tcp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.67:443 beacons.gvt2.com udp
US 8.8.8.8:53 www.recaptcha.net udp
GB 172.217.169.67:443 beacons.gvt2.com tcp
GB 142.250.187.195:443 www.recaptcha.net tcp
US 8.8.8.8:53 21.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 18.142.214.35.in-addr.arpa udp
US 8.8.8.8:53 46.34.125.74.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 recaptcha.net udp
GB 142.250.200.3:443 recaptcha.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
GB 142.250.200.3:443 recaptcha.net udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 cse.google.com udp
US 8.8.8.8:53 vihaiha.com udp
US 8.8.8.8:53 vihaiha.com udp
US 8.8.8.8:53 vihaiha.com udp
US 8.8.8.8:53 vihaiha.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com udp
US 8.8.8.8:53 tools.google.com udp
US 8.8.8.8:53 s.ytimg.com udp
GB 216.58.204.78:443 tools.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 216.58.204.78:443 tools.google.com udp
US 8.8.8.8:53 vihaiha.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 www.malwarebytes.com udp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 plausible.io udp
US 192.0.76.3:443 stats.wp.com tcp
GB 143.244.38.136:443 plausible.io tcp
GB 96.17.179.205:80 apps.identrust.com tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.18.130.236:443 cdn.cookielaw.org tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 104.18.130.236:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 233.66.0.192.in-addr.arpa udp
US 8.8.8.8:53 137.102.96.34.in-addr.arpa udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 236.130.18.104.in-addr.arpa udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 104.18.130.236:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 genesis.malwarebytes.com udp
US 52.20.69.138:443 genesis.malwarebytes.com tcp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 138.69.20.52.in-addr.arpa udp
US 8.8.8.8:53 pixel.wp.com udp
GB 143.244.38.136:443 plausible.io udp
GB 143.244.38.136:443 plausible.io tcp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 udp
US 192.0.76.3:443 pixel.wp.com udp
US 8.8.8.8:53 api.demandbase.com udp
US 3.162.140.110:443 api.demandbase.com tcp
US 8.8.8.8:53 110.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 www-api.malwarebytes.com udp
US 3.162.140.117:443 www-api.malwarebytes.com tcp
US 3.162.140.117:443 www-api.malwarebytes.com tcp
US 3.162.140.117:443 www-api.malwarebytes.com tcp
US 3.162.140.117:443 www-api.malwarebytes.com tcp
US 8.8.8.8:53 117.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 api2.amplitude.com udp
US 52.42.231.78:443 api2.amplitude.com tcp
US 8.8.8.8:53 78.231.42.52.in-addr.arpa udp
US 8.8.8.8:53 ark.mwbsys.com udp
US 54.87.163.190:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
IE 18.66.171.113:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 190.163.87.54.in-addr.arpa udp
US 8.8.8.8:53 113.171.66.18.in-addr.arpa udp
US 54.87.163.190:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
IE 18.66.171.113:443 cdn.mwbsys.com tcp
US 54.87.163.190:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
IE 18.66.171.108:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 108.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 vihaiha.com udp
US 54.87.163.190:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
IE 18.66.171.108:443 cdn.mwbsys.com tcp
US 54.87.163.190:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
IE 18.66.171.46:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 46.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
NL 108.177.119.84:443 accounts.google.com tcp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 holocron.mwbsys.com udp
US 34.225.249.114:443 holocron.mwbsys.com tcp
US 34.225.249.114:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 114.249.225.34.in-addr.arpa udp
US 8.8.8.8:53 ipv4.am.i.mullvad.net udp
US 34.225.249.114:443 holocron.mwbsys.com tcp
SE 45.83.223.233:443 ipv4.am.i.mullvad.net tcp
US 8.8.8.8:53 233.223.83.45.in-addr.arpa udp
US 8.8.8.8:53 api2.amplitude.com udp
US 35.165.184.231:443 api2.amplitude.com tcp
US 8.8.8.8:53 vihaiha.com udp
US 8.8.8.8:53 231.184.165.35.in-addr.arpa udp
US 44.195.155.226:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 226.155.195.44.in-addr.arpa udp
US 8.8.8.8:53 iris.mwbsys.com udp
US 54.211.52.148:443 iris.mwbsys.com tcp
US 8.8.8.8:53 148.52.211.54.in-addr.arpa udp
US 34.225.249.114:443 holocron.mwbsys.com tcp
US 44.195.155.226:443 holocron.mwbsys.com tcp
US 44.195.155.226:443 holocron.mwbsys.com tcp
US 44.195.155.226:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 crl.comodoca.com udp
US 172.64.149.23:80 crl.comodoca.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 2.17.5.133:80 www.microsoft.com tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 133.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 vihaiha.com udp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 18.232.192.56:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
IE 18.66.171.46:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 56.192.232.18.in-addr.arpa udp
US 8.8.8.8:53 vihaiha.com udp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 hubble.mb-cosmos.com udp
US 3.162.140.28:443 hubble.mb-cosmos.com tcp
US 8.8.8.8:53 28.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 vihaiha.com udp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 52.37.151.61:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 61.151.37.52.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 52.37.151.61:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 8.8.8.8:53 plausible.io udp
GB 143.244.38.136:443 plausible.io tcp
US 192.0.76.3:443 pixel.wp.com tcp
US 8.8.8.8:53 vihaiha.com udp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 8.8.8.8:53 37.242.123.52.in-addr.arpa udp
US 192.0.76.3:443 pixel.wp.com tcp
US 8.8.8.8:53 genesis.malwarebytes.com udp
US 52.20.69.138:443 genesis.malwarebytes.com tcp
US 8.8.8.8:53 plausible.io udp
GB 143.244.38.136:443 plausible.io tcp
GB 143.244.38.136:443 plausible.io udp
US 8.8.8.8:53 vihaiha.com udp
US 8.8.8.8:53 api2.amplitude.com udp
US 34.215.24.18:443 api2.amplitude.com tcp
US 8.8.8.8:53 18.24.215.34.in-addr.arpa udp

Files

memory/4768-0-0x0000000000410000-0x00000000004D4000-memory.dmp

memory/4768-1-0x0000000074D90000-0x0000000075540000-memory.dmp

memory/4768-2-0x0000000004E90000-0x0000000004F2C000-memory.dmp

memory/4768-3-0x0000000005570000-0x0000000005B14000-memory.dmp

memory/4768-4-0x0000000005060000-0x00000000050F2000-memory.dmp

memory/4768-5-0x0000000005240000-0x0000000005250000-memory.dmp

memory/4768-6-0x0000000004F70000-0x0000000004F7A000-memory.dmp

memory/4768-7-0x0000000005250000-0x00000000052A6000-memory.dmp

memory/4768-8-0x0000000004930000-0x0000000004942000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 57058ca9df902e14417a63958cf4d833
SHA1 355f83fc0a3b3b80733067eb6c40bb7ca0ececd1
SHA256 f1d6f338a374fe5548a0a2bd6fb1a944178ef62a9092a171ce1211f287056f23
SHA512 b53a61fce5107cad8b88a2e00e1067f609f1a2962d12f2794ad9cd1acd053bfe55eb7e69ab3e4f2ea34d16da1c2105c3f681e755dd4d424fa4f693fa564bcbee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 39a3a6706cc96529c46845a16ca255b1
SHA1 a95547fad28a818296546d7b43baaad3e4f82963
SHA256 7f55aee7cab1612d1f999e86575918d8dd85d8788eb240e8ba812fb9391ffcbd
SHA512 439bc17e1a5f9c675a93cf8f4ec0e0aee738de632fd8ea500d41d3283797d7e314b284b8120adc8a2b444513944e4d818b4e3382d7f88f2c821924dc776ddf3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1520d38b7fd639cd8aa02d4c52198219
SHA1 8fc7eee072b9398e7a09c29a86a6ea79cbffc21d
SHA256 a3b2c16526e26966ba2a05ebc35ac6650b3bc3b2c39b72ba724ae436998f00cd
SHA512 09dd2008f1263f6cd9989487a4db16f34f0b3245113ea26260774fdbd5d66d0cc6f834ec69d40b6ce1e50e9c4cfedda037024a82107ab563a96f94e27a50175c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 873734b55d4c7d35a177c8318b0caec7
SHA1 469b913b09ea5b55e60098c95120cc9b935ddb28
SHA256 4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d
SHA512 24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 da408cf64839da7f56d48f27ce2dd26b
SHA1 0a8b4d0c5ea72cac1ac58734c5ff60d51ca5eaf9
SHA256 28080cebd0c94453549dad5413998c40b4eef3f4450c032c000a0e785d9a1d71
SHA512 81d400cc55de31b64fd940e03ba5e9cae5cf62107ea360721322e1cd193ee574f3f9b9d78904e8419e42ee89f92f8dcedc40b789b5071bb75f694ce22d387079

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 34ea2c460d8330ffd35ea77b7dfdf8eb
SHA1 316b1f0017aa3b885e9afd146df2fa35d1f169de
SHA256 354745d2e782fa0e14f5a213b596f2518689d7bfbdd198bda063a955ff32f218
SHA512 37524a97133e0e2928c92123f2bd9bbe7aeef079e3a1dfcc7f9ec40400714e0a6d78fcc65494fd96b55efa02fa29943400daa27df23ddaadc3c25c200b5ba441

memory/4768-100-0x0000000074D90000-0x0000000075540000-memory.dmp

memory/4768-103-0x0000000005240000-0x0000000005250000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 5d00963d883a659d10adeed895b95992
SHA1 dbfd44607dfda412c5e41b6c609661a6c4de9147
SHA256 137b0b0624e9f685516a69986b5404853c21ad92b8b787bb11fb002fa62aa6cd
SHA512 31479becc3c6b3cc1ddeaa4ee7dee60a11feeb541c34174db63b5bed84cc978bee0452625c8056cbc120bd4df7c684cbde31a3465b41720db69bec7c29e2000f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a2df77ab37fc83ef558f64583ace34b2
SHA1 a9743708725d367a1fdfc0b7c4361a417c07ee7f
SHA256 7d1ffe9ee4a5829614a5f4cb1a96b3eec51eda78f4cdebff43760eddef704d6b
SHA512 b47a0a808817a03988c12ea8f9639ff2952e6740afda630a9c98396b8302c5dcac690aee248923e61c63f06b88ba2470431b83b76f5a55cf87bcf49670005a59

memory/4768-138-0x00000000079F0000-0x0000000007A5C000-memory.dmp

memory/4768-139-0x0000000006660000-0x0000000006686000-memory.dmp

memory/5968-140-0x0000000000400000-0x00000000004A2000-memory.dmp

memory/5968-143-0x0000000000400000-0x00000000004A2000-memory.dmp

memory/4768-144-0x0000000074D90000-0x0000000075540000-memory.dmp

memory/5968-145-0x0000000000400000-0x00000000004A2000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3054445511-921769590-4013668107-1000\0f5007522459c86e95ffcc62f32308f1_1e5acbad-e520-4a4f-bf78-4ef1d7c5b57a

MD5 d898504a722bff1524134c6ab6a5eaa5
SHA1 e0fdc90c2ca2a0219c99d2758e68c18875a3e11e
SHA256 878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9
SHA512 26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3054445511-921769590-4013668107-1000\0f5007522459c86e95ffcc62f32308f1_1e5acbad-e520-4a4f-bf78-4ef1d7c5b57a

MD5 c07225d4e7d01d31042965f048728a0a
SHA1 69d70b340fd9f44c89adb9a2278df84faa9906b7
SHA256 8c136c7ae08020ad16fd1928e36ad335ddef8b85906d66b712fff049aa57dc9a
SHA512 23d3cea738e1abf561320847c39dadc8b5794d7bd8761b0457956f827a17ad2556118b909a3e6929db79980ccf156a6f58ac823cf88329e62417d2807b34b64b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 133918598c0ecbce44835eb717896fe0
SHA1 6e00712c3052b739f2a86c4ad4106f04056dbf90
SHA256 489dc00ce04202407d00ab91144e6e0b7484dc3de3739ff98f5781574064017c
SHA512 559d850aeabd3222634a9126d5e30518224718b7708bccf1eea2daa8605ab10370773cc841f83c3db785ad117b712e9553f85bd2eb024e0b9be9f6581b9676e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1da06b5526e1e96655d8ef13dc219aae
SHA1 8f5d60617978f2ae64665183f92743a8262bb151
SHA256 c9dae94b520a40c573746133f827c601523adce94a7746037fb4cddfe3621475
SHA512 f50727e1602b0341654b7901e6ad91b63df52355558d00d12d04c67b37979ec602406141d075d9152d1ddb002465720071ae119693571dbdb4ff837f5ad40fa6

memory/5968-238-0x0000000000400000-0x00000000004A2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b1e4b7c84d25a068fe83d91931d63c4e
SHA1 a8314822eb75c6a25577db54949b622443e9a74c
SHA256 6d9494e78bd73b17a015a8e25cc2b80f5be97c8876bf3dffab15158930795893
SHA512 34b7a3f3730dbccc1fbb9e0e54d76cb0f21d87a167a200cc5e354e0ad34d1aca0081bc869f34694ff9361ef8d4f785c3c7be0281e511c532e0be94be4e06395c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f2d0ced5480d05bf_0

MD5 d46775b735c121f8a9861ad49a98987e
SHA1 1de2591a2f8ca11dec9fb345a3d0747e91d71f8d
SHA256 0fe428eddc096e386579a711c7f987cb958b580d8ad33c28db9ae950d05f8fbc
SHA512 6402bd534be74e9cc05ef537bae564de27eeb5d1e33d7c3b43f4998345c438f8b0aff1deac4d802c549e82e59989980c84dd8eae2a14deca9026598d1e361a62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3a171da77d377770_0

MD5 fe3b446c5913b9ff642dedff68b84c8c
SHA1 add7afcbc84a11a9e7e35be26d8b99ebc6483385
SHA256 2e4301eb2b3da3bf307b9546fbb948d0d351202b8ba75526a642d5339254cfc0
SHA512 11999fcc0468d555b0f91b1a7862b444fbbe090078aae8553f99eff73833ebc3df37f497bff6dfd63bfcf2e700cf7ecd547b269dcff7cf34394e7f24fbdacdef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8f67b9db4855bf5c535dfa488a7b1d26
SHA1 3d635515edf369aef2828072bae57526aae3cf6c
SHA256 ce0bb41a72bb5f25c4497253f2cfd6bad48c0fe8f31eb687702f51d3c393bb71
SHA512 2f358523b22ea26a38c2757a4a5e3f78421e1a24f73c31ced0d0cc0fc4cde764d6a4ae49d4e6eea97440f3f4b165ad279b771618bfe26896e4815cd68134817e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 b82ca47ee5d42100e589bdd94e57936e
SHA1 0dad0cd7d0472248b9b409b02122d13bab513b4c
SHA256 d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d
SHA512 58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3da200a7e18b66708d534709897ba8c3
SHA1 531bbe9593d626a0fb6797356e2952e8f29c9798
SHA256 2ae24320d5a183261c04f128dfbc50f19514fdc39b4a6eb9073f9ce04980af42
SHA512 f045e2aae11c5060e374e0fd7fa90de614597272806f68fafee0c30a2e2bdd78cd9b30b527737fbc67b8e9a6e8c4051d98468e008f4d5b5603e56a1337c41504

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1b8d628a2f1810af9d514529da0fbfb7
SHA1 cbf45ef0725a68989aa03f62481eba2412a9adaa
SHA256 06b6f79885026e81f607f3e5e751d51b6c88ef7eed4ab13d23f62036e96ae3e3
SHA512 e9cbbc2fcfa7283550bc85b07a953f6807b7149608d3befcf341a161fdb254753bab8b6fa6c69d3adac5c7ec4925e7c027e13c47ccecbe364f0311e5ef7e3c1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9fd8e8e24885042fbadd230c8a2c5fa3
SHA1 3e8b0c53233eaaa6c67c6c4150c3644fe6c3e898
SHA256 2ce399e706ba9a05f1b405214312f23814e3dad0a62aa40afc2dc6bedb591ce6
SHA512 aa36715eb1ff63ae3198e62501a8c0d79fd8e60aae2defa4480db2432e09a9a40b95ee0ba040d48da60f06251a6ea1a8ea60d95e68d02dd47ce7eb432d86cc41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 de0066ab8f401ffca437774a13f1ae1a
SHA1 6c488240ddeded99e1b51ce0d486d341d15d6784
SHA256 aa5262e3decb9eff19cef5ba957f496aa48371c8f571081291df903a30b92eea
SHA512 0ef12541cc76495c5cb05b3b18be792f822e862a6f239fb5a1a35404f3867ad5999fc31e507d3da654c066bc60a43f420ea783ce6684a116d127097e0ecce117

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\530692ddc3791462_0

MD5 829715cc0acd5e28ded39247f2ddcbab
SHA1 e91db1b639e59f763f4642bc591440ed45f79a64
SHA256 b593f7adcff280f53dc08606874bcc7305d03f1505973650edb925eadcb32672
SHA512 85276c0b2a202c84b22d396dd219b6107018857db9e556e3f47ed45a2f627c1b299d1d7b2686cb840ae982683263594a0024e1b90e4ded42bba32d0081271fe6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8869765962a93d50_0

MD5 4106b5609bd48d0febabb747ceb35d52
SHA1 712749658c03dd91f9efc9f786c7a423c02f368a
SHA256 8a3fc2abfc1cced40c34abfe66bc20f44298f7d779b0855f14d522d4a2fdd213
SHA512 4f3f28d081bb681f9fa17d6153a57780b7d2b818fc152c4a18d8021e40308eb2f292726a576f82a90bd7b457354fab1b056cf4164eb4a15c4bc8a877df7d879e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d99e7b00240e4c1f49a6c1b85abe8957
SHA1 42950db7c3f64618253d79a200be3c6d6866c594
SHA256 076a5f653ca7b42e435c390af2e483e9d097242f00a2c4bcbd6494f779ddfa4a
SHA512 2666caae1dc51b90458cd67854996dba28d41ebba484f55f5536fb30764797683727c2b702b6019da21418cb9569064179cd2669de474bcac1913d4b4e5f0e65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 55d8ee5084c1f1c059019d4a2218a188
SHA1 823b5c46b8c0217752d737c214eda11d6b27d213
SHA256 1289bbebd76cfcad77920580954be1c69d93baab76a3d9c8f115a005969abd15
SHA512 d6398bd180103cca55aa647fa2adf204a1792067a0f2402bfeaa2c5b681300fff93cbe48c3cf8790365b7995271adc853af3d5efae3c0993ffc1a62e3026a9f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 68da4a1e1873b42b11b5f9ca9be80239
SHA1 ed627b824b4433404e9c237de3099cbbb19aea1f
SHA256 15497a84e998b374791385f0884a34ebce94a198c4c7181845a29a8324da7a87
SHA512 237c77530ab1869cfd60eb7cab4abfa41598aaec908cdb4c5aa04e617e4cf25ae291ec3d2b46c5ed16fb0a7a143bdffd65e9f764c7dc70a716d5e249a3b083d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e0d3cb7bee9a52c18deac9f5bfe3fa7e
SHA1 fcb7bc44ad95e5551dde537aee0385e8c27b2f29
SHA256 7a0db9a685703ee3def8be3c1bf5933a00e201c2fdb6deba1b594851d9caf352
SHA512 2137a413721de97c4fc70e43c3718b21f559bceb8058e6b99879bef52758241c45a47f6e2cec571583d1be19e1a10bf830b0fb322fe725d8cd993d2c52aa29f3

memory/1640-508-0x0000021E5B0C0000-0x0000021E5B0E2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1osmmrhe.xxn.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1640-518-0x00007FFC6D1A0000-0x00007FFC6DC61000-memory.dmp

memory/1640-519-0x0000021E5B150000-0x0000021E5B160000-memory.dmp

memory/1640-520-0x0000021E5B150000-0x0000021E5B160000-memory.dmp

memory/1640-521-0x0000021E5C270000-0x0000021E5C2B4000-memory.dmp

memory/1640-522-0x0000021E5C340000-0x0000021E5C3B6000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 922758cf284331892f50c7ae28d1d64e
SHA1 ee20a5fea3b042a56d10e422318852b27ff76430
SHA256 fff7804938713528a8d77502dcd6814e7cc65ec405080ca651ff1667f0d7dc65
SHA512 2e3d1fde3eeffa1050a6b25e4b451935177598a1b244838fc65ffd051015c3b5d019ea8b4946b43bbda32c318e4ff52064ca14525cbe5d648b568bb1380c4958

memory/1640-533-0x00007FFC6D1A0000-0x00007FFC6DC61000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2cd27d53-cd8d-4f77-a0f7-ce6c7bea0fc2.tmp

MD5 e92daeca658924cdeeb2c9ca078c4a8f
SHA1 da4e027af605c4bef94f028a35e32f23b4d4bd85
SHA256 ca74d2e6021a1a9c2168e3ba15b728514217c36f53bd27127a87dfa48a6c496a
SHA512 436b35933872bb7426578e84092dd81d5e12d0faef34833f5298ae9fadeefa4fd5ed829065945467e92e4068f1ffee86d5afadbfb5f8ff88d86b1d3bf9c54457

memory/1640-543-0x0000021E5B150000-0x0000021E5B160000-memory.dmp

memory/1640-544-0x0000021E5B150000-0x0000021E5B160000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 23962315e31548d447d2c15b559040a9
SHA1 564409a7d5b985bb99a5e73086414cf076c235ac
SHA256 57172679841de06c93157cc29669296ede3f460d895e8adea47959a84e87c2e4
SHA512 07a35d978b384250bc3778fb0757613e1e12fc4bf6dcf46798f0ea69683c0a7a44694a7e4afba7850e35cd286daab731aedbc05dd0734f0075afba6320f717ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 34270b1fa9c9eba6360335b35f3540ac
SHA1 2d23e071b590f25898c423c8567c143f70d57699
SHA256 fbd3655260efdcbb71a0d6574620d1f076a9dd1f3c976834b9bcb4ed93497b14
SHA512 ddbedddcec0cb53e270b4cd62f5cb0e37e8568df1806550312da9cfaeab555d13dd852c89953f5aeb9b1beeb53c3b3b46279b8b76a95d039888f6ba38e5fbc2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1ec878c027066afc1025a278b270ad3a
SHA1 39e647b602d8738214c97a8168e0704d33dafaa0
SHA256 95e519b212f0cd16fabfb3abb8129227fbebcfebb74a3c1d9cfa8be724eb4b6e
SHA512 d9bd7fb462bac89e4409bb2ac665f2de43dca188395652a16d35291e08f50e0908b356d906c1df05e35f8d9072464d30f221f063e81d3f41790f13b21089c5ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f95029ac828e6fcb9311c5a0b3a5e699
SHA1 8f97143de9163c54ba05329e0252f2a915de74a8
SHA256 0905604a282e7f72fda2fe1ae284176c803c703bb7a93182cc921d962df1141a
SHA512 b0af689c95b682734e803aca633a8cc020dfd2d20e158dbd955fb94e61e02c061cd2dceb044b2e8cb5b5b9fa1f337bc2ab0e3a17ebf953ea5571cb7be6dea893

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 ec0fd98073c959cecd0847f13a81c127
SHA1 789511805e15ebac9c9588082e0ba73909b0ad84
SHA256 b5c0b58b174f73edd4f00692322f34bccb1359b56bc0584cb3e8789e4862f30a
SHA512 3b112150fb059e745948485d801fe074766c4ca22fe5e5a95c5def5e0fee665c146ebd6ec538271337749a063125cf8bda4dc443fed97a740935093d8e78340c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

MD5 d9a49a7d6d5ca840cf0f0e937007e278
SHA1 90197e483cc1bf8970cb6012997b1968f43d8e78
SHA256 183acf4a52e283da352ac2e3d51d43dbdd1534325f4585b6763a4ef38151b876
SHA512 142acbf150500db5f703b3e56c42895cb4374927f6e26adb02f090cf18e9797b8f4e34b7e621de6daf03093cc0a7df73cb4328525ac7a1a4f36e2b61dfde0642

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 fe61e89dc81fa10f20d383a9c7474f53
SHA1 c394f0f15ee7211bffc3985841f6c24156a8fea7
SHA256 74797f95311967ae28bcedd13b8ec4fd34f37adc7e3d6726974ab3e797b2690a
SHA512 aff87d74fea2273f6ff0229162f08b49a6093d356d900dce1844db323749ddacdd86034b0d1d1e2362f98c9954e18674faa135b29d21e8afe81c949173a7f39e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 28949cbc76bff7c09b02227387ce714c
SHA1 f8fdf561b3df245355465bac161ebf3f80edaa24
SHA256 4e500ad5754eb33ba487a72fdf7945e40bfaa383d1bec25c9c67095de121e514
SHA512 c36087062e921223dfc2fcf312b433d2cefc68b24f1c021ce98803f95bf7292a05818047d712ec95477ba3c3315a89ddbae7638f1a068f9fe5f251430e1f16f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 646fd7919b912fb7552eba337f034e9c
SHA1 e41c8bec30f7a8bddb90d8bf537ec4664f5ee67a
SHA256 e5f54ff4fdc0eac3e9593eeeb51d122526dfe85ec21c9c857f0058644a92c1e3
SHA512 b1b29fdda9468059aedb6089f975189dfc2c8470a1255b62f0ccfde3f550230d6aee086f2af0cdb80a6ee2b34a9122fd3e701a0183df7ec9236a571eca955d78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 fa3f81d3942cf6309f6d95fe9b3b265e
SHA1 b975aac6279f897b05c8c16ab72c086e2bf9a097
SHA256 02fc111b8671dba2b48404cb14557f5eec4736ab5bd8752c54a5e3e1d4a5a80f
SHA512 2bd12a4203006096d0ca2ef605e498a98798720fae3c67337e85e89b43a90020bd139acf6b4ea63fc98a4d8e4beecddf7185667e5173d50e24956aa41827d1f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 26777034a037745de8eb5791431c2ea6
SHA1 650031c7fbedf541c7d0f0708865e862a268d3b5
SHA256 ce16a8d4e495c1c7880af18a87c7983e053ce45e285c648061c2210b19b5aa6b
SHA512 f42ca640014af327398d32ffefe71b20817c8c37d613fd35eec509d5cb77f529ffdabb09d9fddb7e2a121f489e7625ca09fc64415ecf044e91745a99696baeff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 5ce369a62f1dd9ce3daff8b1bdbbb458
SHA1 77965cd266fbfadaf7e94c1d4df85a164c221ec7
SHA256 1e6eac2065b3d81b93a5291105248c409683b852997bbab65a370e30dae081db
SHA512 2c53f5c6c4a917e016c7dbd9045fb7a07f9886d3fcc5ba6587a3521283897171c723feff764f6bca221da3b9ccc4c26e945250ea335703df88af509776a12072

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 8a16bb995cf940ea35a4c2014ed1946c
SHA1 8dd1bb3d92c6deb51aae17ec6ad3108002296ec4
SHA256 0614330db08e94810da73e2de2882ef9061f25589ec9c93b54ee77cb64268bb1
SHA512 eb342260c322d605b9045ad49da064160b1d217b7ad87207a4c0e9c127ff2c311ec941408cd56cb5aa4be8d438f3bd043f57a6dfb2d8140a34778a4c709a06a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 8b59e086bd011f4757dbae985bd345b4
SHA1 98d0b72330ac7ca8366343a1b68165615b153968
SHA256 4f7077a217a8e44ee0e98dc2b34dc94e5d1d4778ba42d864fe7afc0f8a44d96f
SHA512 3c591338c8dc9f70ec439f62252be76930a01dd93e4dceaeda098e52f3d248e98073c0fab3f7201432f441ad0a78b0bc3d8ba68bc5d6f13d2dd4ab49e8bfa085

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 50b846f5ffc8bcf7398bb000279a18cf
SHA1 ba6b35425dc3ffebb4f4d032935e0c465519a0cf
SHA256 dd23fca8ff8c37f3f12aee11860269bc9cd7b2bf8fa7a04fa30969f55b3a9671
SHA512 0a4933f5b60516290e7ee71517e9fda6a6427cf8bcabe0c86359660a01fbd4147d7131175ca9dca08cb778c98f5b3be0c6191be53e25a7bf504c5f4eac259e2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 67f708b47eacf2c44028f1e32262e4bf
SHA1 9f0026916360f06f78e196178b19a69888f03adb
SHA256 6c4f6aa514bc0a8ad026350a34343c11a2659ba68258422941c022de7059cd11
SHA512 ce0005eeb400f34c89648f8061254cf1e9c011aea2d60e20cb408da556c6c6b0e7de31984d167b402497777df31003248ce5ae9d776f7cdd95578eda2f7204b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

MD5 8e79237766ccfc0abf64a7da48f58dbb
SHA1 08678bb70fcea0853473e7c03d062dfb651022fb
SHA256 555da8972855aa57f6c2cfc62a14cd0364e5c021dfed3ecc086c5a6bc431553e
SHA512 54d2515c8f0b5b290646f5132f545e63f1b5ecb7795e71e5aed1e74f3cdc64c95dbb72ff3fdc4536ab097c617c507556c0629d597e66fbaf88ac791d2f141d50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 c7e523af1d90dbb957a7435f0c097ff7
SHA1 7ff513e577e5c4a5ae03f8e7cb6881721bb9259f
SHA256 99c9813fc4ce563c3c9ff6561b0f9489080b598298254aa40cfed8ea14b07d7d
SHA512 082a9f3b457cdace68424fc7b9ff6a3bf5c5b168c02fbe3c8eb2f5e4535d2fd03232cba8fad779b07546bff228b01fd800177fb7cdc0f3490f91d4faa90daa6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 0b4beed0169ea4bd1232f20696bad94e
SHA1 91bcae764979cbdeb40171ec7b1f93cf0786b4a0
SHA256 2862a62a4026f0b721df30c9e8b07adac6a27822d142cfd72d0bb89444953786
SHA512 c66917d0d339fcaa9232d44a8b4eaf567586f2904e090b7269c010b59293bae673b7580576e61b827c9000c2b56d2b5c01b572af92ca8dc9444b6fc05e4380e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 238821d8c588f938cee384af8d562fdc
SHA1 c1f921b251d3216e29669ec54e8cb9afeed1a586
SHA256 41a1196b355b3fd9aa4ce5000e6ebaba7e8357a96351f57aa7892e37a1d78257
SHA512 8df07123789a735eaa89a7020fb59cadd0cae5d5f39d0b228642e54459e0fe01c47bb4103b521beb1056341ac7747b61e19adb7c4ff6e50a7e10dc3c004fa085

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 f015a1a62e56829e42226c5aef1a408f
SHA1 6a78333bae46564466ba2780cc931521ee320405
SHA256 af8f8c5c3c51f602ec6a7b253660a617566985cd81eb36f8730a277c20390313
SHA512 c197a7c4ea97ac3ae941a691223fc57faf28fb6ae25314631a0f07bbf7110990d3b5fdc8cb045c7af2fd5c55f52db5dac13a51a37bb58f3316b0bc5d8adc01eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 f1e730cb98a00d81179755533fb13131
SHA1 cdb3c3fa9d73e82552dbb96bc8e13eec274517ac
SHA256 4eb9a9c18e4c448f68942cf567d9ae359fb5087378e55d940d3ed13e030175ba
SHA512 d97b7f19b6d344ec94d374def711f8c618a4f6ee0840a313ce13b1207d913d4e898672f8df95397929ab1474370bef69eb8c576600c27431be4aae66fb93ac44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 75c9990f02d2d39918e4d8f978590d5c
SHA1 a54aecb2cdc803611993cbccc128a225b50f320e
SHA256 5a163e836250455490b120659659aa0bf937464eeedf5a82fb15fc91f7004505
SHA512 9444b2a55bcacfdff35647298417b89488b980825cb9f8e65ce475ab8f5e48d4041d80280694c64bb7826a876e27a26d6674983eda26552896a8a3fff41049d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 7af009b3214d2678154119e9b65acfe7
SHA1 77b1aa8fdc5c7f5e2f363899b8ea5fa16df30e61
SHA256 e56327c56a21e02c430c2133699ec803f4ec89b069c2ec4a43930f28d09b9857
SHA512 4319011f94f393dcbfe045ca166e63b319ea79aed46a9e3a9002bf7c194da7e058dddee6555f5b1c9e1246c6d62dce3e369e0cd0869180447a4f1ef32d98095f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 22b34e67f3195de2e174891d9fd7e77e
SHA1 29cabcb12e0c60e73da73365a97a2540fc1eee37
SHA256 178e79402721fbf65ab1b6d00c911c383f3d8d5d36ce61f5115604458f1bf93b
SHA512 79dcdc200fbe13ce9a04c0af857201f57f88e358211dfe7b9b8e9c2532334579fcf3e80ff4e30e63d1dad4348e2cc8fecff13e466ec71b58e24c6199afca7b3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 f2335876b7093054b2b5675dc8e9c58f
SHA1 22bd5dea991c16234fbcd71d9075a43223044ae4
SHA256 e5fb5fc5938c1218fe75ad1c6ad54f433c293058e158ac6c5e5b5ff3cfcfff1a
SHA512 18fe9fe3e66fb5f8c8b62a7fed0327ded13cf9952ccb4c2e1e53662956f369d401335c082af69ddaa65f62b81b471c3721917357449ed7aecd44c6b8fd071c3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 04cbb7e03498766bdfc294bf49f1ece9
SHA1 17719610f4cc105e36093d8ac46a75b972a5bafa
SHA256 004f5ae889a0275be15e337db2f65cadd68a06adc2c79d10da3453db5570bb90
SHA512 2272022965fdedf397cb2824743f18e3bedb3d751c470b6a31ccdebc541dba030b53855779c4c95b84a5dc2c95c2621cf3699993a16cec258d4683cc91924094

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

MD5 38bfa5036e1c7d4716c49ee6c8dd9729
SHA1 3d80c66844eeb01c5a6977212490e7d2a1916efd
SHA256 252ff0018bf4cc1a31c46bc48a639825d9377b4806ecbe58a551ecaaa45998d8
SHA512 45bf09a2b6fe2e404858c9de6668f16167329a81c3fe62e40809c0b6a44fafa7d2ed324f058d6dea159641fb6c861bcce72dd5b0f65e62bbcc6c2a40f1986358

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 0d0f533f6c28da141df48f0dc8fc152b
SHA1 33605cb71dd25000b3a8cdf6c9879ab635358651
SHA256 c6512ae3cbc580e063b6f9aed33520deb7b2f3240dc852570898cb6062f9655b
SHA512 dd912141d2310de4aa8e7a4fc01373373995a562a4ddfba31a7b6eb07da4a10e5e21f26d12d0af2bc35e59b4f85dcd8bc30a5a500d16ca5ade97212fe7040779

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 c6f98c525c5015c5f2658ff630eb2f8c
SHA1 37d91a1cd659aa05b18caa6e206dc48b9217dadf
SHA256 5ba6a6c827e4ea7c218e291b14f15cab2c09d1af42ac77cd53446aca7be86b96
SHA512 ea3bd20409791f8f2e8676197f7e88986fd5fa7e91bf1998547f5f95fc46f39bd5860d7c0c52b6540e7d5e14b0cdd757359dd643897d70ea3936ace2c058ebf2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 2f925b9774af8f3fc5d404b3760a30bb
SHA1 eab2aafcf451c28da8cd179b3000b593180ae6e8
SHA256 dab43f4d80c757d3167f3239b642df8b6750bcf918e2356a13573e85e78e4e8e
SHA512 170e1f936564dbcc0dd593f8943b6ca6fd812d39764f82e9fba9eb9cec3bf7940d37d83ace270da8372268c75ead4449949ea679b814b2ffb088b4825588b14d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 3ff720b1f06cf1a43ccc9fe21e69ffc6
SHA1 d62f85683e6a4b6148aabde3203cbf47a1087b90
SHA256 2e0de8194d480943563d8df3116543ad68d533739fc38b6b10584a93116b7d0e
SHA512 15874dfbdbe7381de5e6bf9645a76d5e00a89d1959bded6b92daf7299ff401bec211541e92dea32f836d3dc6ced2301f13711024bb12a149927728892fb352f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 16d68490ce22c135a362b0a650321fef
SHA1 f045f96669922d4edec6a1ec954ae2a670d3ed43
SHA256 c444614735c72a3fceda940f33f37c913e61215943067dcffbb36b661b43e019
SHA512 1812e1b219cfecd440f748dc4529ebe4b0cb7b1c04de706917febe44d02dcbafb7e7413b0adf84e31cbb602844e8e40abf6a7ed4568b4f12803c7214fbb763d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 374c46862494ba06e74f12e422473986
SHA1 43c800783ee2bbe8a1f326914f22c6dfe92aaf7f
SHA256 189b2756f55818c647f39637b5bb8d6689c3c612cd6371e04bdbe3cc85e65f4b
SHA512 646e97aefd84569d2b64a88d88007a47a3be1c6a89ac753d6fca118775267688894a9a7ab584901a505483aae58b403805c375d839df07b3b1da5a07b84dfda9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 a1cc61cee2a4e6c24f3fcb6aa6c42395
SHA1 7d658fd701b34692ce25d3f485c58a1f2c5c8075
SHA256 1cd81501bbd3a6f87ea052d5b3a299cedf4e48f29e2c33231569ea19e407c79f
SHA512 fc47820684b99de5a7e15f709c41e026b709985ea63b0179abb80b05ee50322097c65f8252b34c8c3a4716dc9a2c3fcf7d15e6ad8a2617bb2ac5bb999b4ff8f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 b8ca7ceced833335d2b9d8590ed77e1e
SHA1 ea13819bed6cce8c29a0956ac31f8b90c0554724
SHA256 655a3a12e05e5ea24c4059cf325118fce9f7d3e40643dfe4ddeb5d14e67191a9
SHA512 1438becd9837c14f2c99e18b5ef2d0f516643491829b3f20314fb482b4e092a5a5fe204ea7cfaa10b9b0cbf8d4676c0913edce3346ceacfda86c8bcad8cf33a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 e75585175bdda0c98a3a9209ca1300e0
SHA1 e038a2d27226b95f06bfa01c3aff8a5661ec0a18
SHA256 b3b3a40850cda7620ed51a6abe6c94144e285e253826c9ebce53b47e4b4e2f68
SHA512 0c8d377daa4ee5dfd79b0f85fea5240d6faf27efa4a2fb57799d0d0fcfd5becec48bc625e0755e9bf13fef081915fcecea3cdf3cd2ccf1d4908c934156251559

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 41ee7b91cfc7da87409db11bfd902f78
SHA1 f2731efb91df1109058cfec7c1e9a604424b5c53
SHA256 43e4e8d9b357ee6a1acd9cddbe1d73ff56c31201bed01fd3889da5defc89b167
SHA512 6c25660d1c8bb50080db14f139d15f4df3f86a505274b7b3d79a934e75f1df5e0c7e1e24a0edc90a085e21ce523b2c71654950b05315055e6cbc5d2b69e11aa0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 022b87235ab61d9053781ff0ccfc339b
SHA1 ca6311df58297bcd091f4198f4837da3c0ea3b9f
SHA256 a174a21524b305794cbfe851be955676a4f7862fe80deeb12a6d253945c78368
SHA512 4500d1183b192a957950e477e0669efa9b9cad92e3fd1c0f1977f1a5c21a7b6643dc032c6c838d462a3f6ccb1b3569e5b2d6e94cfa38a83e292877ac66d90920

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

MD5 43d7a91c2605f0ab70ddf7cbb1bf3c28
SHA1 44c8e013d2fcecba63bcce8dfba467604791a1a6
SHA256 e6a3de224a8b7eef0b343ffd3b8ebdf1560071f3e86e1d902f82c4dea96e5ab9
SHA512 22ca96c15e9df86db4587556c3ba2e3cf17ca84422e8c5a97e77ae721b7b1ee25a65f16f10b254a7692a7a05edf6b7ce104c53afd96e87c6fd689e8d70eed523

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 2e52d9a020f687feb670b2796c48b85a
SHA1 cc9aa6afde059f4ed426a5a5f25c0d00de711a2f
SHA256 e185baa585b42d19a55696b443aaf42dfd7c8f3c8bb8eaa865a9ec312cde5c8b
SHA512 89ebd5635dac94f68fb79aee0106629db72c2bdf80c85d58e709d9bedcef200cf56c8e9733d5968371b74e74b20aeef651a2d67ecef380744703cbeb6cb8f11a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 7243006a0f8a5e2eb061ec4b259fdf10
SHA1 5c33cf16a198393b5a98a177ff689dcf9825bba8
SHA256 5d09ea1ad0f445afc9d10c04bd9b40da1ea1b904ae1ce1dea460cf97e449635c
SHA512 b850b020b493e9efaea82063c416aa1c4f32f87078b2b29c40d270c3e5e7845771117c71b0aceaa0a58af16641500effc631fb2c3387044fe11360fc2f185401

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 c934f06978d4fae47ea2f666459e4bbf
SHA1 94a3ddf129f5feade56348e3ee82edd775a335f0
SHA256 568bb64483ae0034a5ab67357717817fd02b46f7818aa5a440ba333187358052
SHA512 2d05429b8a3e9f652cf75829cdfc743b8bb5e5636b6465d27e1309d9fd2073d4c3e7c50d99ae48e74e9ad2680a77c8a4ebf1f2e7bc16b3f613c1d292bb45475f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 8668887e65c7a2b2e28db0bfbfdb55fb
SHA1 9294b6db0647918968a497539ef3fbebfddd3876
SHA256 9f08b1f6b8bfde8cf0df205a1daa557c1294d72eeaa222c7eec958a6bdea6b8d
SHA512 3cb8e4072d23ee0b5b7df7ed6a2c48654f181dedc4a3f8b4512620174cfc747b62d59f327fd4a6a0b8f79f73fd14ce60098114f92d312112bd1c73fba9bdc5c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 1d00dc23778ebe111a83b3c2c7aac3e2
SHA1 9fc5b5017bbe940646b806e9d90a8aa668808b06
SHA256 f622ecf89982044de25a5e26245fd100826a5341e810a43e8f8665bc495e21fc
SHA512 924bc9cac2cf9cc3a2206359f7fba15925afb585c3b6b4de6b7d342a7d920c34d16ae3852d9182670b858101b63e117ac4822f57b3ad94d7fcbdde78eb79b7ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 721d4fab16735f426106a39a7f0a947c
SHA1 1c055b0210924e28a50493c406b766c70baedd2a
SHA256 72f4398ffcbe931ee525b6c4135de1a9b4b2ef8830beaac754ea1df931794f8a
SHA512 b8c9915b5a9d30cf173615083bb6db69ff44c9d4a84b9bf9034057a32b13088da823620e5e951d945f05546b27df20058434dc33a76f0188a10bb040d787e2a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4ae5e50e282e16d4a619605949cd307f
SHA1 d9832755923a757b07a95cd1e07b9ee7350eaac5
SHA256 57f156f62fba3a21cc4e95173fcf2e77bfc3f568135d6e64e60a6ec5e7b1082e
SHA512 ff14e4cc542435eefff048c6c7240d0300eee3447c514e20fa88db0cbb9fd85ed4ef47a6117e414bcdf6b1fb233f0bf204dc257468536d0f3614673438ad32e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5c8276.TMP

MD5 f599761036d4f908583d75b2322512de
SHA1 d3e77446c35754b7f1d855617b1254bbbf7a55f1
SHA256 e56bf1c444aa7e42cba63ee1dc0d295e5c07388bcc2b0387142551f74f2e50dd
SHA512 8fb039f953c42b42ff187ea153501d015477d316dad70056c1bfd5271b3b3d7b83d00d2b234b0eb4c3a5992a7064259627c95a8ec153288af28c17deaa14d86f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3716_422607782\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3716_1974461822\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3716_1974461822\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 070ecf6c99d8bd71587aad20ecb6da6d
SHA1 17ff757e85c6119824e1cd61ba180c5ee072a818
SHA256 bbcde32354711eadd10fa78501ababd50743a5b36770162861c1b2cdebf3d572
SHA512 870716b76ae61c4aa08f9ba4f7ed8294bad263775a3ddbb614edc34ea2fa0596541f9b3a8a88773af27d63d745131e80eb0b872d5b4f92ea959cf8f0bec1184a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 595db7b03a4e265ce5629d9aa80c6d11
SHA1 48a684a298730dd319e57e52ca57c08a7dec82ef
SHA256 e649efeb2c19910795e0c6060d4becfa97da2b2c0fdcd00be4288914a35171c5
SHA512 d15c3849a0a5397ccdc2dc0a5aeb9ff3f72a441faf33b7d97e22ec920bbcb7f3851c2f2ab5a1b9e54c8af5620beca72cbbb3813368c5ee939ea27875fdc1551b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0a3844c3d5b16ba44dbf25a2bf0f307c
SHA1 9f485f00c060675fa2d09e7e325c748065418547
SHA256 1a526186eaec978460f4fdea438a31bd14f729905ba2b70b0e059969502e175b
SHA512 57da49b93a8336a69ab97cf3a5be78c479e1384c8e5639633e38494ac766db2b0ea0bc6983121ee1ec2a7b7225f5b08d74a8083a34d55217ab5531301d9d4cfd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2f7cda65-57e9-4670-ab1d-027a33269e44\index-dir\the-real-index~RFe5c9032.TMP

MD5 40c43940fc05ab563b48d9d597705b98
SHA1 7170af20d61a441b8db5494c21b51d8be46df4ec
SHA256 fa8c484786a0fab87191f4f555d1e8d0c4b54b3a075770dd0fed3d30b3cbfc14
SHA512 d3061b803de57788f5683bec6b2d68604b66acf6e1b5662c66531b987e92f4818132b0dd737e24ceaa1a6efa24992348f9727edef26698b9d389ce6c3f5b0acc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2f7cda65-57e9-4670-ab1d-027a33269e44\index-dir\the-real-index

MD5 99cadf8b27b1cf69d888be69ad7fe58c
SHA1 0535ec92ea8b54e51e754a3e9303006021bbb3af
SHA256 68b318862e7a8aac935dc3b74212cdd26f7adcedb2f58bf72bd9d196e6d02341
SHA512 1f59bd60a6cfa2ad5a9a0d2be11cc76bc98baaee8bb1098bdf14eb744646e14514bec0e9129b40d9905d05bac6aa12c2f5010ad34d1c58d7925e8360a37112a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 fc4e59ad24c290a69851d59bd2172846
SHA1 551ad89fad15d6deae87d1c49f3256d2c2f583a8
SHA256 01b13cbd1839510699d0d3d8a017d3546d109e8b9cb8d37eab7b3442627e8fb5
SHA512 6fb99ca6c392e810f8ed122033eac065936486a220166afe7b3741596c00ba33daa88da1f1584f88eb0cdb8e6ff538a00b418d3b77b8575ea80a9f0db594cb4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 32c1aa14a3d11a93f871f008ac506707
SHA1 0b6119194782cbf717bf49c27868ea50160e3123
SHA256 97d5f47ea7044960d78711430ef0389a000430766c3b64cf9b2ae3142e34e39d
SHA512 77ec360cc5ca1b981e33d2ddaf5f54ac3b541b443226554f9058bf77909840e761cb34b5d8394ac58fa7f50312fa809f5c7ee36f75ad2b799034a61b3fa1e7c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d6a068251970d0d535e36ba65b45b357
SHA1 372433473dea2e60e069bd62648de924a0476987
SHA256 643281228173cb0c30ddc515252be3603c639a5043f71d94057ee6c2d66c4ed2
SHA512 27c2a426b6c271777d28c7719b2c15ecc400e267c871f5f1efea3317b5b25c09f9f6c1f537b975a68511ae68d1602ef883f6646fa3b6e08f63bc7607d7a55c15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 6083517c3855c1f2b011310c13dbb4f5
SHA1 541ff95984c452382459d9b59c866b1e6a965377
SHA256 e3e03be7c8a68d13b4720c9312b79ab6ab0997ae786b78a989ddeaccc26aa807
SHA512 8fd53b2df238aca953395a31db55c932864b58e5ba996e585874f6c1e189f2adccff32119165d52b02d60798b8b396aaf9e4346e11492a2515481f6939a71748

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5cde03.TMP

MD5 7258223a77378e66dedcc3d8257df3a5
SHA1 a360d9d1a036905a732cc9d1747a7e1ff41d3ba5
SHA256 4f9af29d28aba1a985123c6703b5aaac114db265e5afc53944306a5174e36e3f
SHA512 1426d4176225ec9232869d90ef63d5e2c948fd86d15b5413bb2563070e48a63d90bda84873e8689e1727fa3790b6f5e22f38d02b51b543a4ec3d891ad9dc06b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ee5ebfaf8137f37d048d245e6d8b75b9
SHA1 22e723ba789db006fbb9472a0ed26dcb092422d4
SHA256 2ad3057eb983dcd7db2a9fbdc8814438fe36716c45200dd8f9887a7567010721
SHA512 9169bf455277aafc94c8120068b06bb15a051213c94a673928dec02f39278a185d9600e2ec7a8aaf6ed4b76a95c0f41b7d9e0f865ccfce269deebc24ef1b1fde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 85e1b75ff52e46e06fa595f51c8ad9ec
SHA1 a36e3fb8bdd9b5969ca302d381508ba74c088ae4
SHA256 0368ec5329a927f726e6127758831bfc04ed3919f4534f47fdc1ef9e72715cae
SHA512 fd98af1524ebb5f508b51714a4b93d23df185b6939ed51e9978797f9d8d15c097d28a80de867c077c8067deab4f2d933f79877305578f4ee7de0068fc44c557a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 da0f54eb28044f99e4a341bae6f2b1fd
SHA1 15b325b9e62d4cfdd868052865347ee8f4656e42
SHA256 094e1c29f1e053e3acc77431ceb5ce8a278221cb899be61d442d4804d399f54f
SHA512 dfbe54482f858312c8874cb9079f8bef5008d35c5dc10021a25fa46e424994c5185aa266a946c958f8b97fc0c0c4f89303ec382dea780eb889e37cb58db1b1c8

C:\Users\Admin\Downloads\Sysmon.zip.crdownload

MD5 f09c39c6c5a576bf7c3563d11eb432e5
SHA1 4fd37ede5f4be73d877845195734d2eb2cfa7215
SHA256 d01ba7d08498361562fc1f3026d30afefde7efcf66089c0d6e1d2305fba6d939
SHA512 254f124d3d9f2057bd99376e228b5e3f032f6c142acb5729608795c194edd0495fd3682f95f5e997346e79c95716aa92e7dfeb1f05bc8a813c78da2579279880

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8afa1b5aad0439b4e7b11f107a62077e
SHA1 ac45deccddfef139b7217c86ba48a03e69725530
SHA256 749dd348d7beb2a46fc6f8ff4ce8f5d5a9f3ece505425969e210b728e30d67cf
SHA512 d3003cce4df5c307300ede4a0a1f816a21282d7f0fa71f15645c2a62ad6a805e5969902a94027294be07705fca08f9cfc1a55ab4306da57435354858999d8de2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8ab92e8d519d4e9a133e927110f54320
SHA1 56167e4390c6d8c9b282a2525b55459d3bf9dda2
SHA256 5144c9ce60e354ef15445195b05a8bb0ebdccd79bcb6c5ad6c10d679a5556c3a
SHA512 053f383a65dc6e9ddaf7eab3b35b1d82cefbb01913851de016dc1ceda004807323c7f891fc8b419300719ada77a8dcd78954880fab1627846317d0217ec158fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059

MD5 fadd3fd17a5b6df9cc1e88ec104ebe61
SHA1 97d20227a3bbb75d611703a891d9293fd593c587
SHA256 b6073cc7a9d3c8608b49cc02cb95c50a1f54ed4350bd6e64b2d38123aaf934dd
SHA512 6dddf4c8158a7bc21af3afff5d4bb5262ad7c8959d5da74e06e7d472cda44984817f8e92cc1eb85764e661238c5a55848f7406fddd6b866e73c4c49ec603b061

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

MD5 ee24d49ced7d991280db7145e26b761a
SHA1 f79181879bf741f9062141053ae38f47f2d65650
SHA256 19135e6085826828db8a3b0d473dce87028a5207b7725838a42c3e094952b7a2
SHA512 005399cf0ae084df284c654ca53deca4d9370c76b5e6d15146747d14efc2e7b75da498068260f210029bb2f9276e01404b2f9f0c4da742449106bc824e2e96fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b

MD5 ae2fe4fe5be048ff183db4ad506d9b90
SHA1 d6e5f9925cc299aca646f3aaf55df324f2932063
SHA256 ee98519d80625f797d3a74f3c639c5dced9c7f8a06bb5a84d284683f3939811b
SHA512 f68790de98aaaa2d292dea1ba2c613d44cb6abfd8e6706e50e4fefd7e7a2e19689ac1481069487f1c26394bbc512181769a2f6374c8da634865ebca6b29646c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

MD5 d2d0c427f1d093c36a9fd6751a9a9d61
SHA1 dbd596ab1f2256ed3e3816be5eeb75d34f38f821
SHA256 b37bce0e0f504a7b54d3a01007169d4126c2a401be8f93afe35f665e62c3e34f
SHA512 b8418e074df9619ae62461b5c42fcc42d2ffb8b099e09ec0271bb481f8e1ad8d7655fd5149d8abdbce1d35226029f200623574946d6223df1c9c14c7824d63ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b00e9299e3ad7e69f63f428539a87fe0
SHA1 b681c89ce224f65bd1d649265a44d6744a905369
SHA256 6f658bcc3801fd682867288e73fb19b2dbe7372aeacbaecca40f65dc2942bf56
SHA512 a213a26c08a2d8162479989fd86ed694def98492570c04094edea41bbf7dc74a7c7fe8deed40d3d52e363afffb092683d643df7fed831d5c553035683f171dfc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 22a3535649e84b41625ebc7cb0b1cace
SHA1 f8ed2e72606b5db5d422549007813a37890fdc40
SHA256 5bac25d1d3cc8787d6472bfa05083e14cfe4e36aebd0178fd7e901ced16c82fb
SHA512 9406828ffea4902d8cfafc1f424c9bace1996a9db579852872d2991286c05fd38f03da9f17093dd9dbcfcdc9829625deb9ca75980d837fd2c92a04d6edd5cbfc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d7463cec75bbf1d9ded944baf1a042a6
SHA1 0c6386cd2f321d6eca38d0ae45549322d0ccc5b0
SHA256 8fa8fd7b72a9cf05ea650a151352e44b696dd1f06c943ca78e87ab437d060e7a
SHA512 e691f8b1037f78e8028eaa9906ce832bb21354e2efedfd1df39dd61e56ad02c0f1257372c0f8b95b3f6c1d5c45bf4d0e10c73c5d580cea91fdcbcc21be993b51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 dfa0a1ec67d2f106261e74bb50c6cb0d
SHA1 ee034ade1bf5bd4a379b4a4c24df5e44652b3fa1
SHA256 564982a4b886c72832f896ca69dc71eb45b2cb3af12b03ca9a5e5a126be5ddbf
SHA512 5cfd642183c0e70af6e0b3c1ba9e34eca3ae62ff9ee139c3595ad4ea2cbd719b2c62cf982d4159507db370f3b13ee82ee56c899e4c8aefd898ce0764bae7f127

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5a436e83-7656-44c3-b389-d5359ba52031.tmp

MD5 5dde2c4f7eff1763990c62e3f4fa570b
SHA1 72a095d778468a8b74fd081ecf20bf23c8928bf0
SHA256 6b616d48b63d4df7592db2417f1be3db7373039e86b2085da971d0b83be1c349
SHA512 c10ac259a4db876e150f1975cc8e4241a371a7cdae6f98890f44a0bc8b0e50b9042dd4fd87fab5ccc611b1ac1127b9c5fca5b918b31d4e1c5cd5f120f37ec050

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 07d5dd588024ad087086f3e4c0c60ac8
SHA1 256d9347ed6580e3b044b0e7dcb901f4769284a3
SHA256 dc274876ae99cd9366a00d0bf90842685cdc0e2b01338d05c01b8b478996e7cc
SHA512 1dc60122f8db2188b4db9c5272a487cb6497a3e855779cee503875ab01342090ec7a29385fb93551e825fa6c4dab393504557dc1995ba3f761ca83afb1f9f55b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0687329755f04a3289dd7c32a5e916c7
SHA1 c87dc4c7862d9afc1c3b339da1e37b353983fc5f
SHA256 2ce996ae387360c33b52bc719fdb1024e811858ed6b20cbc453107a4699a0696
SHA512 1d8ce2fa1f5b795b3843c437d29943e576b98cc4af013ced03258750737af09f701355db3727d89a5ca7f36802e1c036c40d5a2ec87fc73f7cdb5c157f56e420

memory/3956-1474-0x00007FFC6D1A0000-0x00007FFC6DC61000-memory.dmp

memory/3956-1475-0x000000001D8A0000-0x000000001D8B0000-memory.dmp

memory/3956-1476-0x000000001D8A0000-0x000000001D8B0000-memory.dmp

memory/3956-1477-0x000000001D8A0000-0x000000001D8B0000-memory.dmp

memory/3956-1478-0x00007FF4C34E0000-0x00007FF4C34F0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1c79d7d7f6fa18afc9e9a1f39203e86a
SHA1 8c9954ecee7dd5098fb403aaecb625c2500ba9d5
SHA256 68eb5dcc377430b5d53077935da98aae82786112a60b297939fc98df3feda383
SHA512 ec7084145580276a823664a75b3a34576dd90797cf99bd1bd5058449da91117a9c0125b8483ddbb828e8eaa11b19ef8a1b9ec718fb03fe5cf8cefdb3900edd76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 3df7cc0741fc1042c912522aa9f52e02
SHA1 5b98920235eb64e6868bd0bfd48704688a863f47
SHA256 3a6f11eb3832ddecfed81d6a80c61d4d0c8fe46ea254022f6354d76919a04659
SHA512 82d080015f8a370946448035d50e24cdd8fed9a3935354529b236afbd7e7fd17b29a5fcb3c5824fd7db3c5298773bb0e3cd54101ba9999cdb7046a6c149254ce

memory/3956-1497-0x000000001D8A0000-0x000000001D8B0000-memory.dmp

memory/3956-1507-0x00007FFC6D1A0000-0x00007FFC6DC61000-memory.dmp

memory/3956-1510-0x000000001D8A0000-0x000000001D8B0000-memory.dmp

memory/3956-1511-0x000000001D8A0000-0x000000001D8B0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0515a32173dad48be109e3c420801144
SHA1 87bb62f6fd476e654f27ee14042299c1f7b6475c
SHA256 768e00461c30002d0f495a751d7df65af32729bed0d1d5a224a201c2f646a5b2
SHA512 4db9e8a31aa576b55d63088980a6ba06c45a295088841008fc11c98d90244389f87d4ad541642392bf79ca1bd74e6dbcf1573fbdbcbea8a6b25cd7b1aba1f366

memory/3956-1521-0x000000001D8A0000-0x000000001D8B0000-memory.dmp

memory/3956-1531-0x000000001D8A0000-0x000000001D8B0000-memory.dmp

memory/3956-1532-0x000000001D8A0000-0x000000001D8B0000-memory.dmp

memory/3956-1533-0x000000001D8A0000-0x000000001D8B0000-memory.dmp

memory/3956-1534-0x00007FF4C34E0000-0x00007FF4C34F0000-memory.dmp

memory/3956-1561-0x000000001D8A0000-0x000000001D8B0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 64522ec85e0bac4dcad5d7544863dab7
SHA1 542521415723fb03b1f9cad96540bfc877a12d7e
SHA256 e265d8ba806c5628b45fe778ef72f77919a135b6c4c09deca5d9ddb8e7b38788
SHA512 aacb6fcf42d4a2307c7f8e6e63a0d3db2dd5ede5fcf79eed4d325c5e61846db99a3fc302c34f0092e1766610537063ce4a453630ad2272a7d62c246f964c728b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006d

MD5 3b5537dce96f57098998e410b0202920
SHA1 7732b57e4e3bbc122d63f67078efa7cf5f975448
SHA256 a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88
SHA512 c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f

MD5 63b0aa440a1f886317ccb00789a145c9
SHA1 c4950dce273d483d1ff83bab26ec1d4c40df9015
SHA256 1deb33b384ca8e6d26bb32a6e16691919b4c170b492acf89e516853165fef301
SHA512 3a03792f8f831290810c1746d78f90a3abc660e42fd7d8fe454940cecd96bd7e4d9eaf9e0b3108f82cec0f7eff1a32d60b47ea065e03af759e96af3b3b44f427

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 23e3240562676bb4eee068c967a48f42
SHA1 620c1fd12ee6f7dd8a7af316746fb6f6163ae6b1
SHA256 29945aabeaf135f874fe8b6feab2b9ec371731855eb04c8f22543c7b73842b49
SHA512 8a0344a4dc06426a22d8ad4be4274c58a7e9fcf2170dc1e2e34723a28d03bf3a5324b8fcfff67d3bb7ed0250b947a81fec5ac3359536414fb765470fea363c47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bddaa98746cbf4c6bd4f95307aa56c31
SHA1 9373cc05769765cc83c75c022db84480a49bfea0
SHA256 14729cab27024441eb3fc9845f645bb4f0c3b54f12fae8245a4da6cfdf015cba
SHA512 c5e7fd9f887af47661872b21d8c8e99220671a140d7728a288c92e3d836cb221832c91488e56ba842acb46c2478df9942628e61960f4a8046a280b3adcce229c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ea760cbb7da8a0bb683a6882594877d1
SHA1 ac47cc695f18d846cb74c3f476ecb3d7627bd278
SHA256 61c7def059ac13a7bec96bd9d5dafaf84fd03be8bfe6a83c79d3bce2d224c14a
SHA512 1f32cf557a7570010eab53a54d82b3d2ec8825848c43ee7ed30f80830562d3c530114f8252552075df5d1eeed1585bf371da2ce9ded2793e18891646f5d7dcbe

memory/3956-1624-0x0000000020D70000-0x0000000021298000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0c9271433b004f5de9c0cc196c6db87b
SHA1 86c575a1c517e938498fffcb4720826302d8e778
SHA256 2bd0ce7eb6331a7adb619af9bd20c9996f0de0ec0dcb313e1d58b558aff4ba29
SHA512 031e597f7a265976c9564c5daceb58d361143f15737759d8bb8d2914878c04fdb279e537f20483be2c469a04ac6375c03487190a66eb300a8ddb2e53f2bd08f6

memory/4884-1657-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4884-1658-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3956-1664-0x000000001D8A0000-0x000000001D8B0000-memory.dmp

memory/3956-1665-0x000000001D8A0000-0x000000001D8B0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c7961cf783ae9862ced7514d286a46fb
SHA1 b63d728e6615d037a30e6c5ad4b55bb6e79a116a
SHA256 32ae653314412c0d5631c6ed5f2f331c7c76e9caab8d82f1e07135ae5ffa321c
SHA512 fb453752cac142ae4b0451f38eef9fbc9c69d3fae8b48899b9d03ff6d2260ead3cc313e5d1a608ad8dfbd34ca757c0c31dc144b62066cce311256549d0f2fbc8

memory/1640-1689-0x00007FFC6D1A0000-0x00007FFC6DC61000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 93b17342d7e16a28a8e659eec18e5d78
SHA1 87ec26a5e3dbff04f8eba5331c59ecb04439e933
SHA256 d63b57224dd9afca29bfad48c988884c8ba366195567eb420adcb459034bde0b
SHA512 dda9b0162f05bb2952f6ce366dcbd37197067b16636371ed89e6b27f969ceb59064473a724c88181434bf6024d8224ef325415ae95bccd2ba2bea66c7e0ebc71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3c18f9c797021e0f0179a3a606f0de4f
SHA1 abba5e559502a6d4234ba924c36970fced533ab2
SHA256 63fdb39ca1fd367867dc20b81d2ed41e6ab210ab85296557deab41cce0a7a080
SHA512 46273068ad3502101b6f8dc760492e9d39a9dffe5550a3cc9b1544d04408bb523a1156234fb50f7299c39f544277feb66415c4ab3285d69b3af32cd3dae9a2f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b55a0ec4ec5fe62baeb1cb34f438c276
SHA1 fb94ac67d0f7cef785a8f64e6229f79ad202a8a6
SHA256 c16c154199c56286bb9a14f8ddc298d9bf09ed4e0e1e16c722b93ca2c0a8de1f
SHA512 fd99c38580580575ea97e6c659b77b46f910dcc9a1f7a5f3e4bf01a603863b1fc2897a969881995480f53c3d1e5f1ff556242531996546cba655c617531101e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 701a6239c1ad0bd7de3538403d25ad6f
SHA1 b4e188f454d91e6e0eddbae83da1ce00df889a63
SHA256 bccced9969f4888e94482e33eaa07dc97786b6b7e7dccc6ce4890d8f605a279a
SHA512 c5a318e52f8a1c7c2791400670d9c79295d9817d62812d276e9dcd0f16e47c1589416a553305f9e5ce6f7b19711b3f22a858363c091f20c2c6c162b714089982

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b6326bb047b408e497a0a541ee50a492
SHA1 e0e581cd21de53dd644df5e621a64e030b641916
SHA256 597f073b7123a26cad7392c5294c55fae812b370ae8f5382634d3cc9fa63c2ed
SHA512 5ed4f1d42c8277eda411468d1ba4518485e8b6b1b81471664c6565df6aa6b625cadc2955a4f3f6fcb911cbf73781ea64a4934032454328dd36671232bdef16df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b956812d2e59ec9f623465c4fcf2c474
SHA1 93785a1ccec9560ac7318ab15d9eb9144d288f2f
SHA256 cf04542b7dd2210a93776653d6cb85b4f2b0caeff08a4a682813d1f09d8d3e20
SHA512 5d737cef96ad335a19043a1151ed6527ca9d62c48461ac8d3669f3994d4795aa5b2511bf2d1f397d5267c921434afcedbe22c9703da524c19016d03425e1fccf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 40598c72cd7c1780a3f2b1d25a3e422e
SHA1 8ada214b1ed3c2a82ac81ace4c58e2f4cbacb7eb
SHA256 84b8d6155fbf32de335da31709dcaf279cbf24e06077bd50fa616857167ecc35
SHA512 38535e07c18d5c111361e4f01e12a6f2465146ed62ec624ba736507b761bf3b5687172c104c1d3f9c8353596a6c26af5fc53536d161be956e95142dca7af2a20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 960e2168aa268c1d393cde90ccf9f08c
SHA1 e72f26ed20b098ae5660c3b1331859a6ba72c3e1
SHA256 bccf75ac76b29f9c76684e4409bce323900a80fdaa2f22f23a9c9305b6b79ec6
SHA512 f4beb83dee209db10e840410ddd6425688ff5487bcda93ee7a52798aa07088978686bd09e10168381e87c7ef43dd68dbb85d88bf49e68e8d6cf4107f8020d8a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2007740ff8d6547d5056ab90a69474d8
SHA1 4145fa97164b255693e8dc1c6137cb5cf4fb19c7
SHA256 098d14b5e0cf7ca224a6e31dc74eac15e937196e5d24c94b4ef423cef2be18d3
SHA512 0ed3eec458c4f8f4c3a6247e1a058b61699b1757d3fa7b25b3ab1c98af538b500714b0170d68b850536e121909658c6519f1379dc90c7a828cadb4fe321458fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7b846030bb33295bbf220a08c9386e49
SHA1 770cd26433cc00e3017f08af774fd757136d593a
SHA256 1a0855f76f22953d6d68b51fb1a79fc441b35c7edff0ff0bda1f90430ad6c290
SHA512 6247a52a8034aa29c7535ea292f69eca93858c7e9514459514405d98b11f9495aeec46f52dade9dc43c70695e1a06bfcbf3b7b0c18040565782788622efabbf9

memory/3956-2065-0x000000001DBD0000-0x000000001DCD0000-memory.dmp

memory/3956-2066-0x000000001DBD0000-0x000000001DCD0000-memory.dmp

memory/3956-2079-0x000000001DBD0000-0x000000001DCD0000-memory.dmp

memory/4856-2080-0x0000000000400000-0x000000000042A000-memory.dmp

memory/3956-2081-0x000000001DBD0000-0x000000001DCD0000-memory.dmp

memory/1312-2095-0x00007FFC6D1A0000-0x00007FFC6DC61000-memory.dmp

memory/1312-2096-0x000000001D030000-0x000000001D040000-memory.dmp

memory/1312-2097-0x000000001D030000-0x000000001D040000-memory.dmp

memory/1312-2098-0x000000001D030000-0x000000001D040000-memory.dmp

memory/1312-2099-0x00007FF458060000-0x00007FF458070000-memory.dmp

memory/1312-2100-0x000000001D030000-0x000000001D040000-memory.dmp

memory/1312-2101-0x00007FFC6D1A0000-0x00007FFC6DC61000-memory.dmp

memory/1312-2102-0x000000001F0E0000-0x000000001F1E0000-memory.dmp

memory/1312-2103-0x000000001D030000-0x000000001D040000-memory.dmp

memory/1312-2104-0x000000001D030000-0x000000001D040000-memory.dmp

memory/1312-2105-0x000000001D030000-0x000000001D040000-memory.dmp

memory/3956-2113-0x00007FFC6D1A0000-0x00007FFC6DC61000-memory.dmp

memory/1312-2114-0x000000001D030000-0x000000001D040000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\288b8e06-393d-4928-ab92-cde785a667ae.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f3155faab5a1ec23369354e276370951
SHA1 87d0ae5909efbe76c4f50215911221a4014f0447
SHA256 80e869769db778cddbc2f3e219b6b6655e1a1372ce6c1a9655b312fc8f3010e6
SHA512 8af2b7f442f0ab5ddee33979c371c2336c5931369f9514d69c0a2edb81674e51c86d1d9cbb2d5e2cd9a75918d6ba008d8b435c5c3f7074c085c86f43d01eab74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b266f187fbd3c0b9b7bb9df806675fea
SHA1 1010505f851251312d82dda0f262b45e8eaee3c4
SHA256 54ce53c5b1369354f5fac63511dec88ba065f17fa3fff63248548873ac47b47d
SHA512 638013951387933a9c649d2047894ea9c8894d8ded3082df02be846415e4a261d7f4a5a7d53bcaf3581384a68f9e22691be596482480766ccff0e50afa1da0e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 125ef5600c50da4603bf2b1991c1471f
SHA1 8c344693b93efd5b4db08133b55f62fe751cf372
SHA256 cebff190fada9b9cde31c88796f7c47e733c38ed91679e19dc3164334ba3152b
SHA512 ffeceb630b54dcecda8a48ceb1cb5132857990f3e57759b46704e716827b114463d4fe97e7c5df473953cc6fb055306ed2b4dc8b9490d6cc195217e3de41cdf7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009d

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\Downloads\ChromeSetup.exe

MD5 fef9d4d593fd242ffb67569e3306f416
SHA1 2ff58441a4350b0e0f4e9e7401abb2dfb1f94649
SHA256 e9ae7bd9700063a4ae2e8bdf9f65b5e76945ad25f410d9398656a6cdf7391494
SHA512 259253c6a645c943118c344b382dd7e89018987f912c39fb3b1067fdab4548c8bef7a3fc30f7a335ddaa1b2b4d0d1c371dd0c2ff053b04045bf34838f9f854e0

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

MD5 baf0b64af9fceab44942506f3af21c87
SHA1 e78fb7c2db9c1b1f9949f4fcd4b23596c1372e05
SHA256 581edeca339bb8c5ebc1d0193ad77f5cafa329c5a9adf8f5299b1afabed6623b
SHA512 ee590e4d5ccdd1ab6131e19806ffd0c12731dd12cf7bfb562dd8f5896d84a88eb7901c6196c85a0b7d60aee28f8cfbba62f8438d501eabd1bb01ec0b4f8d8004

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5cc19e38aeabbf861a49411d8dee537e
SHA1 5ac4a60fe1d87dd362df2542d1fff6cadc5b2947
SHA256 3506fe2fb833ef46cc5c48774a72018f90ad45feb69466b02cc855f7be16042c
SHA512 c1e7410afb9e912595427529c42dc4b311ff9675f3976cc37a10e5e3ae3c08a7217644f0aa95efc1cd96f612bd51f93e41b829885abc095505e2ac35d0e7b160

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 56e609b5bd7044a2e1357ec28aa9296a
SHA1 51c382a49d260d9166028be78dbef90d6dd13eb4
SHA256 75d3e064e0ace41252dce2de7b4c88232c2c2fa5cf1172472f864625686e99fb
SHA512 cb3669157a10f2606c5957819954db1e0b2454f5e6cb27f559fa22586ba6e015917e61eb4036b07669a89853760b7ab5ae7279fbd2eaf7a8636826001a7aafe0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2ece3254814af8278812d032f854955c
SHA1 05e5075418432125333850266747a570c0a62391
SHA256 bb4c4f4c40b714b902dd4ae49708aea2a428d8ce4519609b0927b76edbb3cb1f
SHA512 3086d9520be424ca8fe4e47275e28e3e83b5f594691803825f70f0dcefbea4d7aab0ec82941418b4e9dc59eaf4e7b3e93328a51901384e717699763a82692b0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 fcd7310e6df18acff364ccf9e12e518b
SHA1 d265efb79a405bd5e673693247cc251c02a5815f
SHA256 39046827eeca315d7ed880f7bceb60dc978dbc2d3fd1c438e203ae11a5978fe4
SHA512 d9c772c9715b0f3264a8c8d8e37d1989df3a7e6e8ed6e3a1d88d23cd20d6881a1f754349a130bea6d1c765a94443072dd27d77945321d4bfda60e499281b864f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7cd67c656f55db41acf79c994c6b6382
SHA1 23cb8144050b5d95d8208582c66ad55c9b3ae0e6
SHA256 ae604e2598c8630d903bdd13a06cd2c95256f33b2babf9a09b49dde027e09960
SHA512 1d20b49bafec70b8235c90281c1b8061e4e3fdd85d14525a74820d5079eb54df16a0fa8d16be0513fca9087f3ad5e8ccf4d2ea403fafec0bfd08cbd37fc85c0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c815dc30a959e6e4592ae90d1b76ecdc
SHA1 fd6eb71bdf7b181171fc7c94c665f22492f1ca9e
SHA256 37cc8ffac53964ee6357267e3ed6f091be40e562d18c29d58805ecf1adddb503
SHA512 70e7c70cf1161e72aafe4fbb587eb18b851bfb6c112c4d6d62375277ada748d8801530e2761b0d8175d88767cc03a91d5e011228e7a2817b80658cfdb593fba0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1fea8dd14b5970533e434b4bf1f96f53
SHA1 8bf0b791c594569d911d26fc3c22bc704e9e42ca
SHA256 e2159c985d6851a6f003e54a3c76e78163da256ff55595b356a4ceac182fef2c
SHA512 b22bb95fbff49fdbd2a6550e3943cf1b33a06071ad3d45912a4b6890a2a2cc9f573971cff5d271b0787986dd02d3931342140e8878bcf64008e2f63c28503d87

C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\122.0.6261.70\122.0.6261.70_chrome_installer.exe

MD5 4c5385cd2e25c29b44129a21e8062db2
SHA1 370e59090bf91ff42c862cb98f6b3453e0a7e855
SHA256 5050f5394cb077a3ee169753f191a49921831db2a99d410f449716000f6bba66
SHA512 21936914f13af8a5b56a8809fc127e1d71228cd8af04bcdfea3be2c577c3e1beccc44fc0a5535842adfb150d4c3035485fddaa6879421849896a6d6b0090c382

C:\Users\Admin\Downloads\MBSetup.exe

MD5 38fcbed91aa65065ebbe593da8a81fed
SHA1 8e13cce55f98d6d63c389980ca9c9d42af427509
SHA256 8f0d67741e5bae151c67e274320aff754480e188499be17c08e72cb4fc6fbfec
SHA512 a3df875deaccb0c8d421bf78fa5ab92c3d0bd67c4bfdac54d430d46043b4306ba138e45a223e422db43db6c305863fc84cb171d55878a774a58e794189078835

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 312cc02cf77585f42f59fe3fbebb0a81
SHA1 9250e091be3ccea0bdcafea7faabb9d144888b5f
SHA256 8d423114c2c06f5a6b56edfc91dd10178aed2dd3e486db1588bb75713970ae2b
SHA512 b417bb291a3c31ec0d8a58a18edf43e09424fe09b44d8445b752b1268d8a1230afbdaf3591ea67a21ac5910b3b4b82f544861b5d10cf10547a40fac41ca8acb8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 373d8a1f5cefdd341bf1150c660242cf
SHA1 3eb4350f6c7ff139e853501a4c412729cb03c3ca
SHA256 76f9242f719b751216dab6733ab65860ab298d1ebde45d6995713b633b5d709b
SHA512 9401c8374b2d3b4385f043eb2746b109df5eaaaefc73695fd3ce3dc95788210e4ede64419168a72a748c930970cd52b5ac11c6ab32a3e321946b46dd9deeab05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7c6e9dc47a93f813ce11f9c126a65755
SHA1 8d2e26aca08d3de9eec62942e543573e50033b3c
SHA256 95ce0c56430eee63beec82334c979b1605ffe6ea507a25a11256f07fd4629964
SHA512 dcff3c772b8348b4d17f5cb0bc43c085dd80db2e79de661ca8573ba279be5242a0be0c7588d6f108c9c76e424e3ffcb6769e5d08e0aeabc7b96309f9f38a6750

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f2685aaf0e928381bb4b48816211a685
SHA1 6a6e82c5d5ebdebbd0f5bd399e6d2db5e4a06fde
SHA256 40bd23ea1d5b6922995db6fa865bef695b76cb6e9c30dba98fe2eefdec9858df
SHA512 5d39fffee14cf054a67f81068e7583414d51c908fde42cb9cb73488de1c7e3a8cc24582628dca3c5d9c2f9d97ea02cc098868b44f871bf0659ebf1c7b6011e69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9db4ba77f1a30f6804695546e323f4b0
SHA1 54fb190aa810c7ccb9b8f537d3428f8bc56ba198
SHA256 51c69bf8dd2891c28200117545131191840ca607b5e88b621e4534edea9dd9ae
SHA512 1927eb17ba6991b46bbb461c5a77c8f0f8244051fd3d9a18880779405a09f6c820d005bed0de0beba6401e355484e7c6219163b109f42c3d0895d2cdec6a9e92

C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\setup.exe

MD5 a6acbe409171a19b0bde91ab04ea7414
SHA1 7aa40db3f3708daa2c8dd3404479897366b84dc1
SHA256 7e4218d2f2ffabc502747f2274ab6691181dfa9e1baa3a927c0a4c1293a953bb
SHA512 8dffe7b77e3d065e7f549e0b8de6c799cfc282ef8c8eefc6d25083755af42f6da4333035a8c3aaec64c83f2b6edf0ce6bf7da2a9c77966f6cad94e47071548df

C:\Program Files\Google\Chrome\Application\SetupMetrics\1804c6ed-6cf5-4391-b646-11de0b6b8d16.tmp

MD5 51798f216de3d30514fd4e4f28121d66
SHA1 8f1d9308363a6f1164d63247eb2a9a33183bb379
SHA256 bb104d775a0b75f1ca642828b28c6218691ac3ee3c21b582c5748364c00945ab
SHA512 b7c6903c698490284946963e3d4f16671d94320045817e4a530c0014c12a883554277e41b3f290d0c9db5955cb94dfb112182ab8ba94e8dba871e35729332a19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 cf2ab48e68b7546074f16aefd306e89c
SHA1 c3ba6e91eb88b90840ead0c63b2914dcf440c834
SHA256 7f15d0ea7c4abfc4e2320551d7258ae585dc3c037da640bdec0c48bc2af1da81
SHA512 1e868e0775ed842321b126ab0a0bdef0da31aecef7ce129b8829509d00063bf85e1ed03872cb0692891e36d867051abf60cabf3a0c05775cfe81da7d04e48099

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 07ab8ee3c73cd76a8d957bb88b42a501
SHA1 3ed7244eff75d95a1b868e3ec4f44c4c6e8962ce
SHA256 7c28bc36286dfce5fde0535a9bbf6bf883a31d6e54f53b432b212d36080164b5
SHA512 0f30b4c4599f2fcf29c67b51b5f4769fa72f86093746fb246fa2a8280fa7522c2d929ee1d91280a06e9a8f742a6cdc24c64ad1003ab98b770b25e3a894555d35

C:\Windows\Temp\MBInstallTemp343ca7d9d36611eead86e21b3e6fe26e\7z.dll

MD5 ab8f0c1a37c0df5c8924aab509db42c9
SHA1 53dba959124e6d740829bda2360e851bcb85cce8
SHA256 6e223b275b84d948cc5ae1f161f0bfff2adb34de04634c84d7dbe9305a4998d5
SHA512 ff8a26e8fd5a08c74e5ba93a564e0d3cd932754e7f06993a365bfad06670497889e69ec45bfba1378040b72f82d468e79682beba2439937bb29d2a41da940d4a

C:\Windows\Temp\MBInstallTemp343ca7d9d36611eead86e21b3e6fe26e\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.25\mscordaccore.dll

MD5 c174eda52e913580d505fb0541e513b2
SHA1 952808236e912716fd73f66c2f9f8cffb171ae9f
SHA256 14f351c5fba0f9e7199f921a93db8463276fe47a94668c84292eebfd76557d85
SHA512 a5af4ac7a57fa4f942ecfa4fddeac5e4143c1cbb819ddb23e98cade821f7964b0e9de97aeb48c4a01c42e2a206d1c6ba97f7d1e84d2498a5ca1e8760849f4fb8

C:\Windows\Temp\MBInstallTemp343ca7d9d36611eead86e21b3e6fe26e\servicepkg\MBAMService.exe

MD5 9566a7cbbc3eff47bca3fbde3c7d011a
SHA1 8457e51ce893f7e6e3ff0473cc52ac8eefb82ffb
SHA256 0b6e5b5eac69a037baa1639274af2ceb6eccf7e885d5e75bc5bbddaa6533d7b1
SHA512 ae6b8fc9f483f367203ba4fce22f20dcd3dbec551189b1c473510fa2602253eb8a8acc2f7d41bca1ef5d38f467d3b5b51a2d6aa5272cdbecca226a7d89ea6246

C:\Windows\Temp\MBInstallTemp343ca7d9d36611eead86e21b3e6fe26e\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json

MD5 d94cf983fba9ab1bb8a6cb3ad4a48f50
SHA1 04855d8b7a76b7ec74633043ef9986d4500ca63c
SHA256 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a
SHA512 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

C:\Windows\Temp\MBInstallTemp343ca7d9d36611eead86e21b3e6fe26e\dbclspkg\MBAMCoreV5.dll

MD5 e374937efe9abeb8e8802486b7787b61
SHA1 4425576c4de9b391ad06d66502ef38032cb32278
SHA256 89b4be41a8a0fc009cf6940bdd7091be94ca90c9a3590b787272bced08751463
SHA512 561e2472be122566a93473e4a59dbd81893150a1072b67d49d3415067024b3a50a0f3c520be366d1f03f39710b88ff5d3cdd6124c91444b55037e5abf450ce12

C:\Windows\Temp\MBInstallTemp343ca7d9d36611eead86e21b3e6fe26e\servicepkg\mbamelam.inf

MD5 c481ad4dd1d91860335787aa61177932
SHA1 81633414c5bf5832a8584fb0740bc09596b9b66d
SHA256 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3
SHA512 d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

C:\Windows\Temp\MBInstallTemp343ca7d9d36611eead86e21b3e6fe26e\servicepkg\mbamelam.cat

MD5 60608328775d6acf03eaab38407e5b7c
SHA1 9f63644893517286753f63ad6d01bc8bfacf79b1
SHA256 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59
SHA512 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

C:\Windows\Temp\MBInstallTemp343ca7d9d36611eead86e21b3e6fe26e\servicepkg\mbamelam.sys

MD5 9e77c51e14fa9a323ee1635dc74ecc07
SHA1 a78bde0bd73260ce7af9cdc441af9db54d1637c2
SHA256 b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0
SHA512 a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat

MD5 937a98c6672704251debffe44b580d34
SHA1 53666699e1823565bdefc7fde86598c843b4cc6a
SHA256 9b06919af771df779a7534cba46484be00c8113356770e4c2d20e118fb3ee593
SHA512 d1581719591a99fd609fc1471db2a1c38329993cc15d5c2b05c36b81f7a0887146afa250f1ecf2ab0e6815072bb4010aaedbac591b39bace1ded40d0175161b9

C:\Program Files\Malwarebytes\Anti-Malware\version.dat

MD5 c8bf1f7b6664026db1b7c4160500648c
SHA1 d1946d84b7764876cb3c1e2c679674ea5a85bbb7
SHA256 b3db5a62892c3e4d3e4b9dfbc3dc107a789362c8322cfa4043cd2c84dd5918c2
SHA512 f5af3be96bdbc5415d0b76a23bc58c397d8488f9f191a6c016d946331f3d05f1758130eb8b2f75f765c7b727d7d8df1662af9e2645219c48ae1faa1347613583

C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

MD5 ddfee006c8400cd382d722db8aba8cbf
SHA1 46db8169f77a728b1aa2fcaa35962b711c7e7653
SHA256 e1fed170feaa0541443d2417eac0a1901c36eb1abb734861edafdeffdaf54427
SHA512 96c464d034f616fa96c6ba45c717c51f59a12e9624ec0bc166d510801227d0d1e4e3578559b14aae6087ebb828db378b47ba9b789944dff9c3a29a202bc97c3e

C:\Windows\Temp\MBInstallTemp343ca7d9d36611eead86e21b3e6fe26e\ctlrpkg\mbae64.sys

MD5 95515708f41a7e283d6725506f56f6f2
SHA1 9afc20a19db3d2a75b6915d8d9af602c5218735e
SHA256 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6
SHA512 d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

MD5 763aca65b6efaefde26476b04fdbae53
SHA1 1a0aba13ad367580c4f921da26714a8b5307eba3
SHA256 118b51e1269df6301fb5b9e8ed1d9cdf60c05293f24b4c2c2db14c094a998796
SHA512 366d14524a44c2185a3054dd926aa73a69bfb56891445e3eb8b017aadec7e3b24a363f8e5b9a16c070ef7f188004662aabf546931fd8b9e50d8b1b8665612670

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 747b4be31ed206febb771ebeab856ab8
SHA1 52f11eaf9c4730dd7b92ebbb930ebb813f8d513c
SHA256 c0af3aa89f466dbada9c0b6386f0c2742e315f4ba4a04c0c5c28926bdfc7ab8a
SHA512 5d52b053011b250067708ebe9627aa0ea1c4197c249b9fe264663feeb20b76d5ad818aab9fbd42a897273e909826310452e0ce94b669bb12bd1456ab4afe24a3

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 77af8c6ece83fbb576a03fd3c5b6a842
SHA1 31e3cbfb64639273d8fac8d0d8896f7060bc6704
SHA256 ea1f971e4806866e33df19b414422bb36346182e32ef5298aef2ad6a7f5b44da
SHA512 c6f3b7ff6c87777694b6defc17b0c8b22dcc2bb3faee98da0f3ae84d4fd55b9a715147a248cc92c9b04b09dc3390252d41b8c6bac8adda6861044b0dc74b303c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 098187a76d8d7c480b1be390c40433be
SHA1 7ab4df7e13279c48a90e333858814646a386503f
SHA256 3b6b8d91ef4e61fb46cad41621cc6d80d4ea5b665678b80cd83e9005d19d0b6e
SHA512 ad6181a077b3d69ece41de57bfa600d6bdbef44b02f2a4860c2e57cfb9d42f77309b1e10250b28ab5787185da510f3d31f63940c4be5bb17c104881e68677afb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e68c51cc782291d2239f747c8cdd594c
SHA1 668f2ba9ee75c6004e40a4ffc0e744db1f3a83cc
SHA256 3c1c0f62c5dac309e470f1d45864732dab0782cedce127e4489c9bcb1ccf3e56
SHA512 393e0ceb330181aaad8ecb10213b4e47e10df08a1e0892e0685bd2db01405d01bb73db234a07e37039b4e94771f72aeeba8fcbdcbb19efa1aed8efe97b9779b9

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

MD5 46f875f1fe3d6063b390e3a170c90e50
SHA1 62b901749a6e3964040f9af5ddb9a684936f6c30
SHA256 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec
SHA512 fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557

C:\Program Files\Crashpad\settings.dat

MD5 d1acba6499a0cc7b409d36af36bf9bf2
SHA1 45e82e8f827dfe29ad29370bc5f2219c50a05657
SHA256 81781486fc9a30457a1eed1481757a5d4290cc86e636a89edbf34ee4fadf6232
SHA512 90d6c944d6c594921b2cdbd042a28b68e52be54f5eb103d0607a3a4ab8090c582bef611d23864a10f381bdd23cb04c4868ce1156521ff8dd14553b199df9bed0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c2fa851a0da998c5f40824f99f9c1b61
SHA1 964558fa6e9c6cac621a38239502324df2b939e1
SHA256 4b09dd4a6d69c8fc6a243cc6b2a9e9b4dc9e46a9a18f4bc394740a0ab177e307
SHA512 de1ad109b7d0adb6d113053246bd60ec15390648583884c4bf19dd777fe232a9ed22d79b5c82b58b09b3ef92dfc65a9bbf1dde864d95951283f9cda735b28420

C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf

MD5 5d1917024b228efbeab3c696e663873e
SHA1 cec5e88c2481d323ec366c18024d61a117f01b21
SHA256 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8
SHA512 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a

C:\Windows\System32\DriverStore\Temp\{a7356d90-e7d0-b74b-823d-27ea0a6e8095}\mbtun.cat

MD5 8abff1fbf08d70c1681a9b20384dbbf9
SHA1 c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6
SHA256 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658
SHA512 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f

C:\Windows\System32\DriverStore\Temp\{a7356d90-e7d0-b74b-823d-27ea0a6e8095}\mbtun.sys

MD5 83d4fba999eb8b34047c38fabef60243
SHA1 25731b57e9968282610f337bc6d769aa26af4938
SHA256 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c
SHA512 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b45d4b16-4bf0-419c-a838-9c2b8ef56051.tmp

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 e25c113f43c65ce907562840ef27ffe7
SHA1 13e592148b1737f32152f23aaccce9f9782659f1
SHA256 d625101a6c8ace241369acaf04d022bb0e6cd389996d3408c4e902dc3742b5be
SHA512 c5e3a8cd476afb4b6e76c6d4cb64043c1d23b862b5ed23508f7caedf168c9b3c57ec2517a264b4f0c61eb56711c5471131600b546e77c0fb3b4c3288b6b82cd3

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 115ceb30f8cd247ca98ba697902180c3
SHA1 d6d63fe929c9b5d782ac5be1b9090e47f173837e
SHA256 f6bd8ee2e283f7dc5aad474b0c6c96c20467790648385d5180e6512c258187f3
SHA512 cf2cc56976cfdde6c022c0523eafb8fcc1eb0c7e298d5b306c225a96222004bb5533be52974ca159e1e40b9e4c1511df2cc1cb6d1dd095c763d0bbc1051cdfbb

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 b86b560c097188b0d5b96be14fe55e1d
SHA1 ab0302a1e949a52a5a341151f9a7f06bc8c809d2
SHA256 09e3d4e03026f2cce496f30ff73cea34026e4a116e03e13d062994b1400d90a6
SHA512 f7049e95cc48256abd0a0429d3c5dc2a883ee7110230caa71376284c08cd0a76e6424a4f12a6bf3ce7fe282d526dd7ee87b416157323c4d5e7a8204acfad6df4

C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat

MD5 741dccb0f655458da53dd8dfa9fa6326
SHA1 452b2e91cb7bbdb78e1278a2d7785d26c8794107
SHA256 9a65a4115a410682c223c70d73c1b6bcfd0fbbfc606813d30855ca139a5ef6fb
SHA512 e0efe0b81c183af8bc2a90cb7d69abdda371f99c380e691151fd0357aafaf4f12427b2a6d6af096660a586da27134c85c6ae9f99a782bcc240f542061d467123

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

MD5 b8b21e4e9df0fe4987931c04ce4d2e1a
SHA1 c67465a51d0c25bafb2daed0e4dc6207c478cb13
SHA256 64bd6a2c2f064670322108133ef4b06d25c396ebe5b5db51f7504abbefd8631c
SHA512 8a7ee31b5bb7aa34e562ebbeb092ebb9be3fa1e77da965034b9009f2ce2462d796e9ef7c3f2df39db4d9d43b8e8a2f39bc5854b43574740e3158334250afcd60

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

MD5 678b59cf36f8f8dcf211c31b88166663
SHA1 170abe984de22b495148bcb5f73367c7e937f5a1
SHA256 3dc1d7501a852ad71983c1e8bfb7dba227e36d94615aa53ae22ea0ca5242c293
SHA512 0c21e0c24f21aa22873ce41e7fe4e907ca060ad9d1dfb435ced14c0d4af27d9e19ab42f64d2b16d89994c856e491778e2bc0272dbcc4e432b80431f0bff54cb0

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

MD5 b1a6afb66912937c899117415dfa3fc2
SHA1 f414d30166766eb6075f63462ed084f767646c38
SHA256 18c81d66a0ec2312e8cd0466f941d36c9499f68b31204a05295e8801a27f2d30
SHA512 5a7aeeb74ebb00ccf278099e3d34e3e6e065e3ecfa99d7538c8cf95879cdf6e08e0212faed73ab6bafdd4d5bc69cdb97fbc3955ec7ad93eea536163aca2a5313

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 3365b6dffc3ec55253c41a1b23be540e
SHA1 72daa5e01dd2012075b9eabf2dad079f8efb1fdb
SHA256 79e283643f73847a21c99ee98e54f56663e74c7b80c4081f63c3c951f4b66e2e
SHA512 866d085f2e1e9b8dc4bc1fbe823f4d6c1191aebaa8e956255077c7651f4de08df9198e1e9a18b16d74ecf733239628a0cbb9edd9a307bcbfc451c71daa3b7aeb

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 4d81e27c8197a22f6621c157c6755860
SHA1 98beb51186b98fd69c104e95e0caf844468ebc1b
SHA256 0cee3f1c7a2e3853e1f867f898a45388633cb316d46becc11ca537b197a17486
SHA512 973094511f1453a015c821b91f30ba7c57f04503255822a83a1f17889a34fcf4390c9c0a14602a48bcc50e34bdacbe0a77f7c7ef820f058a54eeb1da0fe73974

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

MD5 213bc7d72899fdb2ce141131aef930d3
SHA1 0f5af12860e0bfff5673c4391df6ccf60a9d69eb
SHA256 fe8cbfa9021669823b9cec83d66b0c0607372fd042ad80dbcaeb8f39f8d9ac18
SHA512 f51a2c880a91cabfbd9f4ccf06a0de8c6a1e14dbf013d900cbbf81974fff5f0df7671a85e93d5adde8ac53eaf12a70c225c73a319e70725f370ee1c8c743bae6

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb

MD5 2f7423ca7c6a0f1339980f3c8c7de9f8
SHA1 102c77faa28885354cfe6725d987bc23bc7108ba
SHA256 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55
SHA512 e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb

MD5 546d9e30eadad8b22f5b3ffa875144bf
SHA1 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d
SHA256 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f
SHA512 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb

MD5 712d4db763a461313ba51864bb14b8fa
SHA1 fd2a7a9199afe79c554cbf7e649f2ab855d5f835
SHA256 86166f71f55ac2f66f7b8c1bb99b12bbccdf869cef744c9fd24165fb3bbbff83
SHA512 0f714eb425e14ff637fcf6e8a816bcad8d54a085183dd8f9c6bba6dd6766a6c4c9087358074146708976b75ef389e8e50a7be9dd112fb66da036c4ce4cca6408

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb

MD5 3778cee61f4d4a7edc8428490aec0bf7
SHA1 3ce5371cd9ced4305f62cfe9a98d575fcd05dac5
SHA256 f54bc3d471f1d971e8c299b2ecbb477d33bd7cd74ed1c06bf0899ca84f2c9dda
SHA512 ab0e9c36d8bd05f25147fff451ea5ddda13602b91e963f1b410d4ea262e18e5340540d334e76b3341e36b0fb69dbc2ffccbea3e768ff56e12475833a4a89fa75

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

MD5 5dbba8243c1feb2e523e3fc62749bbe5
SHA1 c517eecb389d3bea5391e9ab958bd9f662bea7a7
SHA256 1f4cdd4eec9700487f4a8c3650c3a823bb1f1e77386bd9690bf7ed3d2fe157b5
SHA512 be15b121015c07733b45636f2a70b7a6be491c3f60e679240ee795e55258fbb516be38a2496883c09666ee60a0f3457ac3657f67b35483f63ba559371df8fa09

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb

MD5 074dd95f453b5a4fad0ce834f3262b9c
SHA1 0ba67709e56494b15ec664938bd0549654a2e9a3
SHA256 0f41e04e6b4530b1b0493543c236ff485ff1baea6bff75047e143d1dd2f35ea7
SHA512 322cf3f732bef3861e386b1df879c1d5ddcf8b8a779ae2afab97c65ce3fc4d0182ee8ac5fe794d1419cc493fc5e028fd2462fbf9317acbed2a66b50b70231c70

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

MD5 b18431dfe2af64cb86796bc85a442acd
SHA1 21189bf6abfb9d2be24c6f133ff16249e2abac23
SHA256 0548ffdc075fed85cf30957dd203f728f160bcc07def9e3aa2d9f82aef52c532
SHA512 da70e34fa2037a94354e7efe24c6bc75d5e348eefd4e436c571d60c368dd826f2e90e53facf242ef7f32b97dcf00071b63bdf8e9aa3b5f08730cb02433ce8896

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm

MD5 38520983fd8689bc4c56913fd27981e9
SHA1 2fc301b50d43a099996b5607a4ad89b0531fc20c
SHA256 0b5556db0434976fa8ad54945b0c0a2645241af64da263389e01d640b5024c96
SHA512 2836fa423c071ce3dbd9eb41059c7458497067f59431cd574e80cec00276d36aed3556870f6203dc8754aea60d1344018d0d539334d6d423425f5f603901acf8

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt

MD5 aef4eca7ee01bb1a146751c4d0510d2d
SHA1 5cf2273da41147126e5e1eabd3182f19304eea25
SHA256 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f
SHA512 d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat

MD5 10f23e7c8c791b91c86cd966d67b7bc7
SHA1 3f596093b2bc33f7a2554818f8e41adbbd101961
SHA256 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc
SHA512 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat

MD5 3394c6b0d9fcebba9ac682a9e3eaa2a7
SHA1 f27c93667a952e453dd17ccd1e7ac272d11aa9a8
SHA256 ff25a864f2f10f87e968c38b15006ad170744a6b7d357b2d30a215bd86ffc4b4
SHA512 a26048b692d1737d7845957a450ebef7b7f6a3d06af47c0251e2b36b30f8baea4c0b4eac38422cd139d4dd624e18ccba8958dce49b75c5b7580fd8b017fe16fc

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat

MD5 720e93ceda9cc2aebf266fca480eba7c
SHA1 b5a9750d02908b18c8d13ec1dcf33d095514dfd8
SHA256 d001aa3e1a8af15be87f4cc5b871ca26194ed33c850b2d752db27cc1b8422b76
SHA512 1de619d8c1d031ad9ec7f8834bbc40617cb6d110eb8fa14600d50b0d71d6e3e838f18a46503da077f2a47003708f2e56fd300c2d349c65a17ce1be3d55e31462

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin

MD5 9b2f91e409c9e923cf436a0259704a70
SHA1 a8d50ccf3ee0c4eace5882c33501046dd3d4e27e
SHA256 a581f90ad1393615d2bdbb1a2dafad0a3177e8f7b430443fb4b57130529bdf34
SHA512 5f7652296dde0e614fb6e0f21089f362680b87a8fefe2c2e55eb0e28dcd326c237b2397deee6f5fc4d93982eed598b9a1f523491e2bc8d6a882df36b592838b7

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

MD5 2be1b169c356ca11a92422f21e7fd8b3
SHA1 916800cd1de00c1602c7db003b54f627864ffc1a
SHA256 4c62ed8b606c147136f7cb0901bc32da24e0c11fab4dbc5c4c5d4cff8c192f38
SHA512 ccdf2dd6e5a32dda030f0a0ffd5f8cb9f4f6d28ed427f9e0597c0e3f57512df749a17bb39439d000d68e1f4c012295a32b5ac385921a6e7306591529c3462ce3

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

MD5 271399c1ac837afeee68f8595ec22a83
SHA1 b36b600177adf56557bcec6f328ce2c1c523f87c
SHA256 9ac999bab4f96f676b88a97c22383f9dbb7a7cd040a481462f72211582e9e7c2
SHA512 559d84e3dc04e4d3b1a579494694dc26ae5fccd2b70d5669185f6c7b5cc3a04d4ed6f70a345e4d27af4240cd038598a2f5b182d7acff69969c4a3ac1cab09c75

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

MD5 be5c0bdef631a79b8187f3237b24c816
SHA1 8ab4e5eeb3304ed41851a51e3bd7694334ba5149
SHA256 00dc53182addf5756b5c0e0b0fc941ea5b1c91713b26a1d4a0b1a1c4e66d8f35
SHA512 6a18750370950cd6162af0c6638fa232a4c40808aa79456537448d46dad031d89e45ba39f976da9d752b4aa220b6ecac14fe00caf30f0c6d592c77e17fffc0e0

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

MD5 0547dfedeee326d01f59604f16de20b3
SHA1 7e646fbcafd3b55e119db8a9678e9fd18ccf330b
SHA256 2e50bc383e18ec0df90e98525cb33f0e9e1f5c140da1fcebc9e44b5d7e0acb95
SHA512 b0ecbf6e6151e307973330ae65e018331a6361bce0b8b049fed2f5f8af0a6b76546def326b786f5af81cf5a16b8d217b0c859a21912ebd68d0947edca6fec425

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 c396723f83c7aef2e80a0f321dbe8e9b
SHA1 5cdaf26d4d7094d2139df7c4fa9b848b52bd90bb
SHA256 d35888e6cf53eb7f9e4b1fbd1e57cbd2bb7a6ef344c72dac4b47312b5bed0beb
SHA512 d8d4a5ca673309b9995dc0e3f1166994dc803c8b9c9551ad8a3cf429604bfe553bc9a0e6dc545723b13cdaeabeeab5d8dfe0bce7cded9f714f2f4390c166bbf3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 eff040f51def3e195f0804af204b6957
SHA1 933115242962e695d993e47d63f334012bdb223d
SHA256 b5b77ca25be2f4263e1a7b257c79a14abe06e1cdc0e5fa16da65f57a9da8e19f
SHA512 48b2de4826a3b3a58c9e61e9d02eda875d0a44c9f88d391e584869f3aa6932813c783f5d920c7fa8f3a5a215f7b29b3aa4540db05c26469a8c8e69e1254fe987

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 080f8d6f95092a2f0c5ccc986c1860ea
SHA1 28ccb81689183f3661dc002517d6c50c27c61e2f
SHA256 c707898f37fe01a92e92a92ab4467f7878473d0d7bb17db43fde554980ad6e61
SHA512 6837f51dd260ee3f570285854fe149015ce6f05e39d1d43efb97092d5d4fb58c024e20b1dd9b1c30549bbf0571d2641c4a4a9b476bc8f58ea39afa9853c222a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fe8cc95e33bca67fd796b090a34e9d54
SHA1 d6d3bc609a109979439d95b783bd01dc4d52ba44
SHA256 a22a0693396794b7dfc2e68f22caf607ac4969dc3f13eeafbb7aee57727d2f06
SHA512 38ae9383efbd492a096621ee752897907a99ad6ef6f79be7b0224ed6b320efa200fadcd6d34c3b340b87300a45353bd5988fd5116ca1e1bfb6ae91752b57f380

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 6bb434004e50da6c13c998e6cd794520
SHA1 fca58b2135805eb3d78a15ba6c32ae8185c93550
SHA256 4d1c37bd0d0ab6cb84dd2421a0e3abe55fe5cfa02bcda91e3f6e9f1b8dd054e5
SHA512 5f37c984dc4a60bfacb94efdccf7da18f0fb19ee507d5c1fc9fd557c497824c4f3555125d6fbc1ddcff8333b220eb51bac27f0aa758da9a75c9c2e089eebc229

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 84c2845d408d1f8e5d4aa88d49701167
SHA1 a341fe53506d744b32edc71c557f1deaf8bad4a5
SHA256 5c8f087c6b8905b92c30f16aa4c7c0fc34dc19c21cc099118e6adc02eb719fc4
SHA512 ee5c31b12bd3285a6e90394a6cfb382951e7ab4f2b5cf14a27de5a966b9351bffb2fdcc5e7ebd7239eee292bbe430217059c746aad14513100d7d604faa765e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2fd0b48f283ad2e1f9dcb3928c78bab3
SHA1 e099f0d7cb76081a6a4c622ea25aa6f072b50ea7
SHA256 9c93c9e13dce9d776fe8a84248eeba8c7297946f9b604c117ac7cf4976bcfe9d
SHA512 7b11727f7592234b89ef1bf13823a83b40a3bf4a928fd1f86c9b32919a0bf382cc8c97c8a3b4d6595d16b0dde62d7b188015e56260c37bba05890e799124707d

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 c673d83a6009e1eea83ed056f864fcea
SHA1 342e56096205ecf7a4ad137d2cea889766067200
SHA256 a5ff9c2e7c2fdeb670edc79e9ecd61684a244db2027da7ec192c4c06406ac6a0
SHA512 268b2ca54f2d06b3b2b4bc0b3276d94cbd25314d10c380b4a2e9d2e6098e20edc24a79f6af1e33f663058d7b3d6d2c072c64a2c0d0e97adb31f839da8b980594

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 d019645f61a04066643e1518eae31787
SHA1 4942be2c4645456ebedf41cc6ac3a9314cfc6f22
SHA256 ef9e79190077155738a50a7d5ea946b8c26c19b3341adc1a580c04960d60a253
SHA512 060c6b5e01bf98f078e8cc8a01590b829b94664bbfa340eb48312fdca86b32ba04f550eab21315dba3d593316560da49cd05216fc11bb2f43358593400cfd0ec

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 1ba24686fd56520db97578e1ff32ea22
SHA1 3314f26373016724330ae522bb8fb7715cb8d92b
SHA256 f8a9cb2b7693e91cf4ad546657766938f7a768005cad41dd09f3fad5fd6dcf85
SHA512 4be72277b184c22afd8325c26c686828d1d6531fdb652f31280e41ab37ae2a9cfbf2eabcf3339adff69aaf80f3968966b804710cac5b56dec0ca0c586788dec9

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 efa423005781111d7b327a55a37df09e
SHA1 bef2e331e11cd428bc5cae6c34c337961f5ffc04
SHA256 88900b6a9eaa0f2cc983154245515a5bdaa1d6f92b554cba6963fe43c1e250fe
SHA512 a204e5bae97c294b9a4106be4a7bddcebb1318160c242594f64db93af6ab3ddf0cea4e58df3290bda0a2ef1ad91c9888318b85778d836e6604559ec4f3d80d2d

C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys

MD5 4b2cc2d3ebf42659ea5e6e63584e1b76
SHA1 0042da8151f2e10a31ecceb60795eb428316e820
SHA256 3db4366ccb9d94062388000926c060e2524c7d3ee4b6b7c7cf06f909f747fc6c
SHA512 804d64d346b3dbb1ce3095a5d0fa7acc5da0bf832c458e557dac486559fe53144f15f08c444fea84a01471fd5981e68801a809b143c56b5b63e3e16de9db0d98

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 625e08d505abe0b3ec754c60af2f6f2e
SHA1 87d2150b0d87b2c5f47a2d737ce43f7e25c68aff
SHA256 50caa308d1e70cb12baa26acc2bc7be01c5a61c4dc40ac0cc322b760edd41eb0
SHA512 35ddebabeee0b4d26d9b52607a60e96421b7b5fdc74012840778a77960c11c1335a62c15823ed635916ebbe3a1522f638ea61eff377a043e0d1b4359b9527dc1

C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf

MD5 d87c2f68057611e687bdb8cc6ebea5b8
SHA1 27b1311d3b199e4c22772fa1b7ea556805775d37
SHA256 ff93773f55bf4a6a0242adf82276a8c95c0b244b9bc05e515c4e810c81a960e8
SHA512 4aa65b8911d8a2a0f9ef0ee6e934b94db0a9ad4c2ec543b5edcf21486be43f6ab1fda6617ea2cbb85eff230628c9fa8e7649da915d6de695803b28e55bef5819

C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat

MD5 f7c8e0339bd48b6fe8eca81ac3ba5ba5
SHA1 1369bd4dcfa7709d8eed12fa76fdbebd39dd6bcc
SHA256 a9dd01f84a075ea8d0b0968fd7a11720e49f019834f7d4fe80f50dacb12030aa
SHA512 c722510c40fbed32bcda3b5b69c590a9043e4e51f8e804f77f73eb8ea0cac0f4a587ef540f2773981839f04e44f48bbc8b5e8c03ded3f0cf637ed1e3172c8e07

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json.bak

MD5 8b1529d25391894082eb4704d573244f
SHA1 73760636502076c3bfd6689660aa07121f11b113
SHA256 6a63b0628268da5bfb577ae919bf77546cd5bbb8c2ddd529ec032b603afc3b2c
SHA512 1f4731e935891c72a5089848a7f3cdb078b824cf378837f3b56adc78863d002c1191db5032787f5ce4a48f7cda1858f634ae23c5bcc08cbbefc7e660aeb83996

C:\Windows\System32\catroot2\dberr.txt

MD5 c0862e91642698540fd258132f4c61a9
SHA1 33c8eca49b12f7292e9f1b8b0b17052e059381a1
SHA256 00427d64963f323e80b0bafce06e2c4e195ebafd1a4843588c5e27693aa5e2f9
SHA512 0fec340b70bcc5f98d708dd6107e4b42e846e6e74eb88b75db6f6e0c89c0601593c8af3718d31469c638733520807ee1489f5cc377edd29400684cb51d6627c7

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 0c597592d89911f50e5d9d8ce850a94c
SHA1 17a61be849ae3cea6dcb409519a08cb85ed7fbfc
SHA256 f6ace2782a4faaab811394e81290f92229e5e6c49278f151bd69b83437299e5a
SHA512 f466adb915ebb31e46c37dd322e11fccb9ebaced2489e092ebdfad6df2b0f85f6f366f63515381b688fd81a977e6aa1c9a8688cf44510c78f89cad90baeb1f50

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 5a6eb7f87c43200ae581d80bdc57b527
SHA1 056b2f3e03440056b5ffc2361ed532b3448bb294
SHA256 f50792b95517247eb76af01834dc4132b59d989cf417e81b49a37c53556d34d4
SHA512 a3d2f166d2c4087bb396e0bc054b83001d05069bb3c28470d3e6f2e619abe5bad6d7000df07b2ec4818dbaed5648b266f099ee32b0213d608c31cbbb4a9b7037

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 35c8ec09b936badf735cb05ec6fbc135
SHA1 6f80aa383a9f9db380eb69a2eb06971cb6aca311
SHA256 3a5057c47aeee4d7f22f4a858cf94a1b398a772f844f4fb6724117713289688f
SHA512 85bbd124263de07198798a266e783ad17f84f91edb08ad739fe3737a8758b28abd2ad860822bfe67f7cc9dd4aa90aeafdf419bd6524e97fc95d3ade3b71d416a

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 e531db42bd075e63ed4fa73c58fcc1fd
SHA1 58b0c6bacddc8cf10de482f358e254595a0abff2
SHA256 d5ed3ebc8ef0387f063c02d057b905f2e63ac0e6ad3cfa0e217c73f76434b623
SHA512 9cac77a6cc7e4d853fcca4420322f5eaebf100486e1cfe0d5e3637ccf22ebb558edb7b2653e78ca66a7eed93cc521c9e0440cb282ed6619e3bd0eef20d45a089

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 9849aee3bc0a3989fad2cf4332c07ca0
SHA1 55257dd8bb61d64b696726c34bc4773532a1a55c
SHA256 d125e2e0ad314c64d8659718e20344353a21d4394b03d4b98ccad612c1cd528e
SHA512 7437dcdb708331f27a945801857dbc62cc983312d8fc8bf47053b5ac024130d7b7aeeab053701f570ea224365f4b29d24f862d5135c520577fa6680b09021152

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 51c41ea26056d8e3c49a201b53b3557f
SHA1 bd47731344cedaa6121ea8433fa7f2c28fa757b6
SHA256 ba01a4707a2051215e45e0de28dae0a4801e7f62563b986c9d39be3718b52380
SHA512 b83aa428d0132f5cc5449adf20d253ce042fb1215bed8089871d7dd5a7d3fa6c7c7eeef335a6c6f874c975231ff1b7e263712a0fd65c391fb086d897c5be05a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3cda99706720805f8fbf6a0da927115f
SHA1 0190e375377d26b20d5dcb607da440131f84e95e
SHA256 6bb3ee15d5ac799c0c238a4a6194155e9806c7173c9aa64846b1e510a41df960
SHA512 d219b862b3592768df1ac425256182f36132ccbc6faf79e31396ab0b775a072708faca92639cd42c47d8fe3fd334ead09aed7c9e441c681a34156e59f7ddaecf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 62b93aba829bb2e341333809b6cb15f4
SHA1 90f876e332cc6d42b7e2e87b8851143a692adad4
SHA256 a9c79327bd99563ab11ec71a12e5b43649eb70be5e98ff84379e38b05f32a001
SHA512 3f18b4bf72f1342475c5918bed50e873471b1a84e9887bace44a4221e0dc525ec00a405feacd4f133ae440eb38688be29db39019eda97ce0a53979c69aab8d71

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 07ab2c8ccbbb5c4cd2a9e6bb2e66877b
SHA1 38d05597e5bc84fe716b8a1168c6bdf3762764b1
SHA256 9e0e981136a487bf9d0c56b9e7641bb10c6608dc0795e4807a6b4169dd698efd
SHA512 49102a915c17024f1f8732cc7ad2de7f11bedf840f2919c9497365e2ae97727e110c1904f03b5a15cc6e3783a6a75a976454839a3e668b12c73ca53ade9f120f

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 e4df91776fce36a1042eaf8330290c57
SHA1 5f893daddcdb3a30bbea285ea2a897316a69bf1b
SHA256 f8b6bab8bf69120b0062fb242206323f9e0198dd9f558021c04c026d823ef682
SHA512 91189bf916d7bb9600ee6490ccb11591cf787e5ffba36fdc8f782204378a9a8b1923bd70e9dcbdc0c6b402b2a52296b46f752f7a50109496f0b79169077becdf

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 0d15cd95b6faab168a867dcf092cf556
SHA1 c7f79e3388440281bf590a123d459207a155d0d8
SHA256 93b4c42473e168feeddc5dd50e631c13abae5a377e18e84e775a6eefb9a02065
SHA512 876f9e44aa3dcf9203288d58a2337c43b65755f9e118eba30668d4cee784a6468928a93e499798af4d45378c621f464d128839b9ccd6d464a7320bf41f5aaed2

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 77b9cc406d51fa6dcdabf5dee7facb8e
SHA1 7f51922b5b2f892cfe6af5e5f7ca08a553abc14b
SHA256 47435b32dc573cfb162656e6a094fc6265b98d63816d7ab20c62ce29e294989d
SHA512 c8442055efb192ca6eb682e5b9a7ad3e4bdd96b9dda335f50f81dab6600157b7ca3c2772e85fd9e97f7cb3aa09f6b7b4e28c7778e2beebaacde5a7dd07b36f3c

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 7f9956ae55fb13b622b8316a9cdb400b
SHA1 f0b8ee365efd307f71d3e563268090a3165be3a7
SHA256 c0a6774d0f8a3d3d5cf4b871546eaa39d4cb510b55c209321c1d2c5bf2f539b5
SHA512 1e1c3bc1f60820a09248e66bbdd3585ad601145ffdbf1564f8b35e0a2410ebb35c3a05c1be22236a802f56a37e4fe39eeb6031476e49f0603a619a4bfd570680

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 9b484541d564e1163a25262048d62b1e
SHA1 a7d88a950fe231256220bad25c28e93daed4e1ef
SHA256 b70e336fb58d17502b1dbc3ba87d1372757b9ff328f7ec43983c4605b72e5c6a
SHA512 96631ba09e13e16c154aca373a7c69c208f54dc1fefae55115d512cc4b63ace7f962b7503e100124daf90de7acecbebcc2ac669effd2a1d85e6c6f45148c32bd

C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json

MD5 7c9708356c1dc1039e7388055fb0f9fe
SHA1 34a6c0f2a4e7379d96faf69fd8b13e470556d06c
SHA256 685cbedc60a91412553efab03c3f92d81bbab9482adc8ee8236dbd84f53aac9d
SHA512 2870815ad4cc9318b48484cdc03e86f2131bbae824180887e7612331e4c157e77d347a4b9566cd7f31139c7989c3f651915d320cf7d56592b883908a259f8260

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 910ef6b60566e326f1169fa92703c76a
SHA1 f949f426286e86680d47d0b5de180592e6e796af
SHA256 0dadae9503997335ae1b0afe2db2672e7773cef77f89692cd15f7966a80d83d0
SHA512 e90924a20b57402d9dad39019717cbdb8cb8c40a9f9c9b4cc553be27c4bbb900b6c0f4cb9c2e43b127904b06919cb93867284d3ae0635bd7254de3b7e1a55245

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 2a653681f2226a613a0ad0a0b7695a20
SHA1 82f5688eb134e9b4001143f69f9135bf47f79cc2
SHA256 9232db81d3d0d8cb2bae79ffd3f5276ff04f8d95f2ba462eec7b66413cdb5989
SHA512 d8a833b27e7569b53316b16097bb60f2724804500dbd80722aef9781f5c8f9d2309ae052baaa38615cc2628ff6832d73ada5a03f39bdcf6660733498cbdfe414

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 18e6030c53e96cf689f916ab435a729a
SHA1 f2b825718d4c3a9ef3db134d6f1f17496b04d468
SHA256 db6c4abb140b8752832726058114606a072873e0c9ccddf754a941481fc75ed3
SHA512 0347bbd5ab26c9a4ce1681519db2d25068252c8f1d02cd7c41f209b270b48bd60c771cb59c2de403f4195a43a8dcaa31db8d777d229a2b5cf148441f5a4db939

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 5161381721a4a047e6168c7c806f0c62
SHA1 853cbb145b6fcfd00e2d91165f1e9bf9271475d7
SHA256 b4037d0f80f7850f40ea407c6baa044042fe2516866954095ce003a8a967f425
SHA512 6d9084c1e5b9315303d94d8fd4bae761eec6f85e75a82552764968f9f6af6e163cbf294cd775be231b895edfa020d8032391bc2826f8775e4c23ad41dde2800c

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 5fec942641bc27604103ede6a15eb7b6
SHA1 5e5fe7b1b943df241fce3e73adea83e92d812eb4
SHA256 d0a1dc086c2d86ebd68570f2c9e1a1e55802fb5c8299cbc55195fd6c9e4a691d
SHA512 6d91d4ca7aa716053081af308a8dffb34fc9e9aa0295dcb09875c2ea8d75badd49d462e3c878c102ac7f11857c1d3e55ade9064814f62f4494ea5b087220350c

C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe

MD5 2f9411332052e4536666cb2e01e0b049
SHA1 a08eed9612cb111dfdaa43c9e694091a20970926
SHA256 2ace23f326a49bd56a48089d740aa2bc12ee91098aa5b877202026190ceebf9b
SHA512 f11e68172c586533689863c80f4c40c06c7c392e131b4dd3847a223572b6ce1d4f3afc9d689b64435cac74eef17b13d5edd306b8f58efc6c971cbc808e04af69

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 6d37b6a0e7f0e1ca825b98be8e16f823
SHA1 51f430072f2330173c601ca5403172dedc2bf6ea
SHA256 b333f4337d856e152b030d335a03d6caf6c6175248730c2fe29ce61ea0f7f8a5
SHA512 e86f626de2fed24ef33c3be8d8c3440fecd1ba950ecb2ca3067835607a4822e540ba5e584cd1e51766edfcc610b7fe9c6c85b4350508f3a9067d8355f7e7ebeb

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 b830cf3370818b7fc8c8b828f3be5df4
SHA1 12fac84fec0290cbaf8a815354f721110cf40b12
SHA256 27c52acbe6f5729adf625267ae14b27b7c8ed2826d523e23fe4b74def19a9f23
SHA512 c4d916b8da3940225cd1df7806bd1cfb0b35198f6f03b554c46146031730d99f5834e860d2df56990cf6dac5c7d5154494ed4628e1788ddd066e082758c5d142

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 f2bb063f5262faf2b1d58fc1998d9dcf
SHA1 9e66199338955007c0ecd841b1d22b2ad472c234
SHA256 49f4ea741ef7d1c301e3cd5a291e594f59c4e89ac424388dc0ccb7fe2e5c86f9
SHA512 904f8ee749cf3f08200419155a29e0e8d75ac432b6bde9daeb55c9b625901425c6f031fa0855e9dcaf5344b733bc67de6dc65f3712d533c677472476a39f3a52

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 0a81c97014bf75c2c09d0843c42480e2
SHA1 3d6abcde5b006302c99ceedc9df1a96a5b322775
SHA256 b259fc28b47cc4eac9cf0785371adb0f66b07a0c23f14dd9ba90f525611f7a2c
SHA512 4a619e30592766f8f7b70467503bcc5d1f83dfcff0fbece8c3aaa977d75bf0505bb02f5f853dc32518f53b74f6f99eef4b32b7079cfb86c33fc94d3aa6a512de

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 eb92fd7bff7a733054bcc0f06cb2e721
SHA1 639c3df8b5b99c076fda54a7a8bef1131e5a3191
SHA256 a4aa1a732e16d860b98a6626d390549afcb2546e29b7c60f56a872e856903f8a
SHA512 d63aa1b8e0db3d7a7e1fdc9edc5370116a6969bbac8201d1c2d0401f6e4eb6bffab9bd5e999418abb74ffefd816aee5eb4d5f350de4b49b20afc38139eff9a9f

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf

MD5 5a9717e1385703e8f06b27aa10a69e87
SHA1 84ee67a9167b5eb6560711b9871de98898ad07a5
SHA256 47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4
SHA512 dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys

MD5 262ccb223392f18adb4b4c846905c4da
SHA1 63403407fbe1712a4bfad0a74efabeba297325ca
SHA256 5d2004603e3b392693a1e74926a36a2ab3573c6790b00ddb14564c8affbd4f4f
SHA512 68b2684b9f0a2e5e33b76e43ac4b25b8e7d3dc3d678fc3c90d70ec5ee65ebdd884d838950fb4bc5145ff927e25796d2e6e97ee6bf365ed4f66ac7f7ba8f63b33

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 b11537aeb13e1f2993d91a6814ff4235
SHA1 f9d1389fc1bdd1bb1b8fb30e8768b301e0930e1a
SHA256 bd5a2b72254b804074b2272dfc94c981d77688ebc17ca31bcc6528cb486246a5
SHA512 06297fa210624ac9dc4ecd598bb91a851399d2ae61db065ef7ebb42152d7c72c3899f8611514ac5b56acc345e6fa90ac2f4247078b168c0778557e93c29d47a0

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 76c3aa363e7ffb2b431e4e7fbe842e59
SHA1 1683c3e86fe4dc357da6377e1f3f997844904305
SHA256 22988325e5d586a32ce7444f0e4cdcb2284e1bb662c55a78c9adc2a19d754890
SHA512 8eb24f00bb9dbf7e132bf36093a2b8a309773214e4c01303df9889bbaf367a1cd89b2b2541498c9333157938eefc08aada843878d103ae643b5063bcb13eb1c8

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 f4a872f61d8e7c5922b38f310dc54c4f
SHA1 dd134e47446c20ebbbafd9f50dc8e4322cdb66c5
SHA256 9d728b2e6ed9dc333284e4cfea1a31f582a94bb6aae804426df809e9fe3aa0d2
SHA512 a9c1eea7775fd9dd70934a060cf9a958393f11ac1fe2805f0f739a10da3878318bfdbb022ea12df8f35e55fcffc75eed7cf1a2fd51132d9e9c19958e626b10fb

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys

MD5 d738a028dcfb7d1cf97e9fb11e306db7
SHA1 77f4d6a79e1f2754a2e93095158d0edfb9a6a5eb
SHA256 8f38d2a0a8e306de910bb621cab4276520aed84645de942538d0a9c792dd0074
SHA512 c753a13767c8460823851a144a2a9162168a1099664ba601d0a929d539ee15d78123ffd86cb6225f0d7e6f52f40b2c444705da8bcc1292bb6c9757732b82ad94

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.inf

MD5 358bb9bf66f2e514310dc22e4e3a4dc5
SHA1 87bfc1398e6756273eee909a0dfb4ef18b38d17c
SHA256 ff51780a5a854b2c18f71ae426cb066a13723ef6155e24f4910137c9e8dfdc17
SHA512 301ec5ec5c0813951843011f2204924240235494999136ea30a557cbf58146fc6043a8866b344fa7deb927d7c83d44e2aaf45adca7d221aba5d36715b9a63e09

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 f85b777638cd3f5b84197038a63ecb99
SHA1 9ae61c6dd7fbf5e15f9bc12ceb8126d9d2f707a6
SHA256 d0f385ff8a2ec2e05695e7ea94aadbb985fae346228cc81188cb2a983897fea7
SHA512 659379d2907decba73f46fb4033ac658cef7f0a3ebed78b3d302914d717ef34dd0113a22cd6c0935f91496e3ccdfecd70c719e678daf451062e75d78c0bd6a8b

C:\ProgramData\Malwarebytes\MBAMService\LOGS\mbae-default.log

MD5 a5346f2ab50061407eff322dcc6cd0be
SHA1 bbc0ad2b7e456c26fcb88c653c51f398fe8d441d
SHA256 129e9a21ced726134971662f78390c1700aa2d9b2083fdd97a4e12f490016231
SHA512 c9161d8c3ff1d040805647dc47d08b7e0ba95b5748c96802926ce2bd49a6d79d1b548517570ce1effe790f7109d83990faa39bca47d16d425d67e954b579b892

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.cat

MD5 43af9deb38e2dbd69c46b6befdbddd6e
SHA1 eb7a9e4cdd74f0cc5a1ee07292a561123cab2545
SHA256 ca94b3a3b8721870a0b96675649800bd751daadc0391cbf3143e2f7aae6dc676
SHA512 9947529cab455151fc1ce09828ebf195de922b41a303c12f33baf5670729b533cadb28f360301f2a0ad14f3c7315ba90955a0bdcb7828ec1920b349fada2f518

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 3212262ec1ae570284c93cb6f2cfde1c
SHA1 456bc4dbee7b8d9c1a9b59f19334611998189846
SHA256 c8a5b71637ec519c20b39133871f6766cd99313c12ea2e8b33e48e70ab438a6e
SHA512 de77415ada55888b1fc9ab319e1426e9222dadc1b17ddfc3a8dbe51a66943315df5421cbe43e649f4419447ba312ee7c0b5e861d7516eb6ebf87b8e75e0dc8a3

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 54f26c1408beb9c0ae5adbbf31f7b0e2
SHA1 55a5dece2c27013323fb7c8ea0218c90e5e8c886
SHA256 8e67db9a265b9a2e1ca9130b5da0932e350ed600db50d756f92c65e806c2598e
SHA512 bed73f999795231b10db6922c6a03d5ff702f6a06ce9ae3bb4343e621a7c713b9fa3b35dca87fd55f235c4479fb2c37eeee42a4f043f4a444a1b74f6a91fdbff

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat

MD5 1cd8abdaea3bcd30214f01046ecd450d
SHA1 abc8fef03a274dcb9f15c17396e9f0af85a0b0fd
SHA256 cf981ad0b084c330fbfc00f9e559404c6731d407a9f004ce68b50ecd7abe7425
SHA512 a04f2beafbe2311a5eec84f8ecff16db1dda864d420643184b0164aca9958b679205c3ab23bb71095d710f45dc4c3c51ff8b267c36a1ffc768126b48556f5f86

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 66f2ded4bbdcec246fe66fb6e48d419f
SHA1 1888997c498cc5ffcbac43cebb2c6fb1067f5ba5
SHA256 6d29343a1aa49282502d1cd890589e7dbd9a788101fd35642fe03693f3b98628
SHA512 7c07e8ae2f0006cad981649cb980b09ba9986a603c62e5e9993509b834b68c9b72ef5c812dfe2342124e2f6b7b7363ab196ce837396a68a2a61ae491073e4b90

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.tmf

MD5 68ecb046a9069c74f09ad967d69f599f
SHA1 6d58724c81e333a2b0f9b573e10fd677922ecb4f
SHA256 4d0aeeb79a3dc56eb947f78d83869822459fa335daad98fbe0cac6d2e52dc8d3
SHA512 86f1cd8172d600d34e8da12f3e367ca76a17995433f3a1b733213efffc7d73edc9277ea3c2eaf2f390d9d4cb933552216b5b206b1e4fadf2b64af4af250182e7

C:\ProgramData\Malwarebytes\MBAMService\ARW\mbarwind.arw

MD5 31f4ed6c2077a6712cfc2b27762b580b
SHA1 57c68266fc9b49c5d7dc62a15eb6636befcbc84b
SHA256 1ca6574269eb2e6daa059cec58c5e999fc6345bb8a93a7b3e22fefd34a7ea8b3
SHA512 13d9727a694c88fde149517beb4d16938f328486065b9d491151b06855312cd0b5deda67a2ee4ba85280d19d7d6b648bf0b6ffd3ed9cb346ba9ed0cfe9ceeed6

C:\ProgramData\Malwarebytes\MBAMService\ARW\ARWFI.dat

MD5 dd4ef7316d95e13b6a7103dd52024b93
SHA1 9436b99f47c511bbebc41110376374595f549ed7
SHA256 f690fe1d30df5e2546fc15b4e3e9536a0f68a784c17fb6ed756a4940a37ff9e7
SHA512 baf7d0e0760a266702a715506661a91c2bf3361840a8a0fb8bcce11692588f028d3797e1c7e4f979e9cd73dec2789199aaa079356f68616c778ee68ea1444637

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 6aa11a94f99c3a6f91850abf15952701
SHA1 fd1d6f4d4be463cff75c310b17cf227b0b99c94a
SHA256 bee9762fbd1664c7509746ddae409ca814f405a5cd41f6cc8924eb7af27781cd
SHA512 a3aad2e43af22ebde8eef2f2889a6e26d0e92e8479d5586095321fcdc3542949a7f57b18d0b3a032387676449aa4fa17531b02c20de46fab6dfc80a8c8d15c81

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll

MD5 b50220cd3cc934f043bda598b97cb23f
SHA1 d3a5c1db5b541901b76d7352816dae3edf5f8b01
SHA256 54248046bceada4a81c064fa3ae707d8ae524b9aa2f6c28422200ca069c830ce
SHA512 31de89791161853ab7664f9caa8161648e028ffce263cc0de566c0f90e470154191b9455fd832024a634c334f04b7a4efa3a965291c2fe7897ebd7dc326cd559

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 cf4d9d898d8e4cf87be260984ea294ff
SHA1 916c7105a65e47c101ceb0696f2b616c20119933
SHA256 74b0dc2bc99eded45521b372baa16cb4f7d9ce1907372f5b53dc5d52846d9a87
SHA512 af74ce4df71ce819c03c7f6716acdc400ab3cfb9cf1445a2124400549d625439cff17f99ca067a92934b129fdd6dc89df89a2cbd48cad63c45deedcf9f197493

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe

MD5 36e7ddef62ecd97494fc427e4d3de04e
SHA1 7df38859e8ccd668b3a7387d8480890a43dd2164
SHA256 180aa4ee00e11f04856e3d38ca7bdc523ea3a61333bafd94b7915571b6195131
SHA512 f28a37e9ae135a7cbd66f8e82e4ec0cebfc15dfe798cbd542c3b33ad56815a177460b039a61a762697e78193f8649354d3e297769f7f5ce7ea4adda24ff8dc4c

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 a14ea5931c499acb72c56a375222b166
SHA1 f5f06ab1794d126288e1485eb87a0f2678896a4a
SHA256 b75f2326f3c7c819304a0c82dcb45e58e72cff1980361597d1a3ddf25281fe42
SHA512 ecc295ad61d240441e2af1923db3f1767e142df1209f2caec816897c0fc91734dce930026c74ca7d5c8db79e38eec37e0ef76c4bea8ae3e0c1f217d2fd61a936

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 7a7ad97c305b994ac50a083d16b2586d
SHA1 34252b8ae66b3c43ca90b28f7418604a0ab45c53
SHA256 9deb76ac79ad1edea8ac35797c35805d10c2c330d90eb70ee1b0fe8d6a2699ed
SHA512 ad0ae461538a0f496d2530cad16aeaa0d562df37874d9582b20ea254696aa838d41ce159aee657259195f488933a5d1ffa04cae0890b60c224428ea56cf51fae

C:\Windows\System32\drivers\mbam.sys

MD5 113e213914c40631aedef185984c5629
SHA1 57bf886bfe1e4d765ea43e4c91709a5c4a9a024a
SHA256 d314cea3ba19c49342763fca6b64a33f12d730a8fa531ed9f7e75675035ba004
SHA512 76d7286963f28430d8a9bc3b59adf209b5fceb6a5248b7be54c60fff0b931ba2cf46a779f7e66008baa0853ad6ce55a4b9dd56e33574230d1e2588f7679630b8

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 745c6e6a66a3fa0dabe3da506212388d
SHA1 d234201b587b7c04f14da67e61c76ab697d19446
SHA256 848f2bb1d5372da58a6b56dc313f94142300af02b695c0477dab8e72e5bbfcf4
SHA512 557072e1ef0109785cad36cdf029856146041081dd685d067d5513438b92a1280702e63d4a48baadadf127622063aaab30c3c31a06624d9e77a58f03b2ab7d3b

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\expapply64.dll

MD5 99c8e47d747b36be8ffcfdd29b80dc3d
SHA1 9b8e87563fee31abf90bded22241f444b947b071
SHA256 0db4dcdf3fbeef2c4d18555f479a28dde3d67ee6f0d27c18925207142b7a38f7
SHA512 f9cf4ec06585c6cde57011884141782bde83adf186f57f75576c8dade1e868d6b886daf8fa15c55ac908ff995c4b6323c3a8266dbd664b807cd67cf788f7074e

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 fac92153362f0ffa0648f7aacea5ba7b
SHA1 63c8ec32489455d3dd9a8f651ea9415d4736ebc3
SHA256 45f63791d423b7b49de00b289f50556245ffc6d27a7d4777e784e6c7774847a8
SHA512 cb505eaf345379676226f8e3771247df3499e73f2002dd8fa138942eae29ab576515d43ec17a3b468c00073e571b3e2290bfa27d77beba588d30ba87ade44225

C:\ProgramData\Malwarebytes\MBAMService\version.dat

MD5 5469af8faedcf13c53352bfd154b9d75
SHA1 f6278c8e9de5127c1ed80017c88b5cf0ab184927
SHA256 68e40602c5c5ee030e9d682c9f1b86cfc236ee017daf36880b2f0b80c6b4eef0
SHA512 c51391d32158c6b54a99f19365cbcc27880595eb34dc044735928edd86bed317d830cb0d88cd805784ff4a9e6fe431a626541494510b356fd0ae689355d3a0d6

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 78ed1339a66d9078d815e512282d120c
SHA1 a8236f7c30eadbd9ccfdd24cfe987aedc54c6351
SHA256 5e84a03ae827c6160d11e96fc3869d95021090dbb277a049f46d74dfcaae1bef
SHA512 7022e764be689e08910ab51cf41a0b777d9926245e0ae0543f50ff7f13c2417a2c823b8e3a07c15b05cfe672e82b97d7dbfdfe4c8c630643afc03170073e5b70

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\21EA03E12A6F9D076B6BC3318EA9363E_6EF0095DA824AE045AE9FC5B645DF095

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D29.tmp

MD5 804b9539f7be4ece92993dc95c8486f5
SHA1 ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c
SHA256 76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b
SHA512 146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 ea04eed3cce3b486b67a60b69c1323c9
SHA1 3ecfaa29790d3799fe7ed62e728ac7d989340686
SHA256 a2c349f70d1a14de7be394e6c8b8bd04d44c46f5e5c73cc05946fae8a118a9df
SHA512 093e407da5e2a21eeeab3fcb4e832fd400a740152544cd0123b5f0ebaba4cfe84f2592d29bb86061bc31f315a09e56c98ac088b004e1ddccaf4adb6758fe09e0

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D39.tmp

MD5 bd595b3723fb355859dfef5a67acd71b
SHA1 9c16242e3ed8133d4cef3898f4f411bd80d1d2e9
SHA256 0f2eb6c82bbe361c08c2006a67fac9eb4a4500cfd195494ba5506bd1227739dd
SHA512 7742211ae76bfe478f45db628767012209a39399e37c8d815953b0dd0b683f03f4f7f867851b9e90498f185855cd12efea183bc4c4ef105009d688bdf61942bc

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D40.tmp

MD5 991d7a664749902509363766302b8eb2
SHA1 f95d93d8df5586dc933e74a7cdb8bb60e6fbd278
SHA256 b883a611cc068b7b444e799286659e6877a520d2e67c4e4923a17d184cc0a19d
SHA512 5a71753a369bdd229a9c3b602f885f2f6a80f3284b2aeba0aea8b965268e5c0b24da13ce6c3a5805b5fdb0bb078dbe5b19f6d0b63e1242ba86bc28b851bdeef3

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D45.tmp

MD5 426ee96c44cc4083a2d93f855567c5a5
SHA1 f348d3541effa1c7c3482eb53edd2e78f1cc94db
SHA256 1b8c11c441aabd7afc28ffa073ecf3b9e6a0a275629c55d62fc131dd44feec22
SHA512 0e8583f0c459a059981a68c5b555dcb53b8a4fd7feb5a8c745eb62452cb14aeee40b1ccbc11d16f6fedc18e14cc61e505a3874c802bf476b997a8b5dffd21cdb

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 aeee0325fa8ae4142af92980a3a6f54e
SHA1 bd6d0d6f25d5f990463d10cea4009e810a318725
SHA256 5d120b1e01168ebd9270b8821f0354fdba9cc5435c2bcf6392f61041a7219641
SHA512 b5e5e8e4208cde6a4b0824baa11775dc6549c6ab2ed7814ef92a81087f7ff18591c776243848993b31b84830cb17c67855484160093b8feb0b48919fb9775d0c

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D4C.tmp

MD5 b5d0f85e7c820db76ef2f4535552f03c
SHA1 91eff42f542175a41549bc966e9b249b65743951
SHA256 3d6d6e7a6f4729a7a416165beabda8a281afff082ebb538df29e8f03e1a4741c
SHA512 5246ebeaf84a0486ff5adb2083f60465fc68393d50af05d17f704d08229ce948860018cbe880c40d5700154c3e61fc735c451044f85e03d78568d60de80752f7

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D4E.tmp

MD5 cb68fbf062696fff0d13de9a4d9161c4
SHA1 7c7f0528b6d2a3541172361e8d45ab1b7c7ff6cd
SHA256 4c9fae552128d3deea855a9963d45f6696a79e149282c737f82ea88ac24d787c
SHA512 ada1210a9079db81fb8845d4f9cf43bd20794dc39457945a4899129a1f340ca69a2f7cf5f39a27ae01a3fe3b50d248c05dd3927b14a52ae4a2101d4093ac37db

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D53.tmp

MD5 64926c3fa660f6f0dcb738335e61ec84
SHA1 5d97bd9d0f2c61b669730f872122a1a42f7fb5db
SHA256 20fbdc406e0f36d1320a44e76f0d4881b86cfb18947a7f8e4e7acf8798a1534d
SHA512 0cb4197a817699a2ace0ce6a3bd1bbd825bda72c2f29fae0a8bf234a8ae849a6e6fc75117b9fddc4ccaa71f6b18cea64938d0ebff7277f9aad712b25961d65a4

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D5F.tmp

MD5 534a9ebc3d4c9d033fd13ae096f23bad
SHA1 8972cd13ad8e8f73cf98b557ad6ebb7dd6e47409
SHA256 cb961752279789d0ba9d316782e29bb6df37328db456e9c16c5673074058cd77
SHA512 7677a3d076a549529a669690c46038547168f354244bfdf694e3b9a5b74e137e5367a3aac056c6511caaaec4e3777977311fcad4183295bb33c8a7ec1000d298

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 4dd135f2ea9b48539ce8b467d089d9ef
SHA1 f463e23092f1e49a78326fcb8e60a1893899a790
SHA256 54cc34a438d195740beae60b3a1dd297b4f84faa5dc64637a48bdc2c05b23e4d
SHA512 2418056d6328a63a9304f3101d2e4abb7161c99e29ff552ecedc1a35989131600f1bf518a719737ad0fbfceeacf138037fa2e08a149c5bf48364aade84beb8fa

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D69.tmp

MD5 c22c19a782da9f0a3309643df6af3dd3
SHA1 5e7b9a3bed49661262687ac2b76253acd4e2ff0b
SHA256 50de94da6a008e3a421f10841284af3340e6bc2fcecea453e237aa2d4522fd3c
SHA512 2da8fd6441e247ed13285a979d592cc14e55e717d94ca06de00c9a473603933ae0474e325f7166b02e63256957213002ea7791609593fa803ee9b3e9183debbc

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D6C.tmp

MD5 48218aa6a473255fe6d47dcf3f0b7d6b
SHA1 65f9f03c3131da53389e3250a255eda418f18fc8
SHA256 76e459a20b870b91c42f525155ba94e8e2aa0ce82c4da46bdf2386321f6378b3
SHA512 bbf5edaf94bd8356dae4bfe63967c75044cf03c1844a67628f5b30e70a0d82dc74340466147614b48ffb48de25326bc28a2f366f776f9fb6bed98512aa275161

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D6D.tmp

MD5 c766f0cc2a1fd0ff576ac55ed99de0fa
SHA1 c197e48089ac18954e28d5ddb9f1a4f5bcfd0be1
SHA256 f2c36524bf323a247d1dd01466db0dc1325f696055544d2205e0ca68ff2f23a5
SHA512 67b358911f71c3504cf5488c976af09719831049fe0d656958f047798446289e3aeef95b00f7e6758246274597736fac690fb0447b09cb464851473438f7ce3c

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D8A.tmp

MD5 0829f8756a8178dddf0909719ce0e950
SHA1 b96beeddabaa989b536e3739af3c8e765a1f604e
SHA256 b5eee13f5f345ed1dd1e01fdf9694a25a3fcba2845bffc2720ee7895facb4271
SHA512 45f664bef17e8f0527e2cac0a1aaf1166dc8dd2ff200db046a2ce361f67705bfcc31faa8b81099149bb54b27988d1c729a3d1e79583fff426791e7063b49618f

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D91.tmp

MD5 5327fbf6f3ce7dc1abb2709d177f436e
SHA1 f2618215606259a664024b170025aae65c3a27d7
SHA256 07adbdb09f360ed068d2d3f96083faf036988d2cf57ff3f20e2abe3bbb26e336
SHA512 e6d869c848fcf833d021c9849da6035b37fec1206f15bd1bb5c2b436185ab99807308d84bb9eed30f258884b26b0cd496a60eb84821bc1c689b2d462f07de263

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D9D.tmp

MD5 5b1802fd3bf10043529b7c674e2a1c9b
SHA1 e98281e099463034db606a062994adddf814f463
SHA256 2da0385efd9709f95059bdfbbfcf746d502d820fcff165f01dee4b3a77cbfcd2
SHA512 1bda98cdbe102596517f72d198d3ac3539a30b675c1379774afbf83b63ac81c641552036e2d95ffbc6fc4a41a39b9be62cdc014b9ecbf9e448a370354decdff0

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DA9.tmp

MD5 aeffae9ee6610a1b941cae781422a177
SHA1 23767efd808cf1b0a19d8a4fe19998c74ad1e4b3
SHA256 2cdab1fc17ce70595586ab91b87c1c4b2dee7b2b462f180f22f4682fa4ddf4bb
SHA512 187c6a091fc305323bab2c1feee6e71461b06d13f93a02c8afa1850505d292f7ae7362d8e13c96c5b8058e8e246c28f76185f6f9f76ae91ba9b40514f069f858

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DAE.tmp

MD5 54dde63178e5f043852e1c1b5cde0c4b
SHA1 a4b6b1d4e265bd2b2693fbd9e75a2fc35078e9bd
SHA256 f95a10c990529409e7abbc9b9ca64e87728dd75008161537d58117cbc0e80f9d
SHA512 995d33b9a1b4d25cd183925031cffa7a64e0a1bcd3eb65ae9b7e65e87033cd790be48cd927e6fa56e7c5e7e70f524dccc665beddb51c004101e3d4d9d7874b45

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DD5.tmp

MD5 d043b5e8ee377dd8cc6191358c90c99e
SHA1 6ecae3d0e3d417beccc35a6f4d08ee58d7d8c958
SHA256 11952ffef4e3de7b54be8df81b40fbe905fee5f7188cbdc43ab9e203948cef37
SHA512 6f54841493e3b5168d544e17f477e8586f68a0c2617397eddf027ae4514d805860a839a2cf352fe92b7afdca9c55893240fadcd27a455f7eb026c8556bfff423

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 a481e1c18ae56703b1f0f7775779ffc3
SHA1 81f10f7503fab629cd0ecf75323f2dd7530af3f0
SHA256 b21974f5df1332129e59965d8c52cb9fda5098460350f2eb267c6e377a455e0c
SHA512 7b483b737fa80c2178fa9fc9cffc3d5a05d1ef842c6cbd0ceea90a9cfa300de054f8709364aa029375aa4549225666a206c1747a29f186a4ff35566f5110370d

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 d6791e2d261cd5ca365c34f83349af64
SHA1 1074cc91cb20bef526fdd02b58e6760fca199e29
SHA256 20354549e46eae7c350877489c0920bb54d1936c5c12753446863476d01881a9
SHA512 72dee47791b8818f63f4f9d6e90f781a2cc1ba010b654ce2fda5ef84acf3e3c9a6a5e405da13760845f3ba7151dc28cbff62dead20e8441e0a5986e5e62da798

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 1d3dbf22548e3c512f9853a4e1552daf
SHA1 ce0bd5ba49d089cad8ce25dfa246c55dc8148b05
SHA256 6abbb977b060389f4e2f60e2d0d4921f1c495cb177336e7344d0ed64516b970a
SHA512 9aed1dc71585b0f091d6f73d0c8a85a23a1321017ffdbea519c1b726f2d5b15e83dde5895bc9d734a2fcc822550a9a772446d0b93968bb9c24fb929b8e5a0436

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\8eb878fc-d366-11ee-9d73-e21b3e6fe26e.json

MD5 6825bead7591f81d85ee20b3b079a5b4
SHA1 fd642f56b5097d31e79ec4361ba5a26c7a6d65a0
SHA256 f2d068c2eab31d4c0a883449ff216bee966491ed6f9e5acaafce7c7fcc7a4feb
SHA512 4601e32f27bf9582555f979901fd36d73dac9862694bcc00b0083edfedfb9a12f0bd77cb7c3b7d0d4927c783f10d2f00cacbad9536e2ccd8638da12975ecf652

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3782686f747f4a85739b170a3898b645
SHA1 81ae1c4fd3d1fddb50b3773e66439367788c219c
SHA256 67ee813be3c6598a8ea02cd5bb5453fc0aa114606e3fc7ad216f205fe46dfc13
SHA512 54eb860107637a611150ff18ac57856257bf650f70dce822de234aee644423080b570632208d38e45e2f0d2bf60ca2684d3c3480f9637ea4ad81f2bcfb9f24d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 58670ac03d80eb4bd1cec7ac5672d2e8
SHA1 276295d2f9e58fb0b8ef03bd9567227fb94e03f7
SHA256 76e1645d9c4f363b34e554822cfe0d53ff1fce5e994acdf1edeff13ae8df30f8
SHA512 99fe23263de36ec0c8b6b3b0205df264250392cc9c0dd8fa28cf954ff39f9541f722f96a84fbc0b4e42cfd042f064525a6be4b220c0180109f8b1d51bbdef8ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b3a6876a361f0c55b0c88bce338c38c7
SHA1 392a15d4cdb638162171fd51dc264c2a80527d89
SHA256 9715aeda8d524fa1a4daf7fcf984ae1b09c62fc27a3d53e3a18d667ae776071a
SHA512 c1cefeae52367b87f33f910268bb2c09b44c7ad645f37441f2b5cf630f7e86b84b59f55486fc0486af7635b45bd1a034e31c37774d17eb6f28802f3bd66e32c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 3519dc5839dc44aaa021e2240117fb04
SHA1 a5ccb4e0bb8c35ac26964ec87ec62cbccea63d28
SHA256 83aec466cf94187841d20de7214f5d9fe336d9f5bc7147144f5c215e00a53ef4
SHA512 553122212f8687e88ef284a8fb7e7752427d0220fc8c2f82430ee3562ef0a831f08678cac68527a75c94f4b039a09cb9b6c1d56c28ed227b0c38967fd7c6a698

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 81dfc6bf5a8f3bedb0bdba9f64151303
SHA1 00c00feb7aaacf3ba50306548c153eec3faf89b0
SHA256 2d91e9cf91141f5006e99e35bcd608cd95382f327227d93c7934e50bc50d1c6a
SHA512 2e2120c3e010623535028a87e65c67c32cf471b6856bfac8bb3783c474ff697b03b180634f602a7c0b3952cac1cc9f7907006a9453c305129f2aeec71be00e95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a901ae9a4f80cb69cbb92f4af8ad8611
SHA1 69b4878751cbec7fab24096ada31edae385533c0
SHA256 f2eee88392333976ccf6fc2dce69314c708bb85f620e28e72ef063dfc5faa32c
SHA512 e084c0dba49e121c9b03d74aa065150d1ef18b2f4fa270972a6d997ca066f4975745b59e21b2e72813a668c87e0c33f9a946ccd690a150bce56fa201376892e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 174f2645da0d0443b00c19318a18bcc0
SHA1 649734ae3e5103512343d883cb3937bfe6b64818
SHA256 989a11b06d7101095f2021376dab6293e8074b3df67ee7a218d8bb83883d00a3
SHA512 b422f87a66f1fd724d621048ae67fb0c1ebc1e6d4b157adec009ceb4176cf7c68852987bbf19352d6624669a5fa9cfd1c7b6eadcdd58c28dcf47d108a3f2de1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ab7b63010ce60e0557cd51c968d1954a
SHA1 dbaff5ede0f24621fe722e9aa996e6f51dca7e88
SHA256 38e8ba2a0f0380bf50ab152f350ac93f88af139676be532f6121e9065a070288
SHA512 f6a3ea2aeb7d340bc95acbb7848c79986cb7a2dc8792c9146b67412aef07ac7930d3498479fd72336f0c4f32dc123d4e5143334d7a29121946cc5048ddc8e2c9

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 910d9dc3487ee42706922ff156943ea2
SHA1 4bcdbec94656721c9f9e2a7da4bc68030a452630
SHA256 d5b34eda92fa05f7d78aed4bab1c0ca71b893b79a8802cece24067c446f0a78e
SHA512 d7a3fed79f4a37115a5bca3744d3f0923535987fca4160014848967c29caae7373558f236e5f6137d86c9497901a2872a13116f40c54ceacafb65f3580bd42b3

C:\Windows\security\logs\scecomp.log

MD5 544bfb7a90d9d04abe68eaefc98f82ea
SHA1 2038df0c05ec6b887455d39b4ba19f78f3144d31
SHA256 410b4db14ae87f79e7c7d9c1cf5604c05e78d97087f1f9a578e7150317403491
SHA512 126c3061bf67d3694bb06cc9efbf3c606017dfa8143bf8279f69d7d7942a9a8cd966246ffb853c13ef01545728c7580397e2518e380e03ca946bfeaa8dc30ef3

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 714d05e6407de025ac5205c20a829741
SHA1 9694c38b532ac32aa8284ee04f2d44ab379098a4
SHA256 fda0b34dbe1cb24a6dc5877163a28f4aed53f009d197ba7627d7c45964b3bb51
SHA512 8b26fe5eb6b7395dab592253f41b67fe4891fb88be2426274dc2db41afb50f995163de9788f7d38011f74ee6226ffba079fa94450b32e1e6ca91d205d478a8fe

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\8eb878fc-d366-11ee-9d73-e21b3e6fe26e.json

MD5 b15ce7ea3293f2327223c5a1f3761fea
SHA1 a27e102d6bfcb8b0af41b89b467ae2efa82a0bf2
SHA256 d0732472d13b6dfc0c3bbb24adace2b39c252e1a4940d0401340d71158da05fb
SHA512 54e26ee4aa3754dee3800ed3ea89afe8c8b7ceadaa158c06c72a994a83d0edc164e3699f08d6811c1fe0865e027d4d2c5fbbe933b8a3525f2b9546f7f3863419

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0d555f014bb8e786a806bc07484ef719
SHA1 0210db8b3cae5fa112103a12cddbcfd13f396c1c
SHA256 58a4da67ddcdb2a8df0a5956e1c8c5bf52baf2a883f7271255d23dfed83caf9c
SHA512 2b0251c8f6060097c317954eea00c3a8a92d70065c60baf77ef07e20c87899b598eb894e2efaf8fc0de9e162b56916ccae542ee2d427ad6b901453981ebad33b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4d9626d24dc5cb7e3752366fd379d42e
SHA1 5cbccb404caf1daff0dd3b02d6dfffef3b55fc1e
SHA256 550129c1788c9d1db6e8cf870164d7c7fd7777e9ae21ae12ed99eeaf1bb0baa6
SHA512 89f799e2fd48660ddf38c943149ec20ebf41206e4f1121f24f852fe7d44230c961170a14e1c90500f0e9842cf668d5616ae5505280d4856e1196a53ed97dd68c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d514e4b9830159d5a400bb1104b76984
SHA1 97ff0d53debf05aad8eb0f020a07bfb0c2d3759d
SHA256 931530305aca00be0b456252591f88c8257d9529e8716fd5cf3087b9a0190d03
SHA512 68faf3734b36b6a7961e4af292d63b071a4dbdec2d912e96d92596c75b0f14a1dd42af1d9b5c535c24b85a1fa1db0b8ccb813609964c60f6eabcfbbf2c3cedd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c787b259e17a8f8d789be948dc2bf61d
SHA1 5353e82446dc6f855c89ffe22ca57f5b7becf251
SHA256 7617debd3667b9c7874d580f262ef84eed50e52dfa22cc1ff9181237c8a1c7f3
SHA512 3f9998c1cf5254abec01e7b95a94a0ccb71d37463b5f21cbf044421f5b30ac7b8901dea2b58389c06d27c193aa0f30005a955c1782021bd4f1ef64f2553cd3fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 436cd91fc0a83547f437af647b002621
SHA1 01f83d3a6649d0d6c4c852e204fc777cf4665cb1
SHA256 0ba19e6906f1ced1dd611acda44229adbc051a7ae0cf53a17f4dacbb59ae7ded
SHA512 40e4e618232489b62547750d0baea5c117c2797c6b9f59c153ce82bd20f84866926f61f5e8d5c108e1f8953fd2bcc80d873f5dcbbe6bd5dacf17f54effb02eb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dbcccef650446c9bd1009a96d779fd65
SHA1 17596cff4c6295a79573553050a5b92fab7868e5
SHA256 b46df9a64bb17263f708ae7c10456a42fdea8bf069f3ab80539cec1379fca5e9
SHA512 bbce00c5c3a6bd637e4ca46147a0d10e5a1017e486075908a6a00d615852fabaed305af6f650bad32a82341483bebb0eabb99c047fd9de7e107b1833c7a8a2ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 52592198ed2a34ddcb2da59fa727b752
SHA1 aceb48e3968a3baaa32059526b1c9d37926280f6
SHA256 65ed24f52e9057d8871decd26d0228217486823f86b11edc1e66923a226484b4
SHA512 bf49b03229391914c0b19966abb4cb3d9fefa7d4100cdb4b1232f15bef24a281e7cef9bb5bf638008502f495fb6b4a7f8da2dfb61e0f30f5ca1787bdd2a7b52f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3b869adb642949ac1ce94650d272cb2f
SHA1 ff31b3950d69f17736d7b8c8e68a3af0827c92a2
SHA256 d014cd63b28b37e03b0c69210a82198e1aeadc2a5b90a62b3fa4e81351b12d00
SHA512 501fe96d2f0c45e04f9af07d5236dca932efbe9d61d9f69cf95a50a96d9e75fa5c571439c9a20bdfd03295a97da1b7b17750d9c8e27fa42d444fad18192ab19f