Malware Analysis Report

2024-11-30 19:21

Sample ID 240302-mqlpgacg78
Target 2024-02-28_980b400e3c06fa3cad859ba2d3a24e0c_cryptolocker
SHA256 b3a511876e3ac955d2e1a7304230d168f77f67aab06f0789b19fd359a852862d
Tags
agilenet discovery
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

b3a511876e3ac955d2e1a7304230d168f77f67aab06f0789b19fd359a852862d

Threat Level: Likely malicious

The file 2024-02-28_980b400e3c06fa3cad859ba2d3a24e0c_cryptolocker was found to be: Likely malicious.

Malicious Activity Summary

agilenet discovery

Downloads MZ/PE file

Drops file in Drivers directory

Checks BIOS information in registry

Executes dropped EXE

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies registry class

Modifies system certificate store

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-02 10:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-02 10:40

Reported

2024-03-02 10:43

Platform

win11-20240221-en

Max time kernel

170s

Max time network

208s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-02-28_980b400e3c06fa3cad859ba2d3a24e0c_cryptolocker.exe"

Signatures

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\Downloads\MBSetup.exe N/A
File created C:\Windows\system32\drivers\mbae64.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\Downloads\MBSetup.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\netathrx.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbxnd0a.inf_amd64_777881a2c4c0272c\netbxnd0a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_d54f628acb9dea33\dc21x4vm.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\netwbw02.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\netefe3e.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\netbc64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\netr28x.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\net7800-x64-n650f.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\netnvm64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\netk57a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\net7500-x64-n650f.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\netwtw02.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\netl1c63x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_bfb9fd6f3a078899\netvwifimp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1ed57daf97af7063\netrasa.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_f1efe88b4f90c639\netax88772.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_310ee0bc0af86ba3\netr7364.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\netl160a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\netrtwlanu.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_5229ee1dac1c624e\usbnet.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_d2a498d51a4f7bec\rtcx21x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_3aba8686305c0121\msdri.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_6686e5d9c8b063ef\usbncm.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_749854ac3f28f846\msux64w10.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\net8185.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_49825a4c00258135\kdnic.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ipoib6x.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\net819xp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_badb18141de40629\netbxnda.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\net8187bv64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_6150ccb5b6a4c3cd\rt640x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_1fab0fd8cb4d7dee\netwmbclass.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\netwew00.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_1a82423cc076e882\rtwlanu_oldic.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\athw8x.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmlx5.inf_amd64_7aeb3e6bfcb2f0f1\netmlx5.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\nete1e3e.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\netjme.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\netbc63a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\netvg63a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_09e02e589e7afd83\netloop.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\bcmwdidhdpcie.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ykinx64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\netwtw06.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\netwlv64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\netr28ux.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_bccd4c0a924862b1\netrndis.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_2299fee965b7e92c\netvwwanmp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\netvf63a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\net8192se64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\mwlu97w8x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_a31306bfdf7135b0\bthpan.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\netrtwlane01.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_2518575b045d267b\wnetvsc.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\netwtw04.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_b98aa91c766be0ea\netavpna.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_8b2087393aaef952\netimm.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\netwns64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\msquic.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Tracing.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\Microsoft.VisualBasic.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Forms.Design.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.Protection.Interop.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-heap-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-private-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationTypes.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\UIAutomationClientSideProviders.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Input.Manipulations.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.EntityFrameworkCore.Abstractions.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-fibers-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Forms.Primitives.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.EntityFrameworkCore.Relational.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Globalization.Extensions.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.IO.Pipes.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\ucrtbase.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Diagnostics.EventLog.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Forms.Primitives.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\WindowsBase.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbae64.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-handle-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.ValueTuple.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Actions.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\version.dat C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.Primitives.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\ReachFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationProvider.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\WindowsFormsIntegration.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.EntityFrameworkCore.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.Configuration.Abstractions.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\D3DCompiler_47_cor3.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Windows.Input.Manipulations.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encoding.Extensions.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Forms.Design.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Forms.Primitives.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\PresentationUI.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationProvider.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Windows.Forms.Design.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\hostpolicy.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.UI.Theme.Light.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Input.Manipulations.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Windows.Controls.Ribbon.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MwacLib.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Collections.NonGeneric.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Windows.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Loader.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Xaml.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\PresentationFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Input.Manipulations.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Data.DataSetExtensions.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Resources.ResourceManager.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\PresentationUI.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\WindowsBase.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\de\ReachFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationClient.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-string-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.FileVersionInfo.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbcut.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Malwarebytes\FirstRun = "false" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Malwarebytes\FirstRun = "false" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\shell\open\command C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\shell C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\shell\open C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\shell\open\command\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\assistant.exe\" -uri \"%1\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3852399462-405385529-394778097-1000\{504938BE-35BA-4F1C-9D6A-1009983769A8} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\URL Protocol C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\DefaultIcon C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\DefaultIcon\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\assistant.exe,0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\ = "URL:Malwarebytes Protocol" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:SmartScreen:$DATA C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:Zone.Identifier:$DATA C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 498078.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 595471.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1752 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1752 wrote to memory of 5008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-02-28_980b400e3c06fa3cad859ba2d3a24e0c_cryptolocker.exe

"C:\Users\Admin\AppData\Local\Temp\2024-02-28_980b400e3c06fa3cad859ba2d3a24e0c_cryptolocker.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeea9c3cb8,0x7ffeea9c3cc8,0x7ffeea9c3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\asih.exe

"C:\Users\Admin\AppData\Local\Temp\asih.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4396 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8972 /prefetch:8

C:\Users\Admin\Downloads\MBSetup.exe

"C:\Users\Admin\Downloads\MBSetup.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8792 /prefetch:2

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:1

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7344 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8804 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000154" "Service-0x0-3e7$\Default" "00000000000000BC" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"

C:\Users\Admin\Downloads\MrsMajor3.0.exe

"C:\Users\Admin\Downloads\MrsMajor3.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\8A40.tmp\8A41.tmp\8A42.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\8A40.tmp\eulascr.exe

"C:\Users\Admin\AppData\Local\Temp\8A40.tmp\eulascr.exe"

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 3.140.13.188:443 emrlogistics.com tcp
GB 92.123.128.171:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
GB 92.123.128.146:443 th.bing.com tcp
GB 92.123.128.164:443 th.bing.com tcp
GB 92.123.128.164:443 th.bing.com tcp
GB 92.123.128.146:443 th.bing.com tcp
IE 40.126.31.71:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 18.119.154.66:443 emrlogistics.com tcp
US 68.183.21.156:443 www.antivirussoftwareguide.com tcp
US 68.183.21.156:443 www.antivirussoftwareguide.com tcp
GB 96.17.179.184:80 apps.identrust.com tcp
CZ 65.9.95.28:443 www.antivirusguide.com tcp
CZ 65.9.95.28:443 www.antivirusguide.com tcp
US 68.183.21.156:443 www.antivirussoftwareguide.com tcp
CZ 65.9.95.129:443 www.signidata.com tcp
IE 172.253.116.155:443 googleads.g.doubleclick.net tcp
IE 74.125.193.147:443 www.google.com tcp
IE 172.253.116.94:443 www.google.co.uk tcp
IE 172.253.116.94:443 www.google.co.uk tcp
CZ 65.9.95.121:443 static.hotjar.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
IE 172.253.116.94:443 www.google.co.uk udp
IE 209.85.203.155:443 stats.g.doubleclick.net tcp
IE 209.85.203.155:443 stats.g.doubleclick.net tcp
IE 74.125.193.147:443 www.google.com udp
CZ 65.9.95.80:443 script.hotjar.com tcp
US 8.8.8.8:53 80.95.9.65.in-addr.arpa udp
CZ 65.9.95.129:443 www.signidata.com tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 3.140.13.188:443 emrlogistics.com tcp
GB 104.84.64.150:443 static2.avg.com tcp
GB 104.84.64.150:443 static2.avg.com tcp
US 199.60.103.28:443 signal.avg.com tcp
US 199.60.103.28:443 signal.avg.com tcp
US 199.60.103.28:443 signal.avg.com tcp
US 199.60.103.28:443 signal.avg.com tcp
GB 104.84.64.150:443 static2.avg.com tcp
US 104.18.130.236:443 cdn.cookielaw.org tcp
US 104.18.130.236:443 cdn.cookielaw.org tcp
GB 104.84.64.150:443 static2.avg.com tcp
US 104.16.109.209:443 cdn2.hubspot.net tcp
US 104.18.130.236:443 cdn.cookielaw.org tcp
US 152.199.22.144:443 platform.linkedin.com tcp
CZ 65.9.95.85:443 widget.trustpilot.com tcp
IE 74.125.193.91:443 www.youtube-nocookie.com tcp
IE 74.125.193.91:443 www.youtube-nocookie.com udp
IE 74.125.193.119:443 i.ytimg.com tcp
US 174.138.119.38:443 www.trustedantiviruscompare.com tcp
US 174.138.119.38:443 www.trustedantiviruscompare.com tcp
GB 2.19.168.132:443 02179915.akstat.io tcp
US 172.64.155.119:443 geolocation.onetrust.com tcp
GB 23.39.224.128:443 c.go-mpulse.net tcp
IE 209.85.202.95:443 jnn-pa.googleapis.com tcp
IE 74.125.193.132:443 yt3.ggpht.com tcp
IE 209.85.202.95:443 jnn-pa.googleapis.com udp
US 174.138.119.38:443 www.trustedantiviruscompare.com tcp
US 174.138.119.38:443 www.trustedantiviruscompare.com tcp
US 174.138.119.38:443 www.trustedantiviruscompare.com tcp
US 174.138.119.38:443 www.trustedantiviruscompare.com tcp
IE 172.253.116.155:443 googleads.g.doubleclick.net udp
US 104.16.208.203:443 cm.nordvpn.com tcp
US 104.16.208.203:443 cm.nordvpn.com tcp
US 192.133.11.4:443 www.flowmon.com tcp
US 192.133.11.4:443 www.flowmon.com tcp
CZ 65.9.94.203:443 d6vtbcy3ong79.cloudfront.net tcp
CZ 65.9.94.160:443 d1c9z012fkqxps.cloudfront.net tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.16.208.203:443 cm.nordvpn.com tcp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 104.17.207.237:443 s1.nordcdn.com tcp
US 104.17.207.237:443 s1.nordcdn.com tcp
US 104.17.207.237:443 s1.nordcdn.com tcp
CZ 65.9.94.203:443 d6vtbcy3ong79.cloudfront.net tcp
CZ 65.9.94.160:443 d1c9z012fkqxps.cloudfront.net tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
CZ 65.9.94.150:443 d6vtbcy3ong79.cloudfront.net tcp
CZ 65.9.94.150:443 d6vtbcy3ong79.cloudfront.net tcp
US 152.199.21.175:443 cdn.insight.sitefinity.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
CZ 65.9.94.227:443 d585tldpucybw.cloudfront.net tcp
GB 142.250.200.34:443 ade.googlesyndication.com tcp
CZ 65.9.95.107:443 euob.ytwohlcq.telerik.com tcp
GB 142.250.200.34:443 ade.googlesyndication.com udp
IE 34.251.101.162:443 obseu.ytwohlcq.telerik.com tcp
US 18.119.154.66:443 emrlogistics.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 92.123.128.170:443 th.bing.com tcp
DE 140.82.121.3:443 github.com tcp
DE 140.82.121.3:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
IE 172.253.116.100:443 play.google.com tcp
IE 172.253.116.100:443 play.google.com udp
DE 140.82.121.5:443 api.github.com tcp
US 3.140.13.188:443 emrlogistics.com tcp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 192.0.76.3:443 stats.wp.com tcp
GB 143.244.38.136:443 plausible.io tcp
US 34.237.190.223:443 genesis.malwarebytes.com tcp
GB 143.244.38.136:443 plausible.io tcp
IE 74.125.193.136:443 www.youtube-nocookie.com tcp
IE 74.125.193.119:443 i.ytimg.com udp
IE 74.125.193.136:443 www.youtube-nocookie.com udp
IE 172.253.116.155:443 googleads.g.doubleclick.net udp
IE 209.85.202.95:443 jnn-pa.googleapis.com udp
IE 74.125.193.148:443 static.doubleclick.net tcp
IE 74.125.193.147:443 www.google.com udp
IE 74.125.193.132:443 yt3.ggpht.com udp
US 172.64.155.119:443 privacyportal.onetrust.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
CZ 65.9.95.2:443 api.demandbase.com tcp
CZ 65.9.95.60:443 www-api.malwarebytes.com tcp
CZ 65.9.95.60:443 www-api.malwarebytes.com tcp
CZ 65.9.95.60:443 www-api.malwarebytes.com tcp
CZ 65.9.95.60:443 www-api.malwarebytes.com tcp
US 104.18.38.233:80 crl.comodoca.com tcp
US 172.64.149.23:80 crl.comodoca.com tcp
US 18.119.154.66:443 emrlogistics.com tcp
IE 74.125.193.91:443 www.youtube-nocookie.com udp
US 54.185.151.250:443 api2.amplitude.com tcp
US 34.202.188.109:443 ark.mwbsys.com tcp
CZ 65.9.95.52:443 cdn.mwbsys.com tcp
US 34.202.188.109:443 ark.mwbsys.com tcp
CZ 65.9.95.5:443 cdn.mwbsys.com tcp
US 34.202.188.109:443 ark.mwbsys.com tcp
CZ 65.9.95.39:443 cdn.mwbsys.com tcp
DE 140.82.121.5:443 api.github.com tcp
US 3.140.13.188:443 emrlogistics.com tcp
US 34.202.188.109:443 ark.mwbsys.com tcp
CZ 65.9.95.5:443 cdn.mwbsys.com tcp
US 34.202.188.109:443 ark.mwbsys.com tcp
CZ 65.9.95.5:443 cdn.mwbsys.com tcp
DE 140.82.121.3:443 github.com tcp
US 18.119.154.66:443 emrlogistics.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 3.140.13.188:443 emrlogistics.com tcp
US 3.225.208.184:443 holocron.mwbsys.com tcp
US 3.225.208.184:443 holocron.mwbsys.com tcp
SE 45.83.223.233:443 ipv4.am.i.mullvad.net tcp
US 3.225.208.184:443 holocron.mwbsys.com tcp
US 104.18.38.233:80 crl.comodoca.com tcp
US 104.18.38.233:80 crl.comodoca.com tcp
US 172.64.149.23:80 crl.comodoca.com tcp
GB 92.123.241.137:80 www.microsoft.com tcp
US 52.25.254.100:443 api2.amplitude.com tcp
US 18.119.154.66:443 emrlogistics.com tcp

Files

memory/1912-0-0x0000000000500000-0x0000000000510000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 88e9aaca62aa2aed293699f139d7e7e1
SHA1 09d9ccfbdff9680366291d5d1bc311b0b56a05e9
SHA256 27dcdb1cddab5d56ac53cff93489038de93f61b5504f8595b1eb2d3124bbc12c
SHA512 d90dabe34504dde422f5f6dec87851af8f4849f521759a768dfa0a38f50827b099dfde256d8f8467460c289bdb168358b2678772b8b49418c23b882ba21d4793

memory/1912-2-0x0000000002250000-0x0000000002256000-memory.dmp

memory/1912-9-0x0000000002150000-0x0000000002156000-memory.dmp

memory/1912-8-0x0000000002250000-0x0000000002256000-memory.dmp

\??\pipe\LOCAL\crashpad_1752_JQXNZZHJMNDDBMGW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 341f6b71eb8fcb1e52a749a673b2819c
SHA1 6c81b6acb3ce5f64180cb58a6aae927b882f4109
SHA256 57934852f04cef38bb4acbe4407f707f137fada0c36bab71b2cdfd58cc030a29
SHA512 57ecaa087bc5626752f89501c635a2da8404dbda89260895910a9cc31203e15095eba2e1ce9eee1481f02a43d0df77b75cb9b0d77a3bc3b894fdd1cf0f6ce6f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3240c905b6e5d652e72e3cbd21404db7
SHA1 ecd6989d56422cf0849fc87a6c2e8c9853201ded
SHA256 1941b9291326aadbc149e48c74b5f4632a5fc8b13bcbb229d06394b7e3351c34
SHA512 a6265bd85a29ef1121913942ef43a77cac1efb6252f97c40d3b7d5630b2d036f30fd52f5e81e7a3549175979013be579a60caf9704b6186cde1174a08f74d8c8

C:\Users\Admin\AppData\Local\Temp\asih.exe

MD5 04a4466cb5f60b312f92c7876173e794
SHA1 6ff1c0b99dc4baf82f232563f269c4cbba5e0e08
SHA256 c3de1bae476554d7a256d5c58ec7ed1a512ad2f0126401cf411b682fbd6853d8
SHA512 03ed1a7047b466d59c52aa8359f13fb3dcd549a5b5eb3d88bcd9977a77427b09b41fe2653343eabfa21a0961156fc8a7c3bd722a52c94c9136a2cd66d1d810cb

memory/1912-39-0x0000000000500000-0x0000000000510000-memory.dmp

memory/4228-41-0x0000000002170000-0x0000000002176000-memory.dmp

memory/4228-43-0x0000000002150000-0x0000000002156000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 81cf06552d293bd687e8ff4c5541d4b7
SHA1 318d180a0ba40740ce42d498ce24eda4395fd65c
SHA256 d637db106dc18a43d689f8b58fe6cab3b4ebc374e371db3272fc75dd15eb6d91
SHA512 51c163c51808d4451b83f6a8a7216edc73d8f02a68d7912d99739dc4bc756ef8b4ded9a34469320b191a8a08dd39a02892722543cd4285dd18ed108761a737e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fe4133207a6a34870683d7b1fb7364ee
SHA1 fa7ba4481908f6130345aecb27aabbe95ce3068e
SHA256 10db062584e990c5645130577f82405f2a15a2e75f0bc12754eaf43eb0b24918
SHA512 7c961788587e0e7f8faffea09aeca4145ce8c4ad1d2f1661a7beb9d4f6e1e4c994ea5b9f2265a3996b2fa67a3ca919e13f68ef8b9964f279a010d7e11a93024c

memory/4228-228-0x0000000000500000-0x0000000000510000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 acd3f8bcdca044e4382c0bb6246b0234
SHA1 1c83d89a3c40835a82f06e6bea0af86f52901bc5
SHA256 cec8af8be960f3b13ad0f554c338ab88688ae5b4ddfcda5471fc8268ce66db25
SHA512 3cbf100cc72f4a63c7aebe0ec029fc3635b97addbb0a4e83febbd127e00ff1455fc0b4cb90839f3bec498a7cdb848d8fde4d6991cc6a1f479669e70ad220b5a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 a127a49f49671771565e01d883a5e4fa
SHA1 09ec098e238b34c09406628c6bee1b81472fc003
SHA256 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6
SHA512 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 f07899b2fa8398870c2dcb5d7fe44fc5
SHA1 6efd418ec9d45e731cf848b75b52cfb6124e773b
SHA256 732fe8afbf4fda320d34ed9bb0d4d4f5525879ed87784870face53eb50ffbaeb
SHA512 0b30a0d01277d2f3abcb85f3fc16be3b07fd826e9cb523b73fd9e45bc5cacab03e6f0486ce84cdeab01adb70810d6891d87dae036e525959a4e97114588a900f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cee544d0d3f216315f401f32d4f663cb
SHA1 296145cbe02c8aee619ff5e7ed75d35cb4b286fb
SHA256 60da7befa015bd38b25fc26f83a52ac3e1bea71a06c7bf2c8da514d125d6a250
SHA512 f74c57aced3209714b8c9ae80178a62aa30a69f0b7dd3c4e992d51dd63fb12c7d3fe9b9632f92831162acfa212e5e64c7f97236ce96a85580b894cff8b71c6a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7f89de768b314f0bb52b6e4fe922b823
SHA1 7d05d1d20c0cf913aa5543ec82022bc571b68f71
SHA256 bcccf2a3045d37865dbe7d4029ad462f901a74ce7f5739dc91bfb446c844ef1d
SHA512 cbf76756c2cd03feef932a274b351a2ebe9496de7e7d8db24736eff69dd3cce22143e3ed6357e4b10c8aa4de362ff1728678d94aa94bd8d3a4e433e3c64630c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586618.TMP

MD5 5eba58dc394ae0b61e16a3f8958f5c4c
SHA1 49805738b66db5c14d9f83b582575061ad25f2dd
SHA256 e7a853bf58f7b66f6764233577bd327345d2fc0094a7919d50ccbb2e9959add8
SHA512 c48eb44fc3b51e1fb04baeedf4bf44ed215051ea1433fcafc13d015a9b6f2be3beadad097ec3a10b09cfe0485678676038251c3b09ea38f54a56abf1fff9c21d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c1df1f1681b3e64837f20ab96198e599
SHA1 7b1437d2cf588fd3dba41ad2221f4a7491c370e5
SHA256 8b7ff2d37e9b40c40c94acee4ed1a52553dfd7143a2bbd8a8114bd1fe64f0c26
SHA512 9d789f0e45c456753bfae1965a3a8de19a97548fa28ed2b74396a04c117444ab454a1dd44eb33c5ea07f6055b741ab66f81e6cc37ce2f369ae49dffeff875603

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 70bead0149ae519c6838ab9f92fc9763
SHA1 3fc9a8038c8a6338091d81f05af8052eefc50705
SHA256 f2b5588b4b5a4dd40099dc9e2e50de0cf745773b9572816d777a21d8436f9f4d
SHA512 883a2d429ee7f06bfe8c52d2a30156c41db278cd889c73bad4f34ca3fcc0a8fb87cee03bd06a4ee5a8382ec30c2e82101d4619e055a3e869ad70234f41aa2e5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

MD5 343859b4ad03856a60d076c8cd8f22c3
SHA1 7954a27de3329b4c5eefd4bdcb8450823881aad6
SHA256 8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f
SHA512 58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

MD5 f859b0da747abe6c4be14e1d5f8ab4c0
SHA1 6fcb65d98c3fb0821162046537c1d7e97f919392
SHA256 73021fd93d3c4e7215893f814da719245851996b0448ed37847c45c8307cbb2b
SHA512 7317c580dded3ebe8b3d9d3f85b475feda6ad89b8f16e89a5796d21abb84aa012b2d8191748bbda3659fa6b947d6488ddbd4d83c3b6c359041441d59f76408a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f15a42d2b32eac215479aae6e3b93253
SHA1 a280fecc6696c0ed43fa9d20fa20dd4b277bce11
SHA256 e61d12e36e190b4ca49bd07b709a38f557a71be9f176093aff0b7d0573eeac3c
SHA512 e7b68ffc6dc2dd7824f24009280f123da291bfdb909b21d5e2d7b8d5de11f3cf5295d199065dd59fe56c16f82b1c204f9daacedc9d60998ff70a8d886a07d521

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 84110d7224a36b25ed2b93c5a9e2b01d
SHA1 a53daf9cbdd35bba00f5015a16df5c4695a78179
SHA256 c8722be2dc8680da2fd7c2e58cf33208319c807c52435933700eca71164dab37
SHA512 b8c711df71c5320a6aeb45a509e5bd6e7bba60afba80b4000c8b73ad5b364a94fe0ed15a9a67f07608bfb46c74646fc6167b106a8c6ef4d4baf6e6366a906951

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aa5077a9825684f217d74292edb15c3f
SHA1 027446d8b3b8b68216cc586351eee34f95287869
SHA256 320f6e171fba46a75f1da6f8d1df3ea4dfc2b57d37a3a072372ad537767ecb2a
SHA512 9d1572270a2045d6c021bef823abf98f3514b4f6867f469d5b0076593f22682168b6094346774480fcd20126dd222dbaa795b72b44beda35b9b6cb5463378ba3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 49c1136d79ea9f5fec0026f4e900b81e
SHA1 50257c9b90f443d09538ec05ff251dd289024295
SHA256 b6afd1494639cdcc723825f01b48192fd86adec0af2c1e1d9e8dea0add74a5cb
SHA512 a3a800fc08ba3fec12daf54d57aa999a48ea51b33b9a146104ccaf17ee455de30e300d1bbef50f5e902f40b99ede1bac4fc9e4c7d8863c2a1b79a5df1a41b166

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 cf989be758e8dab43e0a5bc0798c71e0
SHA1 97537516ffd3621ffdd0219ede2a0771a9d1e01d
SHA256 beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615
SHA512 f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 3cd0f2f60ab620c7be0c2c3dbf2cda97
SHA1 47fad82bfa9a32d578c0c84aed2840c55bd27bfb
SHA256 29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b
SHA512 ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 68f0a51fa86985999964ee43de12cdd5
SHA1 bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256 f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA512 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 3051c1e179d84292d3f84a1a0a112c80
SHA1 c11a63236373abfe574f2935a0e7024688b71ccb
SHA256 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512 df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 91dfa490ed82b097cf22533d829f8e11
SHA1 16b3aecf239665e06d38808ebda28a5053b71ce4
SHA256 289b1706bb9c48ab616f7d1fa3d959dc63bb8268de9b61668ed3f9d72887255d
SHA512 80d8b9c73c918211bf275dad89196acdf0e6b6fcd30d079bc72c8d36edb83bb22acf325e12897606774debcdc9da3b8b44277eb535a79ace419e64195148eb76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 88154c87a8947bcf99b2a661225d45dc
SHA1 2804165957316b2ad8910aba9d8f200af0a99adb
SHA256 594cc1cebc9ccef546e10f23c8c911748b825a2ef9eac346e3a0f2370bf83d05
SHA512 182610a9f1de252445b35a5f95dbaa97d2ac00740f0139506f64f857063cb74850f1114bb195707ddc64863255fd306831eae658cee5aa5b8edb537df3ed0ebc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6b8daec02eddbbd386ffad48e0d17c27
SHA1 6a6ee0791f4289f7178ab7910c868ac6191d4d5d
SHA256 c3fcf82ee9ec43aef0d5a7c1d8e4c75f570710b5f33f8c80ddd9e79fdabced1f
SHA512 6e778d05e89b57f840f2782a4a3b980a88415f3c0cb6317c8dbeb90ad80654557b250b56121962a57166fa757f4b07812e3a17a379a2f989c5463aadd09fd23b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ff5b5a78b5ab69c4682f15c17a8fc416
SHA1 64eb949b1ecafa1592a050838711be30fbe502f4
SHA256 dd9fa19f068ccf0cf6976e16e048604afdafbb2575dd4e0742011938e32c3a28
SHA512 c6ebf0a867cec03692c7efd5a1944947174c23d2484f22e3d15b3fd4c7f9deaad244bddc120b4a7b62dd5e3314be681275bd9b4d6137618aa1fd312c22edbdce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f67cc183ba0591e3ca88be8a0985b276
SHA1 6a5b33a905f6ff63cbcb4f61d3a7e371a11d8cce
SHA256 89b5b2ebf11cb23194867f1877f7561865a76fcdccee372dec16884bc1a81495
SHA512 6f59937420e3d74ef79eb9de98926e46f0675f46d381500edfe206616ba3ec75106ce32dce374d004918225ab5f3b59305589e0020aa126e68a4dbf9c3e667cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b8674e325220ed08ae40ea347173b434
SHA1 b5562ac735a14b415ee268bfa01bfa2719cc4fa9
SHA256 d8e377f07fb4e5162cf8e0d140c0c60e67728a52df43c08d616d6ab5b7980dc5
SHA512 b1e2deb16cd682abe2e50d378ae5175daf2c467afb65b93eae7027bb56380ba2186f740dbaa24102e1c08fa28e698d5f5b490d088dcf3d61eeab7d24eff6e753

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a7d1b7a0a5315195e2986d9843623f48
SHA1 629276db033f1c9c5cb79e1cd0aa192beeb389fb
SHA256 319ef2ff89dc62620adb2be20bbde8d99741dc380dbe7b659df5e7892c01fde4
SHA512 5a281bd0fc8b39c127f5b91d877fd2d3f388108a65cf361c92c4314adc2f2dca969ed9df75da1d01287492986fa1ce4c9cd5dffd752809f2145645a2b2b1f5ca

C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\Downloads\MBSetup.exe

MD5 38fcbed91aa65065ebbe593da8a81fed
SHA1 8e13cce55f98d6d63c389980ca9c9d42af427509
SHA256 8f0d67741e5bae151c67e274320aff754480e188499be17c08e72cb4fc6fbfec
SHA512 a3df875deaccb0c8d421bf78fa5ab92c3d0bd67c4bfdac54d430d46043b4306ba138e45a223e422db43db6c305863fc84cb171d55878a774a58e794189078835

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 2f321e7c4bfdc2a1f0890a36521947c8
SHA1 89ecf4d39949e36de2e1503cc0b2e50a3d677ae9
SHA256 231e1e5c1b99f583875553ab2f68998926bf37c2c1cf0a1da0bd0cee7f7d08d5
SHA512 6117775a31ccbb7b1f60b7a9b8a2004a22d3abd2f7442296b2cb425ab36dac77770160c032a1091169e6e79cdd54c40d03f30b75d600bbb5861b5c8200322829

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 21b6b165ee958834af92d3b12fd3d6be
SHA1 586cb21c446ad686f32a88a20897830efa8a1452
SHA256 c58e3b08b2fbb8f9456d0db92e539f050c6e8044bf300b6ef046ba0f9a177414
SHA512 25fe5d0fdde452d701a1842219b692aac4af157745800609b37fdc16b76f137600a5df5784c73efb02b71adac19a91fb7aa9bad0b9cd78b8ea3edf03424ffb84

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

MD5 bf411de146ab5191b1dcb91aa2ad9be3
SHA1 b1f0f8e8855de96f2f9d64e736de5b5e8de0d37e
SHA256 448c948edbf2fa7e9079ed2f2df40e0ed61ed87c11c5f06330daa14dda581d05
SHA512 a7af8c8834d827c32d94b6eccff081517dbf1a4c4d0ffc0019831718c49987c1598fda6cbea552911e8de68380f139f6d1e11cd477f036328484f71ec0d71d47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 10bf333c8a2fac2f6b8d81150e2bf654
SHA1 777334a3851070bf9afb24b4507f3e370d533f24
SHA256 d56fd2b9203805758368d81ba3c12a65132ef24f07d1570a865f36629cd98e07
SHA512 93284471dd44bfb4a40e90383547fd39dc5b202f42b72f15ad6be04ea43eaab1261477dcd620e6d743b294ed9fdd945f85d1c386cc4632caf04d29e19a32c04c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 33b2313192e3f74d527e98e645690c1a
SHA1 8fc96149e34329c614458adf81732d223bf3c719
SHA256 1ae4b0226375b6ad5d9d648deb0bd57c3b36d2c3da2d9bd4aed69cc6df63aaac
SHA512 ac56be244167a20a98a56c8f51b6b343cd74860234470613b34fd0441dd1f2236b68257e3569e775d72fc0ac98999e570d654b0967b0447df7e69a6d97661123

C:\Windows\Temp\MBInstallTemp952e6b9bd88111eeb8b1dadbc67928ac\7z.dll

MD5 ab8f0c1a37c0df5c8924aab509db42c9
SHA1 53dba959124e6d740829bda2360e851bcb85cce8
SHA256 6e223b275b84d948cc5ae1f161f0bfff2adb34de04634c84d7dbe9305a4998d5
SHA512 ff8a26e8fd5a08c74e5ba93a564e0d3cd932754e7f06993a365bfad06670497889e69ec45bfba1378040b72f82d468e79682beba2439937bb29d2a41da940d4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 045def9b48e67be8bb07a5c8d803005c
SHA1 1d767620a8b81e1999f4c7482c6ce63caf635db1
SHA256 d341e26f3504628eeb0c64c0c5ccc8d01a3b60db61b774c9483d6de1697dab3c
SHA512 c2b6add98545ab7696d490426bd28de3cdb98c3f9dca587573411c9bb5797cf8a32206de939a68ead51546c5ea8334d34c3e6434b37aa66d8f167a0d0d60c0d3

C:\Windows\Temp\MBInstallTemp952e6b9bd88111eeb8b1dadbc67928ac\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.25\mscordaccore.dll

MD5 4820d2a3a060de50d67b3848f00ae811
SHA1 934495925b85b3afa05ab2dae211d0b7f64b51ad
SHA256 e5777c51dc6686dea8fab6bed6acad66e7d02662176409dd6d128be414ac7808
SHA512 679537da497a8d62aeb6f37c54361f5ce770fcc5f19534158f6f0de00b6b82ba589e06e1b299b91fcdf7c0e35c9a3ac501dd93bc95419901914474f02cf1ca33

C:\Windows\Temp\MBInstallTemp952e6b9bd88111eeb8b1dadbc67928ac\servicepkg\MBAMService.exe

MD5 933d04300d9c4490a562f174214b2865
SHA1 bb4a4fb152abbf7047bd1bdcffc914d3aae9f779
SHA256 9566e2149cad9a2dca4e71fd2957936e887651585e14cf71f37b0c94ec87228c
SHA512 9e19dfc5fbbcbd0fc40df7c2895554be193b4e6875141e64cede55d5fad5a25971a895333db36b8621cf785fa17e0516231bb0cfe42f3c67a668096f6de9b21f

C:\Windows\Temp\MBInstallTemp952e6b9bd88111eeb8b1dadbc67928ac\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json

MD5 d94cf983fba9ab1bb8a6cb3ad4a48f50
SHA1 04855d8b7a76b7ec74633043ef9986d4500ca63c
SHA256 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a
SHA512 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

C:\Windows\Temp\MBInstallTemp952e6b9bd88111eeb8b1dadbc67928ac\dbclspkg\MBAMCoreV5.dll

MD5 e374937efe9abeb8e8802486b7787b61
SHA1 4425576c4de9b391ad06d66502ef38032cb32278
SHA256 89b4be41a8a0fc009cf6940bdd7091be94ca90c9a3590b787272bced08751463
SHA512 561e2472be122566a93473e4a59dbd81893150a1072b67d49d3415067024b3a50a0f3c520be366d1f03f39710b88ff5d3cdd6124c91444b55037e5abf450ce12

C:\Windows\Temp\MBInstallTemp952e6b9bd88111eeb8b1dadbc67928ac\servicepkg\mbamelam.sys

MD5 9e77c51e14fa9a323ee1635dc74ecc07
SHA1 a78bde0bd73260ce7af9cdc441af9db54d1637c2
SHA256 b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0
SHA512 a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

C:\Windows\Temp\MBInstallTemp952e6b9bd88111eeb8b1dadbc67928ac\servicepkg\mbamelam.inf

MD5 c481ad4dd1d91860335787aa61177932
SHA1 81633414c5bf5832a8584fb0740bc09596b9b66d
SHA256 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3
SHA512 d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

C:\Windows\Temp\MBInstallTemp952e6b9bd88111eeb8b1dadbc67928ac\servicepkg\mbamelam.cat

MD5 60608328775d6acf03eaab38407e5b7c
SHA1 9f63644893517286753f63ad6d01bc8bfacf79b1
SHA256 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59
SHA512 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat

MD5 937a98c6672704251debffe44b580d34
SHA1 53666699e1823565bdefc7fde86598c843b4cc6a
SHA256 9b06919af771df779a7534cba46484be00c8113356770e4c2d20e118fb3ee593
SHA512 d1581719591a99fd609fc1471db2a1c38329993cc15d5c2b05c36b81f7a0887146afa250f1ecf2ab0e6815072bb4010aaedbac591b39bace1ded40d0175161b9

C:\Users\Admin\Downloads\Unconfirmed 498078.crdownload

MD5 35a27d088cd5be278629fae37d464182
SHA1 d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
SHA256 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
SHA512 eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5

C:\Program Files\Malwarebytes\Anti-Malware\version.dat

MD5 741464b0e19cce144fc28e0e94c5b64c
SHA1 49319149fdb8dc28056f708e867f7deba73035eb
SHA256 ad87580dacc96b0eb29cb2acd069037ca14624f15c4d15ce3f2a360009e91030
SHA512 484ad9d18610b0b58e93dbd9bb36991e6bf78e19922799ecad79680ad2a19a01dea58369f15e0dc3142f09fdeb7f95ca178b863a5159b64505f8dcb9b647bdf9

C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

MD5 ddfee006c8400cd382d722db8aba8cbf
SHA1 46db8169f77a728b1aa2fcaa35962b711c7e7653
SHA256 e1fed170feaa0541443d2417eac0a1901c36eb1abb734861edafdeffdaf54427
SHA512 96c464d034f616fa96c6ba45c717c51f59a12e9624ec0bc166d510801227d0d1e4e3578559b14aae6087ebb828db378b47ba9b789944dff9c3a29a202bc97c3e

C:\Windows\Temp\MBInstallTemp952e6b9bd88111eeb8b1dadbc67928ac\ctlrpkg\mbae64.sys

MD5 95515708f41a7e283d6725506f56f6f2
SHA1 9afc20a19db3d2a75b6915d8d9af602c5218735e
SHA256 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6
SHA512 d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

MD5 763aca65b6efaefde26476b04fdbae53
SHA1 1a0aba13ad367580c4f921da26714a8b5307eba3
SHA256 118b51e1269df6301fb5b9e8ed1d9cdf60c05293f24b4c2c2db14c094a998796
SHA512 366d14524a44c2185a3054dd926aa73a69bfb56891445e3eb8b017aadec7e3b24a363f8e5b9a16c070ef7f188004662aabf546931fd8b9e50d8b1b8665612670

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json.bak

MD5 dbac051733fb797165bbff533776c830
SHA1 71e0a30d091129241308a48898211ced048a187e
SHA256 79b2a705da319c947d5ca012cb1e950a8acbbff9e0328312ca42d2ae4a08b1c0
SHA512 18d5a4aedcbaf19725a961aa0e3814581ae254944a8b8369c4529ddd934eca2d67c6e803b3f53b60870866350a381196876c720e45321f1ae2166f25227180a0

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

MD5 f391d394be94295ca6a91b604803f133
SHA1 ac5c6fe9bc691d3ac998a6a1a549b0dc6fa0532e
SHA256 c85fe3a6c013f4f13265a650ba8aaced614ea514ff21b1543d9a0cb30d2fe310
SHA512 9becd45ba0a40e3c85e0831ad15e982b3b58da6dbd5da5306cd3358ad195cd9e92dfc3fd7635049090d209718062e665b051cc9470f1ba6d7f0aa43888fba710

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

MD5 57c5286290f4266bc281109626bd62ab
SHA1 91b4ec2a4925685ecffafbbd2724af1951bd73da
SHA256 2fdd02bc2d00054a12319d41ab40368ce47c0cb244ecf5799bc645146dec1752
SHA512 4058b99ee186813ac68a32391e1831b522cf65ce3e17106962d2b60f25769681364653ef88316175798b511278b958b2e46534eec1c89b492e68c26f91188a7a

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

MD5 935be85186e8571536580ac7a6b0a667
SHA1 89f45cf2ada3efc97582c6f4493d18d4bb697e17
SHA256 4820ea2d795f536418f90341cc29d27cb91e7a8030bf6ff5f4ca0bffa21ff99e
SHA512 a717006ff72ce32d839f80d03ca842a3c2c787edf33575a0e468efdb744448b95d55578dcef386db966c32ba9967d33aee506d2fa28c46350aa9ced385d4fcf8

C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll

MD5 8e9d961a2a292c1c5b4dbf705c50469c
SHA1 d608f9135cddf9520c3b7f1976857e1a2072f1c6
SHA256 64ca92cba79c589e55eeee1ff29bab3169c6a84852a6b4a71042a9b9b6918ac4
SHA512 d9e817f6aed0d34843f83efe97e1907646caf49dfc3b3b1cf8880b106935404d19f04e03f1cbc913a1b4a14db5dbb691fca7c74809c9ffed078d8e400b313553

C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll

MD5 5ce3f6c810f8abf4e5e3bc5da69c7135
SHA1 de563d8c4ba5786ed49a3d934319447598863bbf
SHA256 369f3c81ecf9c307252da65533c2f0823be68357ade2262e6e01d0bf6ba2c819
SHA512 8077b945cd812977afc1596a4b3ebe6d84569ad6726279ca516371d78d5508471cefe488f140fc8f7362801ff48aaf80b0f5715c01059a372e9c514318090035

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dc1ec9d321f53bd9bfaca6fbabeff873
SHA1 e1033abaf1a437d145172fdb54530e3e99a900d1
SHA256 188cc4d1f98eafd672a3d044b0cf91b717bf4ab38a6ac10a2295c100112c14d1
SHA512 74481db724e901e60c53ece9466db9696c7011fd02eea5b302cdf54eb1fc318c79d18a868f869ac356056eca5bdb7f10ea1527caa0051d26229b7347d77b08cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e656d0212222bee53d497c2d21055c17
SHA1 da78bdf22fd88dcfb5eb44910b458eef73da5c19
SHA256 ed2486562dbfa2071b95c6516bec9694657d733f7516d385067e91accdee9b86
SHA512 3d1c2e81bf5f4bc92dbb0ebbc4a2d9e0908ff03404965cac5b1042a92cd434bdad5342646689f1fe8caa2c167d65e96e1dd5208baaef9ad303824838a1140774

C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf

MD5 5d1917024b228efbeab3c696e663873e
SHA1 cec5e88c2481d323ec366c18024d61a117f01b21
SHA256 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8
SHA512 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a

C:\Users\Admin\Downloads\MrsMajor3.0.exe:Zone.Identifier

MD5 0f98a5550abe0fb880568b1480c96a1c
SHA1 d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA256 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512 dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.cat

MD5 8abff1fbf08d70c1681a9b20384dbbf9
SHA1 c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6
SHA256 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658
SHA512 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f

C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.sys

MD5 83d4fba999eb8b34047c38fabef60243
SHA1 25731b57e9968282610f337bc6d769aa26af4938
SHA256 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c
SHA512 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 fbfd16d7093525ef063b003b737849ba
SHA1 c9c89677e3996a647f1eda84f99229d40740d5bd
SHA256 12f5f0de7421517a5b6a18cf08517a1a786ac8f226f8d9d91967116dadb9ed1a
SHA512 e3bc437a079815274e407679d5b6f4485a55dfc174ee8ba36f33158a9b107939d35144c80d3801d90a781d115aac8ac0d642700536bccb42307c352f2a346828

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 a2247b650d549baeca6fc480709503e3
SHA1 fb62b91929297039a952c032cf554fe782f4cabb
SHA256 53361cb2a8637f13df5c1df784234ffcde5aa4dec4eb303c27c7de44488c6ac1
SHA512 6599a662af81c4a8e21520ad56828c36e6c4968e933715bc202150bb51f3e4e5cd0c66e4bf9026d166fb312377b98f553dce065886cc31f3f4fb75955bb7bc4e

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 dc207bfa7add352e740936efb122a03e
SHA1 bd51990daa404e8ccc75c70d6f11dd7ab710719c
SHA256 92acb7c7e8193075b60e0d0c0792425841475483478018652166d33b9dfa5ccb
SHA512 310719e619e104610fffd491a602fd6284cdbfaa38df77f9affa7e542d4f39d77bf81b9e605e64ae6904c41c2ff57df9f32c833f4ae543924d6c4c3b3b4b6b13

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 d02e1fba502a2ada994d3935895b542d
SHA1 6a4c231cf373d838c16c86c05b3768d88d7f409d
SHA256 01dbd125d734ce1b1aeb5aea08e395e5a1d3f1b90e7a757b947ce5aeea4fe3c5
SHA512 20d98d0ae473acd97bf747b26b3367a1ffbd387fe8af00dbb907466a7394bdbfea61b2a9e1d45e1ace48c41b3987a317158c9b97609dc53b307911097a8ce748

C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat

MD5 9832e1205be76c29dca1fb3f4c28ff08
SHA1 c727b0e209e2b04f7989fffb4878daa9587e8e53
SHA256 15dc8ad530ca169f26e86289545bb1d52130f5380ab83cd6437d21045ac29103
SHA512 8b1562312589fd0e959a1d2cbe7ddf5566cf67200d374bf1062103025e6cf5a95e9a36c87180cf21176fbb09904803252bef34e0aa25afa03c76ae90eb66cb90

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 b29a5f752e8fe8e45e7b698124fae7d1
SHA1 862ed8bcd78c3f761632431f7692815897666369
SHA256 5cb4dbfa9a5a2e89c623bff53a5edd9d7c862caee9508ad48b703b865d14ac57
SHA512 9df742a45965317d78a1c0b21d27d3891bf6fa8ee2bed64c6692b3c0aa54b15c269af5864fd89cec144222ea19657e4bdc2b7f9820bcc3d4b168f7cb252de9e1

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

MD5 6f0ceeacb21b3bbd569d211617b2f3f6
SHA1 9185bf76c92eb87d73d75a576edfd7bed82f1099
SHA256 65084108ace1ba3c037e203667b67dc5d1d1c06261c0d121b3c536c7e5e247a6
SHA512 b73c1613ef5130ac6270615d6960e3e8a0125d6d742a139ed4564b5af1db8c7f8d9bff9d32e3904a377ebd04337114505b9def88aad5e72f2e4d95ebf9a8ecc6

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 5d4f8263159ac4eef7b2c15a323c5278
SHA1 39cdb918f4e7182fb374b9f1397f5d2fb45cddba
SHA256 dff2937bc38e48042590a7e2c3d64982f469423cd49dbab9c50444ff03df35ef
SHA512 3f5e7f38acd089bdc1888e277cc55367b1982419336e1dcb4cdbfd7d010c62df94e358a0283c93fe3c0773ea862ac2eea7b6ae185598ad8bdfb8a3cfdbb76362

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 e87c7f0ed2d8990feefaec6900d3e8fc
SHA1 8ff45f1a8e1c93ed5f7e9ff1786af0f5a2720781
SHA256 c07cb77c79133faba282448f82b192eb6566b8608704c98298fc24e4d6a54bf1
SHA512 195a9156dfe7bdbd870bf72e83d6ebfcc59f0816951d06c9f82dc3d5a1276cff9acfcb6940d6dd16caa1a0897d040f7bb8f36f2cebcd9775c713c74685b1b8a7

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

MD5 69f7fb8b8a6f02baf066638c9ca45995
SHA1 2a605097a48c24767aafbde47939ad8e66c9602a
SHA256 6eb889f3967be2113efcf2df1a99e49a664975610924dec15186078c887872d0
SHA512 96a6ea02054e3eda29e199280c99e32be3286479682a2885377eaa914e3f6b4cc44aa3803f291cedf20674c20ff9a10115f9e14c3cf0e636649b5cf7473ec6b1

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb

MD5 ca10bf6ef26445f029e7a7d33e194171
SHA1 837438f7abe90d38c37c5a11290a8c218cc36f4b
SHA256 ecd5b927920204a654a46ce148ac1e35d36c52bf94fc35fe48a62439c4d89cf1
SHA512 953c5b7e79c7543b290048e3094cc3813fe95306b6170ef40dd2d9cf4f27cd5b4725bb739c098338e06b4e7873e1d4a9444db3a3ab669659688819327360fd1c

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

MD5 9638cd5c2f0a855cddfd38d33e4d9290
SHA1 b7f0ad7b5272306b8546f7337f9ebe87ebf75dd3
SHA256 18a2731047c22b7963475e14b56f4f7264d1c72cf063af2219ac6e9a6679c6de
SHA512 85d91790a60639970cb7cc34360219c0b64417d8c6669be97001dce28908458a144be78f1c9f786080449c2f3aff41dd8b0d4855548b4985852db9f664998771

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

MD5 9a0295d9cf48c1bc1ae2d3329cbd0ee3
SHA1 cee3cab21f5a24a99d63bf00c0aff3d6ee82ef26
SHA256 2f70f654ccc5ab13182d1f909215840a4a304f284a3cc1e5af3502058fe0c8c7
SHA512 bf87fe79aad94c181ac009a8345e70b6c67d1fb7468ff414f12bc01a1a9f5435063c1c8abcc815a9701f3b20a4050b6fef36f35004695e3601229e1454a4ea32

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

MD5 be5c0bdef631a79b8187f3237b24c816
SHA1 8ab4e5eeb3304ed41851a51e3bd7694334ba5149
SHA256 00dc53182addf5756b5c0e0b0fc941ea5b1c91713b26a1d4a0b1a1c4e66d8f35
SHA512 6a18750370950cd6162af0c6638fa232a4c40808aa79456537448d46dad031d89e45ba39f976da9d752b4aa220b6ecac14fe00caf30f0c6d592c77e17fffc0e0

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat

MD5 10f23e7c8c791b91c86cd966d67b7bc7
SHA1 3f596093b2bc33f7a2554818f8e41adbbd101961
SHA256 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc
SHA512 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat

MD5 9ca43e1267af041cf9c4052ff35b8159
SHA1 3d68b6d739a280da577a9452e5ca7b50c7dda425
SHA256 badf72956420de417aa0f4bd7d397a0234dc98f87cadec6a7ed608749ad3eca0
SHA512 800530e449fa6fc9075330e23c6d1160936c382683cc7b14486763daf56b2b949081b843547a0e34b25ec6e2c2d02475e5fe0eb801edf167d539a6f8290783ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c7e7ec88fbbb131bb646ab6b4ee3107b
SHA1 9c47f4010324c73d2dd475efd763427c9d42b323
SHA256 12997734cf9dfdd5aca8981208c46ea2c17c77b20f5aa9683b2c687bbe146b47
SHA512 951390aee1dad211064677269dc6cfcd5ddb62d7033f09bcd21d73c35e83d89c75bc760196567f49b16cb464a1b1d09f34c5186c6f295a8eb4b5b6802da9b750

C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll

MD5 42b2c266e49a3acd346b91e3b0e638c0
SHA1 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1
SHA256 adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29
SHA512 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 9ea3e3daa3b3f22599f9b8dbfa83000e
SHA1 96272db3b80729facfc78a9eabb796fef57cfc4d
SHA256 eb0e45aff7b76bc0ab34642f37662403e3b26c66fb1ddb061086e76ccdda29be
SHA512 b41b82b23bed227598bcd4cf5307fea522bce6a39b6f52ec69e90e6527fe4fe856584af299d41eb25b3c8838d48aea531d3975b1a03b778143e6dae375d4c54c

memory/6348-4485-0x00007FFED7040000-0x00007FFED718F000-memory.dmp

memory/6348-4487-0x000000001B3C0000-0x000000001B3D0000-memory.dmp

memory/6348-4486-0x00007FFED4800000-0x00007FFED52C2000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat

MD5 342b6700e7bcd7dae822a286f50f2351
SHA1 56fb8e2336636bcb0ba931f893b02b7bf7c63952
SHA256 c2414f7aafc971886cb69c6ef2f39f78cdfdea9909784a069e21b99f91c3f7cd
SHA512 ece4a281691f4d8c7e0c0eed671f14e23702bce88f7a029cfbbffa4a15b64985316ac529315061f5e65609fc7a5f92ae9a89aa176e9ea75210a24397fbd05ed0

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin

MD5 26574984c49eeffaba3a9c4d4befe806
SHA1 e7e33708c74cbc5e0891eda541452570b5a42912
SHA256 c4b298a40098e3e1b699c6005049b9ad4ee92f6a17410b6a22171a94db4de1eb
SHA512 eb5ca1dcaf017dc7b45ac4fbc9b3111263ed6d516ad46056338085529b81ce3690c8cdf5fcb552ea1cb5e887065bfd0c379f92cd594f8b306e086dff0ecc0e42

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

MD5 abe1425d5aae90f4f691cb4652ef3d9c
SHA1 e05729578dcd3130b57220f0fb18e35d64c2826f
SHA256 75f425a7895949cf9ae8a51f335fd50a4734ed9d8f9da6cc281327706d5fbed9
SHA512 4c5a8ebee861140cd74c26611305330c19c5ea0a2a8af2a6b619f652b77bad08bcdcbd128b49fe2767569ce547433e7a20690a19997735b06659ea6e90281b6d

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

MD5 e835b68cfd479a5fadcf3f9e83c30ed5
SHA1 92cea9894408fba5de14d8307a8fad2e6aef7a97
SHA256 8cb6e294288f763960b40924efb85932c407e9766404fbee8221435c3f053721
SHA512 3a10d7531b07680636d300fea7a1bae9b66e4f060c1959c1247d1704e4b89c93d013a615918b6ac228b6be3e05c5e78118b8abd52ef5ea81026eea0707e20df0

memory/6348-4447-0x0000000000750000-0x000000000077A000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb

MD5 144bbdef05458549e1acd2d7845305d5
SHA1 1a48eb340ee9290392435dfb6ace0b99eb775091
SHA256 eb9726ca8d1b9bf4f738cf225077d10c21111bde71adbc9badda97f684cb7132
SHA512 c4eb3215e16724e18d4168b0609542059991357e8fb5dd013d15e7b8c64b2280cde9bc0a3b452bf331271f1f22358196f38e172c85f3e8eb98ff8d626e5daf92

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt

MD5 aef4eca7ee01bb1a146751c4d0510d2d
SHA1 5cf2273da41147126e5e1eabd3182f19304eea25
SHA256 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f
SHA512 d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 e1a758e645cc92b9486ff673d625a46f
SHA1 2c75186ba80de2577c08f5a02d2f98902fdd91a3
SHA256 b36de5bdcfd06c2700180afe8dacdb789054ece2c0fe824f29e9bdf8c83115a5
SHA512 10016ce596f34f15b3dce5f61b6059ceb3bf92368b302de47ec2d836bb5d91a4ea93510ebd34de4c788ad6931a349f446c98d2b64dbeb665cf89066f97726807

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm

MD5 33c4e93c1d108e71bb9d5fa25e268498
SHA1 089a4593ffa3c70c0fc0154424a254e2a7d0434b
SHA256 12c6ba93cb9ef049034c1b6a7f67134166242f5535d731b6742cb77c612397de
SHA512 97d14ebd0d7963b53451d463ec9fac52d10b26a1141a81b1a25cdd5c930d02f1711400c8ed2c7fe90a6a176bf5ff792de7a363fdd9529a805fa35bd93d4c7530

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

MD5 5dbc551d34c6c25417af72ee3aa65af0
SHA1 38e7223b46d8e65cdbad1711e703a3b56618da79
SHA256 6f47875f4133adc8bfc53e8900d1553de077f46d1464800c8d6bb57ffa7006fc
SHA512 2bef05c5a194d0132fa91c4be59fe623f4b4a3e5837203092bf77a256c12a3a69a6465bbf8f53b2fd4536ceb8b7cb033bb2fb0a0692ab6692c52d57f140d1b84

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb

MD5 58f7778767277e41b8d1183056f735b5
SHA1 a7cc92a96b93769090617df5e5223c9e5feb1d2a
SHA256 9a90cf7bff416b8521089507387e1d67967f8456305a803215cc058e8dba1da7
SHA512 2b56daf02dc9929e71659d537659343964c1671bc99f63f08604e77bf5ecf541788fe92f89fe76385bd499d447e5dbedb95701ecbc879a31918f85dd8dee501a

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb

MD5 2f7423ca7c6a0f1339980f3c8c7de9f8
SHA1 102c77faa28885354cfe6725d987bc23bc7108ba
SHA256 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55
SHA512 e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb

MD5 546d9e30eadad8b22f5b3ffa875144bf
SHA1 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d
SHA256 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f
SHA512 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

memory/6348-4500-0x000000001B3C0000-0x000000001B3D0000-memory.dmp

memory/6348-4501-0x000000001D000000-0x000000001D1C2000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 eaf4993d98105b6d89cf8c31d57d0402
SHA1 44988ab13100caee15d16005272c92589faa8b96
SHA256 ad4c676996572c21719c173f9ab4d59ecf2795826fdb0feaa8a0316d42b66672
SHA512 8ab3f98d99c300b5bcb4a71db132c7a9d703adfd11e8c0f0555553d8266d9f2f219f562200b343be48c555637bd7c93c3defb83f383faa5081137b8c74c69604

memory/6348-4512-0x000000001D700000-0x000000001DC28000-memory.dmp

C:\Windows\System32\drivers\mbamswissarmy.sys

MD5 4b2cc2d3ebf42659ea5e6e63584e1b76
SHA1 0042da8151f2e10a31ecceb60795eb428316e820
SHA256 3db4366ccb9d94062388000926c060e2524c7d3ee4b6b7c7cf06f909f747fc6c
SHA512 804d64d346b3dbb1ce3095a5d0fa7acc5da0bf832c458e557dac486559fe53144f15f08c444fea84a01471fd5981e68801a809b143c56b5b63e3e16de9db0d98

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 82ebcf4ea60a926544f60463226c2168
SHA1 90ba3be68662ca4a6ac78ad47035ae1d0e30440e
SHA256 4ccfd4aa94caebcab225bce0d677ec382cf3ff5dbb0c734cb94987f47b84e7b0
SHA512 8df123eb81ea7371bc01efc2bc18300f3c0e4000dc754e6d7dc22eb513ec0dcb0a526e99044ccb512e8f058c03ecb042fdd23f521730c3bd755b60c6ab13892a

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 67149ea227de9d6978db6d7bfe7698bf
SHA1 d0b04ee8cb0c1c331ac0e657a1ed19c47ad6f5b2
SHA256 85638c45817e82a2d7541aa1b071dca0b67c4990f857e7785247dc74b9f6dbb2
SHA512 3526d6c6420f2f46d96efd0964c22acc226242f0fd2165cc733e36db787e23a8cba7681cc055c6259bd96411cd3ce954f1aee0365904ed90fbe5e64492a3bbae

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 7c3da254f4d5d06ee61b9419c8b1cd62
SHA1 03ef4bce169b1c025ede714ca47cf7e80f757417
SHA256 2576c61f7588b265dd1d2077f9d32d1406ede56a6a3acf3c293ad843578e149a
SHA512 966136c629184bf14ab342a2724199c14420b78d05cd78cb254e0a06cb9767fd91ae9a6090a05faba258fc31977b71703ac4c9803ca88f59e2c8c98c25018cb0

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 fcddb8736540ee827dc5df0b1ae0b7a6
SHA1 16ec6d090d6943be41e4f2187acde1f30944b058
SHA256 6f71b41793b96ac979f44a0382f8ef64a68c41014a6d8f0fa8f830db3c781970
SHA512 a00e6f8d9a117820df13bf51fc8d3697f6dce80b5594ce29575a94aa1303376d7cc95a42f4987fd9dcd3af3ebd86611ea46f4d6a7f74e374019b34655a5ea8db

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 f810a165015bf80534e4ba4734f0b56f
SHA1 3fa3b2131f6e263f9205c5658d9f03458e089053
SHA256 b2a5142cf9b37031710e65f14422eaac8675230382299cc7ffa6878e90566bf7
SHA512 26a14e9fa3f20a2a0c15f9ae80326d40894c14ad2436e144ca799310fdf193c0540acd213fd238b8bc26da6f9d7d50508908ffe98ebf15cb3c0657e1dc04c474

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 15ed70be0589d09c2470aa6e76dbc0bc
SHA1 8625860322175e59676c4945e876b7865dd71221
SHA256 2b221b5bb7a351d545cb8a1757f5937ecbdfa776eb2b373bebdfeb841b0ecc52
SHA512 8e38bdbba68a134be35c7fdf463f412c617488fbfe267d62accb0a2df76aed825ff49412770abf53bdc5f953924f1b121a2ebbe5e85d91418db8c0c48af41753

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 af1f5461c4cd28e6f6708974343cb427
SHA1 29bc326468338ae129d60bf9fc3bcc147d9bbe00
SHA256 ac6993534f123fe6c5634a19530914e9d3927a84c4868b969a2afb6e5e288119
SHA512 f153eefcbb161599c7bc9a1fb06ff3afbcd9eb71b83929362a5cdfc56fed673a838068ebe72866fb4cdbc8b26f3c67eec1afef273d99a55a5b37551833ff27da

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 b17cf3e60c3a5e3947e7af7953fe5169
SHA1 496d3bb11aa598d3ca7d3279b09f0beeb9b143f2
SHA256 39787fdcd77fc32f674c3c82ffeab0863c0393fb2adc5479bceb204a906acbce
SHA512 fb18fe04bf119174e414bba46221c8714f56862c7cb153ddfa249c52e8dd3fe99381e66536d6e99a349e9395f8cfeb688321d7d7eea20c08cfb391bfc7078868

memory/6348-4635-0x00007FFED4800000-0x00007FFED52C2000-memory.dmp

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf

MD5 5a9717e1385703e8f06b27aa10a69e87
SHA1 84ee67a9167b5eb6560711b9871de98898ad07a5
SHA256 47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4
SHA512 dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys

MD5 262ccb223392f18adb4b4c846905c4da
SHA1 63403407fbe1712a4bfad0a74efabeba297325ca
SHA256 5d2004603e3b392693a1e74926a36a2ab3573c6790b00ddb14564c8affbd4f4f
SHA512 68b2684b9f0a2e5e33b76e43ac4b25b8e7d3dc3d678fc3c90d70ec5ee65ebdd884d838950fb4bc5145ff927e25796d2e6e97ee6bf365ed4f66ac7f7ba8f63b33

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 da56e68ddf28a4a52191d5dbee6a7d73
SHA1 134d63ff41a41fa10472b438365f584c3e8c86e1
SHA256 1758433597997d4770805521766b00cbf6365e6df56d214e1c1cfd0f849b1d66
SHA512 fa4e605f169d2948e3c8533981330039e04f96a52ed9ff20b168fffdcc4d449bb7bd2af0fffa9a85c1776d23161b12be33d7981cfcdaa4ab0dfc2d705cc2715c

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 36feb898fec82101d6fcdaf3facceedb
SHA1 22c260adea5788b177a8b2d1a6bd332926c1e281
SHA256 6ae10e7cb424a8c6e8f013a849ce30d1bd25b644f5bbd81a5c2468c852341f87
SHA512 ba88ded5073a0894dd24427f6caf8fdf8cccdfe5a8b4322a0b2d1e14bc60deea47a2885c33ebdd3e2b7fc2ae627045fed095c8b1732acb417e1c62be2eadc0b4

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 6ad7f56021a5cf98246a6be02b110413
SHA1 98a52d58984a7bb8755f6d75c7521453235fbeda
SHA256 5d600fc0dd07b599da4cc87f92854bfc5ef77640812728a696306001a6352d54
SHA512 427399d70f480936d935dc613b02b0e0755d6d0ecd9baa3ea55f8fecb45f9179566b116d75b5f05455debe9d03e10950dcc16618d2bdae76e1bb20ffca7f2f7b

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 9c09b942e9ee07964f9e66779e6004b1
SHA1 c7a2a92954ecd85de3af3f94e61cbc8927a25d67
SHA256 d365e72fa80ca7f09a41e8cf5f9f8bc24f7ad9805ff70a66fd446e1cc30a0ef9
SHA512 c1418547059454ab63ababeecf5e5c6478c94e7da97ca80a9285e3c73dd05288c95c56bc28e0a14dbe762ec4b8a02ea43f17b48837ab64dfe03390f0cb052dc6

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.sys

MD5 b98ec70c4d212eb019e7927bbb1b3dc4
SHA1 cfc84115ca08a3df95c394567ed5c3d923c299d7
SHA256 2f8d40a5af572c889458deb3ea6ffae01c8fe7f6395c12018bc27cd4ad2882ae
SHA512 3aefaff33c665b2aa92c32411b242248d4a196f6d42c0a673769cf17083993e32502f39c3573754a0a35294753bd20cc47ecd48c7f5dcc11c6d701e7a5f7b3d5

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 7166631d18e9c222b7a5eda0237e9153
SHA1 2e567df99df3b5f889269a5f2c02258e390e6909
SHA256 696980f76ebdbdd4d38f8b9654bf80cac313ba4e36cf0ada2258c03242fee052
SHA512 b96c357a041b588ca77823a9ee33e79327cef8186da36a4ce7b0fab7b5a47343e8b0e396c7b5f9b16aff281ade287692536df1d8ff8dd4de561193d0c8fad6c5

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 ea475fe4eaa9ab74dd04695f3fc6c046
SHA1 add58b32c6e004771c6e120fe3e25e5a7fb14cc8
SHA256 905ca59446f74b2b82a5f188249a2f0497291083b6f349270ae7f8f4cfaf3e72
SHA512 a9c20a94dcac93578551fe1e4e9addff39841910d091ae49a28ed60330e31273b7af4fc56ccfcedb52ad289779b2ffb147432022e7e67fa5526d9bc21eb16fb0

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat

MD5 1cd8abdaea3bcd30214f01046ecd450d
SHA1 abc8fef03a274dcb9f15c17396e9f0af85a0b0fd
SHA256 cf981ad0b084c330fbfc00f9e559404c6731d407a9f004ce68b50ecd7abe7425
SHA512 a04f2beafbe2311a5eec84f8ecff16db1dda864d420643184b0164aca9958b679205c3ab23bb71095d710f45dc4c3c51ff8b267c36a1ffc768126b48556f5f86

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 f75fba670e4be0d2741343ac6df56e00
SHA1 e76e50b4c8e46b51a18954493e8bfff69bf8e4ef
SHA256 92976a267384baccff87557deb080f3c503a655861ebc50d9e5f5008de37b259
SHA512 e4ef6f7d8fd10b45fa1eee840dc67dba91afeee0847c39b6203e87800de560eaaa73ab85fe5e210aa5b0989c3b04149d29b3fd0d13ca24d3ae7c6398960e4e52

C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json

MD5 c8c4843f847dc02fe1b44df6cb686b69
SHA1 cad9e1d23164d5391edc644524cda26b3e2d3691
SHA256 281769872359cbf4f2aee03175432c9e534b45535b64d4d32d379cfdab6d9755
SHA512 7ceeaeb2477f36b5d1395f7e9f21f6afd3f2712a90a4c0e4655a79bd0837b0528d2e5f5f4e12bfc13b2661726b08c1c5e54afce022912675fbd28702bb590cc6

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 34b2a9bfaf0154295ed4b63ff0552e6f
SHA1 58c9d6272c00e1bef7070e049bf6e4c73e2c88c7
SHA256 3fa3b0f16b9c737238a91e36db4ef45e4468c30dbbc52c5e65a7b88c0824841f
SHA512 a3576bfdb0119bf7dbddc36ab351dd5bdff885716d5b6478d99e0abc88ad96a669376293a2ddb43f9559b6787b1237597eacf055c72419d027262fef2212335e

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 efe46323766e651d219ce3bc04ed426c
SHA1 74695ff64d160b5fc8dade9a594c713907b6a0c5
SHA256 218b0b4d373ee01e749610345b295220caa331d1fc6336597fdb35f55abfe36b
SHA512 148a9e41e6d3d46bf9c6e410fd2c5d3c7256509ec238958fa88a5416973c04f628142b6f19de408620a9db171d0a11232389e59b9dbc39ac1de27e86d255507a

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 d6d31d19f8e2c6514184c7f0e60574c8
SHA1 21c958647ef9b1f45959ee6bd2135446a6cd3617
SHA256 1a4cb1d8b729fda3a268d2f06b5f67ab9d5a529d9c4eb06319997c1bbc12192d
SHA512 d03ca5670468fc76b59eed2f60e5dd47a67662fd963d18517800e01de53167a06982442575925beb89b8b2fac5531ee5f32f74f5d3b0d4c6ad6697c066d6e944

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 a34be37989e20c036b0bede5bd032a54
SHA1 5d3100644090781408e349230837763b65eda9d7
SHA256 0ef5b45af88065a6e378d81492dfb7843240cd3a65532838f24ca1b17f8ce380
SHA512 a0e9bf9ca8a9ce9b4822834863867a4e7c81615fa7bd5db61486fbc20bda4c3bba7501ba5484437a2382a9d797b2eb081e43d127d0e53d1d3f28c77d9259fde5

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 262ca4bdc1898c424cd56c162b175de3
SHA1 82debc51438407607d6f49254b7a8bfa5b7b59a8
SHA256 b53ac9d03f5cd8487171f61a9bab7286be5b93519c274b5f4d8bc7f873fd2170
SHA512 7ae89b6f4ce21d57d231abc9732ab3d402c998c70327ac435358c27cc846cc3c57a06f7d99b586ae0b8e5717a3d3d2e62daa75ef551020c848678fe9d156698d

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 723c540e9ac551da7f9b9b85c6de716f
SHA1 ee91cc42be3c03a351870ddf1a51354a229bd09c
SHA256 f2f27fa6e02cbe4132da2aaacb9be314bd5a114ae4044044ac555e439fed90c2
SHA512 e2473fb5d211972eb8d441dec69c4e9cc4fc5cf2e12a49b8ea54c7cb12444c84f72ed34cfa8819eef0a629aa6651b6fb2676b383da2219a2319014601a81e10d

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 11bfe652ed5c122614d7be93fcd912b6
SHA1 78b4add06cfb5b4f96d3478e750fc2c10c39c17b
SHA256 e5cfdc12c30a3b264d3779abb616899d8b1720149134f9405419b44d8c971917
SHA512 c0adf37f64a88971fcd9ccbe8886f08a6db1967f03c994947418593e30a10e03d25a282d473041e2a2d59f8f595f5ed3b18e5d29900b7bd6bfd859b40312e126

C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe

MD5 635d55a932f22eba2e3b2d22eac6887f
SHA1 e3a795b6aecb9fdca1df4801c7974243f7f9ce81
SHA256 1ef5b7b8efc1b0c92b3268125749420c9379d4ba37a0a2002336d411641c9469
SHA512 31a0011297b6df8e8bc5f27fa9633e6a3e40e9b82ba65d2e2be65b5f6d9464ace7232ee608ec7deda8b50f14a1e8a80ad0697a299d285fa427709bd52fe4927b

C:\ProgramData\Malwarebytes\MBAMService\LOGS\mbae-default.log

MD5 a58034c27dd65f7c1150955d8fc30bb6
SHA1 e465457a4ac6002c5256cce5248237f3b41a36c4
SHA256 129f8418fb6d9186b3fa26dd0f62bf7a7dc7f2de99084398fbc2ca1ccb841f04
SHA512 3779a384e30f7ed32471c2093e68e17df5fc98965090034d8b972b6453f543dd23c010e4046f0d2bbfc6210be898dce775b7a65e302c010d3d32d4b658eadc7b

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.inf

MD5 711bd19edced87c3777b0b6a5a32bbf8
SHA1 9ddf9ff2ee2018c6e7830936c325e699728f7d4b
SHA256 84c4f8147bfcf02981da93b52fe4204251657305a1839bf3a19f61be4d13d37b
SHA512 e0cef3fc1377785f934f6b3f68409505cb54ca7bdd3df501d6d6e5671323a4d219a177f6fa3c58ba76675f1c297b64e5fb5612eddc73aa40ed87cc6e1b18cc63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9cb4ec34083bc230670fbf1c17cfd73e
SHA1 d40926fc29d3634171d27367e094bc55b4da6304
SHA256 6fcfbad33d886e972ad0f06764b2d6ba8023990e04c5cc4ac29e8fff3caadadf
SHA512 ef0422a71ccff1c8ec1563173814a8eb7563401cc49dee332ff30e8946c868056a33accb41f00953af53a65e74df5d1467b5489e54bdb30a06be5f92bc3bf69e

memory/7144-5602-0x00007FFED3D40000-0x00007FFED423E000-memory.dmp

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.cat

MD5 502fd7720b5d16fb4466eb705015b807
SHA1 00ee5f87b5b322d14d1119846f8700f9c1696901
SHA256 b4336baf58e50be497286785e5721eacd113c44b212ff5f7ce9d3b909bf6d392
SHA512 e6b414d58fe5757cc673654fe5faf953a7626ae992f4a5a0214310c72eb36ddf29f1ea58d72d51bf612a88fffda26290618dca0c44e516ed87256cba9c06888c

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 d10ac8170376ec7b73ce8d4ed31a3d3a
SHA1 0eb95bc6c56895b2b9972a90979f53adddbc13aa
SHA256 dcf58f0dad8582fc190ff7f9877ae609c7d362b02be4b155216a65a49346ffd8
SHA512 a9d81032f5e7cf79812ec11d40253da3fa0a9a338183eabcbb67e5a84318a4a4e607e875d03f89d433350b1e77edf756ab8ed7aed6311a1c7911f210a22ccaf3