Analysis Overview
SHA256
48d76602e4079a9f77e957649891631a128ebe39f04258c553026161329c1733
Threat Level: Likely malicious
The file DiscordSetup.exe was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Sets service image path in registry
Modifies RDP port number used by Windows
Reads local data of messenger clients
Reads user/profile data of web browsers
Checks BIOS information in registry
Modifies Installed Components in the registry
Downloads MZ/PE file
Looks up external IP address via web service
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Registers COM server for autorun
Checks installed software on the system
Loads dropped DLL
Drops file in Windows directory
Executes dropped EXE
Drops file in Program Files directory
Enumerates physical storage devices
Modifies data under HKEY_USERS
Checks processor information in registry
NTFS ADS
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies registry key
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks SCSI registry key(s)
Enumerates system info in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: LoadsDriver
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 20:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 20:12
Reported
2024-04-07 20:29
Platform
win11-20240214-en
Max time kernel
347s
Max time network
363s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamChameleon.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mwac.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET96D9.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET96D9.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\mbamtestfile.dat | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| File created | C:\Windows\system32\drivers\mbae64.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbamswissarmy.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\farflt11.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies RDP port number used by Windows
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Reads local data of messenger clients
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Downloads MZ/PE file
Enumerates connected drives
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.iplocation.net | N/A | N/A |
| N/A | www.iplocation.net | N/A | N/A |
| N/A | www.iplocation.net | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_04b60d124553a40f\rndiscmp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\net8187bv64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\netefe3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_532c2a6259a26a38\netvchannel.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\net7800-x64-n650f.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\netwtw04.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_cf2766005585f6cd\c_net.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\usb4p2pnetadapter.inf_amd64_a9fd59ce64f17c8a\usb4p2pnetadapter.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\netvf63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\netwew00.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{e757ab25-ebc4-1a40-8500-65488f18d5fc}\SET76FE.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ndisimplatformmp.inf_amd64_206e9e544d84356f\ndisimplatformmp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\nete1e3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1ed57daf97af7063\netrasa.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\netwtw02.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_d2a498d51a4f7bec\rtcx21x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_bfb9fd6f3a078899\netvwifimp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{e757ab25-ebc4-1a40-8500-65488f18d5fc}\SET76FD.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\net8192se64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlans.inf_amd64_97cd1a72c2a7829c\netrtwlans.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\netk57a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ipoib6x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_749854ac3f28f846\msux64w10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\net8187se64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_a31306bfdf7135b0\bthpan.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ykinx64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\netl1e64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\netl1c63x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_1fab0fd8cb4d7dee\netwmbclass.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\netwsw00.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\net8192su64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\netl160a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_d54f628acb9dea33\dc21x4vm.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\nete1g3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtucx21x64.inf_amd64_d70642620058e2a4\rtucx21x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\qcwlan64.inf_amd64_71c84e1405061462\qcwlan64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\netxex64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_1a82423cc076e882\rtwlanu_oldic.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{e757ab25-ebc4-1a40-8500-65488f18d5fc}\SET76FD.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\netwbw02.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw10.inf_amd64_3b49c2812809f919\netwtw10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\net7400-x64-n650.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{e757ab25-ebc4-1a40-8500-65488f18d5fc}\mbtun.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\e2xw10x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\netwtw06.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_f1efe88b4f90c639\netax88772.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netmlx5.inf_amd64_7aeb3e6bfcb2f0f1\netmlx5.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\netwns64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{e757ab25-ebc4-1a40-8500-65488f18d5fc}\SET76FE.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\netbc64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\net9500-x64-n650f.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_62f41b89e0dc2537\netwtw08.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_bccd4c0a924862b1\netrndis.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\netathr10x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\mwlu97w8x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page13.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.Registry.AccessControl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.WindowsDesktop.App.deps.json | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework-SystemDrawing.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.NETCore.App.runtimeconfig.json | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.DataAnnotations.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\UIAutomationTypes.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Brotli.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-math-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.Lightweight.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\RTPControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\T001.nbd-SR | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Contracts.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\Microsoft.VisualBasic.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Snd2.wav | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tools.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\ReachFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework.Classic.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-memory-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Input.Manipulations.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\Microsoft.VisualBasic.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.Data.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-multibyte-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Input.Manipulations.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\UIAutomationClientSideProviders.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\System.DirectoryServices.AccountManagement.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page7.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework.Aero2.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hant\System.Windows.Input.Manipulations.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\SelfProtectionShim.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Bonzi.acs | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page6.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\WindowsBase.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\AEControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BG\Bg3.bmp | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\System.Windows.Controls.Ribbon.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp006.gif | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Printing.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\WindowsFormsIntegration.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page0.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\BrowserSDKDLL.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\sentrynativesdk.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziBDY.vbw | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.Primitives.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\SwissarmyShim.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page16.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Linq.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Controls.Ribbon.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.tmf | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.StackTrace.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationProvider.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\SQLitePCLRaw.batteries_v2.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page9.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Runtimes\spchapi.EXE | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Serilog.Extensions.Logging.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page6.jpg | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\msagent\AgentAnm.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\chars\Peedy.acs | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\tv_enua.hlp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SET2073.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET141C.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SET208C.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\help\SET208A.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\intl\Agt0409.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\lhsp\help\SET142E.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2041.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET2063.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET2089.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentCtl.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentMPx.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET2075.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\fonts\SET142F.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgtCtl15.tlb | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tv_enua.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\lhsp\tv\SET141D.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tvenuax.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\INF\tv_enua.inf | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2062.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\mslwvtts.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentSvr.exe | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentPsh.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\INF\SET2088.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\agtinst.inf | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\msagent\chars\Bonzi.acs | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET141D.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\fonts\andmoipa.ttf | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\intl\SET208B.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\fonts\SET142F.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDPv.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\help\SET208A.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentDp2.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET2074.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET2074.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\lhsp\tv\SET141C.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\INF\SET1430.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2063.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET2073.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET2087.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2089.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\SET142E.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\INF\SET1430.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SET2087.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\help\Agt0409.hlp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\intl\SET208B.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET208C.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET2041.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET2086.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\INF\SET2088.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET2062.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET2086.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET2075.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentSR.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbshlext.dll" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C247F24-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E20FD10-1BEB-11CE-80FB-0000C0C14E92} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E91E27A1-C5AE-11D2-8D1B-00104B9E072A} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8DB2224E-D2FA-4B2E-8402-085EA7CC826B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\DefaultIcon\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\assistant.exe,0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{59E42E77-5F19-4602-A559-3FFA9EE51202}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FFBD938D-3ABA-4895-97EF-5A0BDF7AC07D}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{29D9184E-BF09-4F13-B356-22841635C733}\1.0\FLAGS\ = "2" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E3867A2-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F050-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C247F22-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\ = "IAgentCommandWindow" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{50538523-AA2F-40D3-9B58-DB51D5BD3D4A} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1691A7E8-B8D1-46D5-BB29-3A4DB2D809C6}\ = "ICleanController" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{50538523-AA2F-40D3-9B58-DB51D5BD3D4A}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6655E528-3168-47A4-BF82-A71E9E6AB5F7} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3F656FD9-2597-4587-8F05-781C11710867}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D51C573D-B305-4980-8DFF-076C1878CCFB}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0E64B3CF-7D56-4F76-8B9F-A6CD0D3393AE}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.TelemetryController\ = "TelemetryController Class" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{71B13605-3569-4F4A-B971-08FF179A3A60}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F3B74800-4C27-4692-BC00-5AE37FA118E4}\ = "IMWACControllerV18" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Control | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveTabs.SSTabPanel\ = "SSTabPanel Control" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DECC98E1-EC4E-11D2-93E5-00104B9E078A}\TypeLib\ = "{0A45DB48-BD0D-11D2-8D14-00104B9E072A}" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{108E7F3D-FB06-4024-94FB-3B8E687587E4}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{36BABBB6-6184-44EC-8109-76CBF522C9EF}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2E404A3-4E3F-4094-AE06-5E38D39B79AE}\TypeLib\ = "{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8640989C-20B4-41BE-BFE1-218EF5B076A6}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4900F69-055F-11D4-8F9B-00104BA312D6} | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{106E3995-72F9-458A-A317-9AFF9E45A1F0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{014D0CF7-ACC9-4004-B999-7BDBAAD274B7}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A9D47FCC-ECEC-453C-9936-2CD0F16A8696}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE11629C-36DF-11D3-9DD0-89D6DBBBA800}\verb\1 | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD3-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A0F9375-1809-45ED-AFE0-92852B971139}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C6D21D6-7470-4555-A8FB-6C2292B39C46}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Version | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\Version\ = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CLSID | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{960F2BB5-E954-45C5-97DF-A770D9D8C24B}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{78E69E6F-EC12-4B84-8431-1D68572C7A61}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\ToolboxBitmap32\ = "C:\\Windows\\msagent\\AgentCtl.dll, 105" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8153C0A7-AC17-452A-9388-358F782478D4}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{23416CFE-018D-418E-8CE9-5729D070CCED}\TypeLib\ = "{226C1698-A075-4315-BB5D-9C164A96ACE7}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D57ACF19-30E3-4B7E-BCDD-6EEB8E57AF27}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B1BDE8B0-F598-4334-9991-ECC7442EEAA6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDF-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{40FC6ED9-2438-11CF-A3DB-080036F12502} | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB52CF7B-3917-11CE-80FB-0000C0C14E92}\TypeLib | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C367B540-CEF4-4271-8395-0C28F0FDADDA}\ = "IPoliciesControllerV9" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD4-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{97DA9E74-558F-4085-AE41-6A82ED12D02C}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE35F2CA-6335-49BA-8E86-F6E246CFCEA6} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{638A43D2-5475-424B-87B8-042109D7768F} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{239C7555-993F-4071-9081-D2AE0B590D63}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4A9108FB-A377-47EC-96E3-3CB8B1FB7272}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C4D7E3C7-3C26-4052-A993-71E500EA8C05}\ProgID | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4E0F1EE6-E7CA-4BEE-8C08-0959842DA615}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E8D2DC04-56F2-4F6F-8E11-8CB2BB337FCA}\ = "IRTPControllerV17" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:Zone.Identifier:$DATA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Bon.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe"
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe" --squirrel-install 1.0.9037
C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9037 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=22.3.26 --initial-client-data=0x54c,0x550,0x554,0x544,0x558,0x8645d78,0x8645d88,0x8645d94
C:\Users\Admin\AppData\Local\Discord\Update.exe
C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1936,i,9756090154897806154,15636213353471342693,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2024 --field-trial-handle=1936,i,9756090154897806154,15636213353471342693,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe\",-1" /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe\" --url -- \"%1\"" /f
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb31fa9758,0x7ffb31fa9768,0x7ffb31fa9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4044 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4948 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5008 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff6cf3d7688,0x7ff6cf3d7698,0x7ff6cf3d76a8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5028 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5112 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4664 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3784 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4948 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5464 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5620 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5972 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5988 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=880 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3348 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3232 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6172 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6164 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5652 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6032 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5696 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5688 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7072 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6912 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5688 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6912 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7040 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5368 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6992 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6816 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6064 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6524 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6504 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5856 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6372 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=6696 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1628 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6420 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=3704 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=3700 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7500 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7504 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=7528 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6924 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=7672 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7492 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7356 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7712 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7680 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7708 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7556 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8
C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
MSAGENT.EXE
C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
tv_enua.exe
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE"
C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004DC
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000154" "Service-0x0-3e7$\Default" "000000000000016C" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
Network
| Country | Destination | Domain | Proto |
| GB | 2.18.66.72:443 | tcp | |
| BE | 2.17.107.130:443 | r.bing.com | tcp |
| BE | 2.17.107.130:443 | r.bing.com | tcp |
| BE | 2.17.107.130:443 | r.bing.com | tcp |
| BE | 2.17.107.130:443 | r.bing.com | tcp |
| BE | 2.17.107.130:443 | r.bing.com | tcp |
| BE | 2.17.107.130:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.107.17.2.in-addr.arpa | udp |
| US | 20.42.73.30:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 13.107.237.254:443 | t-ring-fdv2.msedge.net | tcp |
| IN | 20.219.13.99:443 | a2951c1f694fc191df52b48e075019ce.azr.footprintdns.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 172.217.16.196:443 | www.google.com | tcp |
| DE | 172.217.16.196:443 | www.google.com | tcp |
| DE | 142.250.186.110:443 | apis.google.com | tcp |
| DE | 172.217.16.196:443 | www.google.com | udp |
| DE | 142.250.186.110:443 | apis.google.com | udp |
| DE | 142.250.185.138:443 | content-autofill.googleapis.com | tcp |
| DE | 216.58.206.46:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 142.250.184.227:443 | id.google.com | tcp |
| DE | 142.250.186.46:443 | www.youtube.com | tcp |
| DE | 142.250.186.46:443 | www.youtube.com | tcp |
| DE | 142.250.186.46:443 | www.youtube.com | udp |
| DE | 142.250.184.227:443 | id.google.com | udp |
| DE | 216.58.212.150:443 | i.ytimg.com | tcp |
| DE | 216.58.212.150:443 | i.ytimg.com | tcp |
| DE | 216.58.212.150:443 | i.ytimg.com | tcp |
| DE | 216.58.212.142:443 | www.youtube.com | tcp |
| DE | 216.58.212.142:443 | www.youtube.com | udp |
| DE | 216.58.212.150:443 | i.ytimg.com | udp |
| DE | 172.217.23.98:443 | googleads.g.doubleclick.net | tcp |
| DE | 142.250.181.230:443 | static.doubleclick.net | tcp |
| DE | 172.217.23.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 138.212.58.216.in-addr.arpa | udp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| FR | 151.106.4.82:443 | bonzi.link | udp |
| DE | 172.217.23.98:443 | googleads.g.doubleclick.net | udp |
| DE | 142.250.186.65:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.186.65:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.186.65:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.186.65:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.186.65:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.186.65:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.186.65:443 | tpc.googlesyndication.com | udp |
| DE | 216.58.206.46:443 | fundingchoicesmessages.google.com | udp |
| NL | 216.58.206.70:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | 70.206.58.216.in-addr.arpa | udp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | tcp |
| DE | 142.250.185.98:443 | cm.g.doubleclick.net | tcp |
| DE | 142.250.185.98:443 | cm.g.doubleclick.net | tcp |
| NL | 185.89.211.84:443 | ib.adnxs.com | tcp |
| NL | 216.58.206.70:443 | s0.2mdn.net | udp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | tcp |
| DE | 216.58.206.46:443 | fundingchoicesmessages.google.com | udp |
| DE | 142.250.185.98:443 | cm.g.doubleclick.net | udp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | udp |
| FR | 151.106.4.82:80 | bonzi.link | tcp |
| DE | 142.250.186.50:443 | p4-fai5rxbxehx72-c3a7kmyjc6xnckyl-819167-i1-v6exp3.v4.metric.gstatic.com | tcp |
| DE | 142.250.185.242:443 | p4-fai5rxbxehx72-c3a7kmyjc6xnckyl-819167-i2-v6exp3.ds.metric.gstatic.com | tcp |
| FR | 151.106.4.82:80 | bonzi.link | tcp |
| FR | 151.106.4.82:80 | bonzi.link | tcp |
| DE | 142.250.185.162:443 | ade.googlesyndication.com | tcp |
| FR | 151.106.4.82:80 | bonzi.link | tcp |
| DE | 142.250.185.162:443 | ade.googlesyndication.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 104.26.6.214:443 | www.iplocation.net | tcp |
| US | 104.26.6.214:443 | www.iplocation.net | tcp |
| FR | 151.106.4.82:80 | bonzi.link | tcp |
| FR | 151.106.4.82:80 | bonzi.link | tcp |
| FR | 151.106.4.82:80 | bonzi.link | tcp |
| DE | 142.250.186.163:443 | p4-fai5rxbxehx72-c3a7kmyjc6xnckyl-819167-s1-v6exp3-v4.metric.gstatic.com | tcp |
| FR | 151.106.4.82:80 | bonzi.link | tcp |
| FR | 151.106.4.82:80 | bonzi.link | tcp |
| FR | 151.106.4.82:80 | bonzi.link | tcp |
| DE | 142.250.185.162:443 | ade.googlesyndication.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| KR | 34.64.233.111:443 | e2c5.gcp.gvt2.com | tcp |
| KR | 34.64.233.111:443 | e2c5.gcp.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| DE | 142.250.185.67:80 | www.gstatic.com | tcp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| DE | 172.217.16.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | e2c26.gcp.gvt2.com | udp |
| US | 34.86.82.41:443 | e2c26.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 41.82.86.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e2c11.gcp.gvt2.com | udp |
| AU | 34.129.38.245:443 | e2c11.gcp.gvt2.com | tcp |
| AU | 34.129.38.245:443 | e2c11.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 245.38.129.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| DE | 172.217.16.206:443 | encrypted-tbn2.gstatic.com | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| HK | 172.217.27.3:443 | beacons2.gvt2.com | tcp |
| US | 8.8.8.8:53 | 206.16.217.172.in-addr.arpa | udp |
| HK | 172.217.27.3:443 | beacons2.gvt2.com | tcp |
| US | 8.8.8.8:53 | e2c8.gcp.gvt2.com | udp |
| SG | 34.87.124.238:443 | e2c8.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.27.217.172.in-addr.arpa | udp |
| SG | 34.87.124.238:443 | e2c8.gcp.gvt2.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| DE | 172.217.16.131:443 | beacons3.gvt2.com | tcp |
| DE | 172.217.16.195:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 238.124.87.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| DE | 142.250.184.195:443 | recaptcha.net | tcp |
| DE | 142.250.184.195:443 | recaptcha.net | udp |
| DE | 142.250.185.138:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 131.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.184.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.184.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.181.250.142.in-addr.arpa | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| DE | 142.250.185.162:443 | ade.googlesyndication.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| DE | 172.217.16.196:443 | www.google.com | udp |
| FI | 35.217.17.196:443 | e2c39.gcp.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| US | 35.212.207.78:443 | e2c51.gcp.gvt2.com | tcp |
| HK | 172.217.27.3:443 | beacons2.gvt2.com | udp |
| DE | 142.250.186.46:443 | encrypted-tbn1.gstatic.com | udp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | plausible.io | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| GB | 143.244.38.136:443 | plausible.io | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | 233.66.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 50.19.73.65:443 | genesis.malwarebytes.com | tcp |
| DE | 142.250.185.138:443 | content-autofill.googleapis.com | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 35.245.208.72:443 | r1.visualwebsiteoptimizer.com | tcp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.208.245.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | api.demandbase.com | udp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| ES | 18.67.240.43:443 | api.demandbase.com | tcp |
| US | 8.8.8.8:53 | www-api.malwarebytes.com | udp |
| ES | 18.154.41.67:443 | www-api.malwarebytes.com | tcp |
| ES | 18.154.41.67:443 | www-api.malwarebytes.com | tcp |
| ES | 18.154.41.67:443 | www-api.malwarebytes.com | tcp |
| ES | 18.154.41.67:443 | www-api.malwarebytes.com | tcp |
| ES | 18.154.41.67:443 | www-api.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| DE | 172.217.16.131:443 | beacons3.gvt2.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 54.71.232.169:443 | api2.amplitude.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 169.232.71.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ark.mwbsys.com | udp |
| US | 52.2.64.5:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| ES | 13.224.115.3:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 5.64.2.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.115.224.13.in-addr.arpa | udp |
| US | 52.2.64.5:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| ES | 13.224.115.66:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 66.115.224.13.in-addr.arpa | udp |
| US | 52.2.64.5:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| ES | 13.224.115.66:443 | cdn.mwbsys.com | tcp |
| US | 52.2.64.5:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| ES | 13.224.115.66:443 | cdn.mwbsys.com | tcp |
| US | 52.2.64.5:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| ES | 13.224.115.3:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | ipv4.am.i.mullvad.net | udp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| SE | 45.83.223.233:443 | ipv4.am.i.mullvad.net | tcp |
| US | 23.20.67.183:443 | holocron.mwbsys.com | tcp |
| US | 23.20.67.183:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 233.223.83.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.67.20.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| US | 34.198.76.229:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 229.76.198.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.comodoca.com | udp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 104.18.38.233:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 2.21.17.194:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
| MD5 | b80e266f10752d57fd4f5df29f4c5b18 |
| SHA1 | 393253b81af010c29f91653716a29b92f9f79872 |
| SHA256 | 52624abd44d7ff29a4eda72f9c5317c6c52f80743c02d3d0b4462153e76fc3c2 |
| SHA512 | c6afcb7dc071233145a54b6e190e8ab9587ce1d1958cc5599b3dfe02be5897ada2a4eac7f2bc70fc6637d261144df86fa5478134d54c332bfe2750a6d9f8e88f |
memory/1508-9-0x0000000000BF0000-0x0000000000D66000-memory.dmp
memory/1508-10-0x00000000738B0000-0x0000000074061000-memory.dmp
memory/1508-11-0x0000000005850000-0x0000000005860000-memory.dmp
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
| MD5 | 7763bf329f69dda236bed5d4cc4636a9 |
| SHA1 | c7286e00b9673d9536770aa6fce42899d39f34bb |
| SHA256 | c728be42dbebe9010039ed3c2667d60b3f19e4f2cdb48c740bdb8e034401cc71 |
| SHA512 | d9377fe4cd86a464a4ac664872f0ead92b5a0a10770d279a6b5454691e4e3520af37b4c2332316c08ebf797df8338559d5c4d70f25f4b86cc370288a6febde67 |
C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9037-full.nupkg
| MD5 | 77fd55678dd0eed9bcbb311d0a8c0b85 |
| SHA1 | db9d881928aa2bb808834470f1b03d5a7037cb43 |
| SHA256 | f3342765e0ce49f97fa92e70825b8892224e4829355c6dadb7038e01f4ac62a2 |
| SHA512 | ec9edd00875b8fa5b96718bc45c1c758cf9003f43e997820c2dbd4ffca070291d210c109b3c6b6a5ea92d4eeaf90a09099098c3d8498c6656d0ff712c66208b8 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
| MD5 | fdd2dc840e723643ae48859c97fea71a |
| SHA1 | 28db738f5a99bdb35168724ee00f28382adf2134 |
| SHA256 | 47cbd931e266bb3b3a6125b956e6d169647612fd19bdfa1798932b633e760bc1 |
| SHA512 | 9fc50389e4ed27e59935c1b607c1c0a8e197c1c20564364f5f03b096cbb1a1189678c92ae9c641ecf5ea644b287064d3a1c7d99e52e4156df139ded4daa26a5c |
memory/1508-197-0x0000000007EF0000-0x0000000007EF8000-memory.dmp
memory/1508-199-0x00000000101B0000-0x00000000101E8000-memory.dmp
memory/1508-200-0x0000000010190000-0x000000001019E000-memory.dmp
memory/1508-201-0x0000000005850000-0x0000000005860000-memory.dmp
C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\ffmpeg.dll
| MD5 | 22e4f4d52854aa6fc16a7570e8450912 |
| SHA1 | c4bde8528c16dced387e4ba2e6743bf1a2546566 |
| SHA256 | 937e0ed0fb5682bcc549ea44e389e97a269b0141d57d08ace74e54bc14ecf12d |
| SHA512 | 973b14599dc95b762fce0af6c6cc5d869ac6e3eb50d875f5b67ca83a6cbe076dd69a1b82f7e66f8fd71a09e7f9461cb50d36115a3a5c14bc05816e2c80ab86e3 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\v8_context_snapshot.bin
| MD5 | 3f6f227dc46c0d5262cd6ca9bb7703e5 |
| SHA1 | c8bc76f93cc6305e70f2041a52acfa6c44e9889b |
| SHA256 | 869f5e88fb5e04840f035fc1c3f688e94499c8514bd053c9979413ebb8de4611 |
| SHA512 | 566394fef910b8edeb04c7f5c172ce9b361478275463f7eee4b5611536241431fa7638e47e5ac4b9df7467c98b120869b4e4f87e46628b40dae5685897cd256c |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\icudtl.dat
| MD5 | 76bef9b8bb32e1e54fe1054c97b84a10 |
| SHA1 | 05dfea2a3afeda799ab01bb7fbce628cacd596f4 |
| SHA256 | 97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3 |
| SHA512 | 7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\resources\app.asar
| MD5 | 285e0f97a0c2bb8e2790d8228b88127e |
| SHA1 | 47da0b46e5183d8cd5b6f4e35d1ad5678eb0999f |
| SHA256 | f03e68c56c8d4c594130f1aed49b1caff51d8d9db552aa33e2eed72c1c48aa19 |
| SHA512 | 122774c569e08989a4d5ebe7772292c8ae1555742410596ef819f5054439416822b571e80c84bb8721a615090563d154dd8daf41883067a2dbdbdae38265f4a3 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\resources\build_info.json
| MD5 | 3e62eda73a7542411dea90593126c515 |
| SHA1 | 3dfed1182a2158e65926799229af4f3441e4d275 |
| SHA256 | ef0c6245e8684ff7c7eab648d0a5df441ea9ac172b7afb28641084b40a865620 |
| SHA512 | d0f4bf63a09e0c8eeff4105eb033b853575ff609c26ce28c3c90ae10c0c3d43643925cd03f2b616ed67a5373560998b694cd55541969fc3ef063fb4755706ee5 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\app.ico
| MD5 | 084f9bc0136f779f82bea88b5c38a358 |
| SHA1 | 64f210b7888e5474c3aabcb602d895d58929b451 |
| SHA256 | dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43 |
| SHA512 | 65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\resources.pak
| MD5 | 3b20663d297fe4175c62e07df022d436 |
| SHA1 | 03e57b5fd5d33eeec5d510c5382a263b4514c306 |
| SHA256 | c8895857a61455b2b2beca23f6d400d29fe1685666bef79f11385a3485d24628 |
| SHA512 | ddebaa58495c93ebc282b27bfa883eebc36048707ad779f8557eb12683c38f1db9be8e2f96257456aa6ce6b26e8d639dc28783b6cddc92d294219ace66c9134f |
memory/3564-223-0x00000000738B0000-0x0000000074061000-memory.dmp
C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\locales\en-US.pak
| MD5 | 3f6f4b2c2f24e3893882cdaa1ccfe1a3 |
| SHA1 | b021cca30e774e0b91ee21b5beb030fea646098f |
| SHA256 | bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f |
| SHA512 | bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c |
memory/3564-226-0x0000000004CE0000-0x0000000004D00000-memory.dmp
memory/3564-229-0x0000000004DD0000-0x0000000004DE0000-memory.dmp
C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\chrome_200_percent.pak
| MD5 | 5604b67e3f03ab2741f910a250c91137 |
| SHA1 | a4bb15ac7914c22575f1051a29c448f215fe027f |
| SHA256 | 1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c |
| SHA512 | 5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\chrome_100_percent.pak
| MD5 | d31f3439e2a3f7bee4ddd26f46a2b83f |
| SHA1 | c5a26f86eb119ae364c5bf707bebed7e871fc214 |
| SHA256 | 9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e |
| SHA512 | aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\D3DCompiler_47.dll
| MD5 | 08ac37f455e0640c0250936090fe91b6 |
| SHA1 | 7a91992d739448bc89e9f37a6b7efeb736efc43d |
| SHA256 | 2438b520ac961e38c5852779103734be373ee2b6d1e5a7a5d49248b52acc7c4d |
| SHA512 | 35a118f62b21160b0e7a92c7b9305da708c5cbd3491a724da330e3fc147dde2ca494387866c4e835f8e729b89ee0903fd1b479fcc75b9e516df8b86a2f1364c8 |
\??\pipe\crashpad_1436_CIFMOKNICXVWYWOM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\libglesv2.dll
| MD5 | 3cfdbeca8f05caeaaf4299d7defa6ea9 |
| SHA1 | b1d60f5a7a430223f529944dd4e5d1133961df1f |
| SHA256 | aea9b2d2ede35e098a2b1e71296c13c80fb686d3f8c50161bd91aef58c456d61 |
| SHA512 | 33770ea4502826f602bfe8d3316a0cebf3f0339013a45461700d002665cdea5fc9814637182167af6dd226ea96fb2bd8344c5215af7f24bc3b13e3b771696faa |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\libegl.dll
| MD5 | 5151514e51221d954916e23b262df83d |
| SHA1 | 59671bfc513f995703b3f5d34434f7a7ef695b87 |
| SHA256 | a57a95b5a0a5858610ee1845cf49a3d44c9bf38b6fbfee3f228c3cc516d05c2f |
| SHA512 | ec0eec9de3382e66eedfc067a9961f1247be27392d54d4844e2faa944adc29efd7e420cc5de9d64d25f40adbd420b418ba8921d07060b0d83386dfcdc7b688b3 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\vk_swiftshader.dll
| MD5 | 094a0365a255a3b62227c87bdace1678 |
| SHA1 | 0810540ae0ef480b7357d1f0b3620725d6f903fe |
| SHA256 | 196f8e5a50cf5d83f5256d9237ff705cbdaeadd9c2660b4da88037403425093b |
| SHA512 | 7c805f17f285899c172d29728958a4fab109609266706b167b12d883004fbef2f53219a8c135fbdae6ed08c9a07a9e1d34ae0f067bf6bffb7da3753903add376 |
memory/3564-291-0x00000000738B0000-0x0000000074061000-memory.dmp
memory/1508-314-0x00000000738B0000-0x0000000074061000-memory.dmp
memory/1508-315-0x0000000005850000-0x0000000005860000-memory.dmp
memory/1508-316-0x0000000005850000-0x0000000005860000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 55f93fb296bd19d92c9275d14e63e426 |
| SHA1 | a053044a3c652b92a0cb00acb33107585d98b6cb |
| SHA256 | 9e35d87a56aaf57120b9d3f2aac97dee52d2824c8452a7bf7d172e1cc17fc496 |
| SHA512 | 94e7a1af3685d777dd9002f1b85012b3b2e65740b47ddb8adf62c18fa846a725b75288e03e438e3404262205746627dc028e41cbf21946caa1a855ac488d2eaf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4d2827a52a66412dba30fa686f2dd27c |
| SHA1 | 8d0de576260582319425b3e30c4c4fdfb6b42560 |
| SHA256 | 79c4b25e77ef6201ab1b9dccd6158361b7d96b4f440212cc009a2a92ebe3c6d3 |
| SHA512 | 36e59d77f67cf5d6a0707ef0c2405a94446a3ed22a51ec5167991be2012e2784b240f9138634ed63dea2c04692d98a8164bdb7fb1a1cc232f18a9a7682faa7a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 45d7d33e9b919e3ae40d54ec124fac6c |
| SHA1 | 4e0f254290c1aed71f3a7e6f0c27589bb71fc2bd |
| SHA256 | add71e1b9e797999ddae6be5e82a11b79236b3446741d4e17c046abbebfa5dd7 |
| SHA512 | ae793da5d726ce98301b994216a4dfa0738d8374c9b1df933e5ffc9c999bf8a5edb4596a5d29e755c39c8a0d146cf82c286bd0aebc610c1eddd926d903f4d258 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | eed838ae2ae17694325ac7c02cfd107d |
| SHA1 | be45282576d7d49fdcc542946071988021376c55 |
| SHA256 | 35810960cd56d6794509eb06db7c6ec17697042cfdb2476a0166a3f319562c35 |
| SHA512 | cefac585061b1c0b50248360d56799590b3f88f153e325f64b7b5077c20038e2b9410842e6bd5f9950ec4a857960a589a5c11912b65397801e2fc49c0a236155 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dffe3cadce1661d3c64ca26736a0220a |
| SHA1 | 04015f2e0e85a238ae7ea80fcfc62da0ca567418 |
| SHA256 | 3643345680da55cd47212e4e8a99b59152db99da737ca859b6228e1a034a50c4 |
| SHA512 | b0fbd180af675fc3ef8055d6aeb3f011878b6c26548a3494d4349a94e61375d00c23767654f9704b6fb5262beaf857118c2e2800de56a9a10595cf47ce41a4e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 43926a0dc0348596728ac39a76c0a3ce |
| SHA1 | f11ec9eadcd00e03c831be3d4515e083ba517cc5 |
| SHA256 | fe00d609fed069c729f32f35e715526f62ee095124c32df2b44186529f6673ac |
| SHA512 | 52a078419bf0e377fe184e7a9aaba7c6b81b8f7df798d417e49eae67540fcf912a685eaf5a860c4d2e09e28c365e5ea706f406f84d3c55e27084123af85ed57b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | bf89ffc08dddb2e610f22e6f6482b59e |
| SHA1 | 0935a5b4037121a21ac415df3bc50ed650f2797e |
| SHA256 | 85605fbddc4e7adf25ea44dec486d0de703e606a92df9435807c63471505df6f |
| SHA512 | e3a5f57616c88e406e21e07745ca4f8b7bd11bbc0bc768303fc89e664ef6b40f754a56671c6f36bb629d5252c9b1ffd08cfea96274350e0622269c80c2989af9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | eaeb9c60d461979c1667ba6adfc74c69 |
| SHA1 | beac5272e486bc96e5ae15371297db9cebbb9fa2 |
| SHA256 | 0cb2d8df9498e647171bda1eacf1a1e505a228f6cf36813a49f3b60f9fc8b896 |
| SHA512 | 63ebc6f683f683cef6d6d2f69f79ef2a021fd38f8729725b9065c74c1208c5fdb522a08f1dc0ce48e9c28c8eb53b1ba096a78b804729aa37a8b186b9426126d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | e3b7c1f55a368984a5ba8cba843ed6b7 |
| SHA1 | 3362755d9f77b6eb0801ea9b3301a24ee63fb22d |
| SHA256 | 7bd1a844aaf30cf44b61e3e9266a2db03f61dad8c851d78b170df9034ceecce5 |
| SHA512 | 64b0d6689a59da5bf40762169b925eb0dc0d47d0f60c8a83c3cb3696af2c036eba4fb7336e77b99509d9c80ec3b942649c62950c179185ebcbaa132804bb133c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58a3ad.TMP
| MD5 | 2a4ca26adc3023fd185de26af756f976 |
| SHA1 | 362a32be66709d58f2dd7805540b8f9d35f9680f |
| SHA256 | f52e5005494307e566821626e5d0e9c6720a5ed097198237a2afb448f40d2fe4 |
| SHA512 | c1a75ac2350b470ad73401eeddbce11d939dc540156b6228ed30845bc67229afd8281b03559ec78273f56723aa820b23c796d2e38747a356e63038265dae1b2b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | e7598fb8a37cba6f15fac8dfe908a277 |
| SHA1 | d2c6bc5abf785b0d5e2c20625983c4795733add4 |
| SHA256 | 27d1731e1488d642126ec8fc645f0943a85f9db5521b45119af696c9c49e41b3 |
| SHA512 | d19abf40c6da8f47c20df579bacb234fba91ece1c12bd1b1af120b2bba29caaa332bc8d06ab0036174049a1e49c88149f9262e2086639f4c934022e35938e4df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | fd5188e3699ec96e9d4c674f6843ef4a |
| SHA1 | f7dae59bc3df3068411ce36c85b84e397d2c850c |
| SHA256 | 47def1fcab5019b1bdb162b9107bab954744f4cbbe18559fee79dff1f225b5d7 |
| SHA512 | 33107205378cb3f38192525d2e7d4bc6b923104381e1c36e1d8d8cac592a00c9574df89d9b0f6424ebbd836f49fbff114b3d302801e58379695bc871fca98071 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4b4bd9341b4943025ac3ce037a3e7069 |
| SHA1 | 081fb33a67c28bd0987ee7643cf6e0448f9ab1f8 |
| SHA256 | 28c181baa0dc785950ba49a677febcf29715717c35cc081a03f506553939ebf3 |
| SHA512 | 2fbae72129fffdf66c8bd2ef93d1a5eed4299ce92c454a51f6d27513c85dee2639887da7e148d9d08a1e6e018763dde44645898fc76192a6ea7401c11f35e9d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 13da424e1ede114691c3d87bcaa3134a |
| SHA1 | 2557389800bf1d940e1b3938f05469a4c9f8b551 |
| SHA256 | ae04852c1ee5988f9cafaf1095f42ac89a85e2857ae2b279992223a7142f66e0 |
| SHA512 | d1446e601116d60538dcebbc81116b446638decde9daefb2230535d9b45f84593b3fb7a97b6076be8e3928f71c74b632a2f21f329d5597336c8e4a8538c7955a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2d9e364d88f102ae4164c143fdf6baf8 |
| SHA1 | 2c352278a47c41010e7deab14005a0230a4c87eb |
| SHA256 | 1e103f3c56625c9cb806b5c8818a72f14923eed7d14a509937d2cf1c80d69d4f |
| SHA512 | ab2715942ce90472d2a78e547506577794f32d4056f0426accef69b97c39c8ab1ea091d802613fe7858db01353210c36f44b7319b01e0589819560ac21456125 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58e9ee.TMP
| MD5 | 519b3e4378914569e568bfad125cdc27 |
| SHA1 | 7156cfeaff820d936aceea491009366fa088853d |
| SHA256 | 5c90816279bffcccb2c3572abeb1e0098d7968ff0d6d3641825d94aded2e8a2e |
| SHA512 | a961d8103123f429d893c2dc0847cf34724e412204654109ec64f84758fc2387f9b41da9dc4cff268ca667e22ea0d9ce65de7e2dcab4fac76b20a97786a38865 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 352f66f14122e82874ad91891dd7de75 |
| SHA1 | 123eae04c90d80acbc520f35f880bf0a2212c79c |
| SHA256 | dd144c24c3c5b3dfb5dd6ea46c143b362bb9ee2c1bb2fa74959060a130c8f0cd |
| SHA512 | 6724bb9cfeb71562e6c1bdf92cb40cb87c7b2398b08e0f5d34e9d8e4fa77f34508769a99e4ac4ffc939bfb7f1112c8df943e54a88a069ef1f5905f27e6bfe7b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3f17fb0469521d7c5327bed382983a18 |
| SHA1 | ffcb0756765597b370d684fb8b6d66cc8ddb1150 |
| SHA256 | 71a1f79c15356470130f65e3a82cc765aa1fd41ceb5a05e5ccd8560130ae20f6 |
| SHA512 | c7c5742136d5e6d672b2f871ce64cc46ff03cbbb1909c4e4a850bc2e5411d23e33d944afe961f5931f85c82477c80667a1584fb176f6eb0531cb4e3648a75630 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 10932728c94c1c938207cb19d43ad3a6 |
| SHA1 | 8cc2dd81dde175337a86bf8dd2b96472f515db66 |
| SHA256 | d94fc913c0706f7d142911e80cb5b9c87d11cecce12714ac0f011ddf7620d65d |
| SHA512 | 32312a5e89396caad186d61bd7d5252fa0852828dc645a2018c3b99404a378e014d4167075fecf08c904756c1dfa53f441de2f5b92dab71dad4028d3c3151db3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6caa77c33edc54ce8d1d74c47df35115 |
| SHA1 | cf8ee9886da208816bb2ee4869971860b75a695e |
| SHA256 | bae82e8d1aef06c161046cda5dc61d53dee8c8fc80f86c69f47b8b4a7d125672 |
| SHA512 | 9c087705b9118260929c9c77c3dfd27766960435ea83c54ced89cde2af778d5040b203dcfb43a00554243b1926d6a4915334a718afc0b47dfa0d93434dff572a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e4b3355c60bd2275b90e575b5d49857d |
| SHA1 | 7ea8debe38030e583ce745381d3f9003744d4f1e |
| SHA256 | f9e306db2f0ab7d45e00cb08bd74859bccb1099ac31684bf7c8f5ba98d022e45 |
| SHA512 | 237231010051b3a42dfa20bf74d961dee12f9ca115cff11bbf769c371ca838cf6ccf559d6af178500c47873fc1fa27593984d7396ee5752916875d202cbb2ddf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 253fa410b53de1a4db67faeae475e7be |
| SHA1 | d446f0225ab9cfe94057affc92f72b1cd5e3ed9b |
| SHA256 | f4cec3e4fefef136bca5a41aab940beec5387d533db1901a599bda14fecbde0f |
| SHA512 | be99a077b02a8ad3ae0125c2371d1263d11c152cfc3e5019ca40aae0752b78b29d0524b504c28741601cae5c28ba698d2c0e8727598051a7e9a982ee181f9655 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f0320956f83e336f81c62932d38c7807 |
| SHA1 | c28e1c4cd71da97053a64424a5564a779a0b04f0 |
| SHA256 | 8afe19a20eb11de967ecdf1c20d5634920c6aac5ab2c3f1c6feda3757459791e |
| SHA512 | 6e2a31c46e75789a3ddda4f8dad3b8fffbb60ec93ca68bad6b783faad850f6687fb00df1cce78bd60bb3994cc8b29daa0e4ff7d860160cee14a53d37353de8cb |
C:\Users\Admin\Downloads\c56ff5d8-ddd5-448d-b42f-3b0dcb998238.tmp
| MD5 | 25afcf36b7f5aba6e436d7db60f15829 |
| SHA1 | c61b46c34c57d4b250de09467376f3ec819d70ea |
| SHA256 | a4de5e8127fd600d77bc3463fd501693abb59490ae585811be196269c9d80963 |
| SHA512 | 156d5acabd891fc00ce28c272e576d13b95603317821422173aae88e778a11c6128bcd47cacaba2c564302ca5c70f420ba12f1b39acf7a888477fa21aac7d4b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7dc46bd4e720f11e093de17f12283f41 |
| SHA1 | a2fb6cfee53f571c7c5b4c0c6c5021a0972a8620 |
| SHA256 | 5683029e7257627785301019aa32a949455ae8290248a21fc120db82a2e9c2d3 |
| SHA512 | 5158358d35c18bf4739d226fe0b4284a7014bad46513f2677a07bf16063b5e813eb55cfd469db8bf71abbb31bd87cbe89bc69aba5863ede0e24f69a80f6c4336 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5ccf56ae123267c499641f7e342430ef |
| SHA1 | 3b42af60e158359b8a9e0fcbce1a8c1bcb729147 |
| SHA256 | a7b42e6a549dba1262de97887b00c948aeebee86fe6072bfb06f65a7e697eeac |
| SHA512 | 59cf4ff871c2ada70fb5e4bd77d585530daaaa01a75dd64f235f2e9d27085239e0cb9996501306b19f6381db0540d59886f6853afdd7c6badaa5c2988fb4de93 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 9868f905aa172d2ce76a9000d498426f |
| SHA1 | 565e49a6553f07ee724de2fafb3b9194e7a3c5e8 |
| SHA256 | ca03b6472a05799b195c2fe3ae71e2bdf370527e688dda23bd9cce6de3bf09da |
| SHA512 | 95abfadaa0b7c043198d657870b58caa1bf8d720b3c308c69170db9fc214a091a53dbad1135c838f6c3ce2be709fba5d1d75f9c9e0be5f52c144522bc4fdd1dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 101aab38f387656a91c82dcaadb4b2a3 |
| SHA1 | d00927f341349772a75379ffcff72670bdc224f7 |
| SHA256 | 879e82d2fe1836cdf7141a0c0e9d4ff63ced9c1e1b48797dae14d597a8afb4bc |
| SHA512 | d250e4e976a0dda95b4aac649330b2ebbd691153c619ada4a28cad8630c6ec583d78dda087f7c6c14fac7493ccaaeb2a20c5ae33fc67b82356d9175acca8e41c |
C:\Users\Admin\Downloads\Bon.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c69e4645ebf5eaf6877e8135797781a3 |
| SHA1 | dbde122659a962eeb7085abfde5c4c2afc46b926 |
| SHA256 | 5c047fc9071e1cb8d0971a852161b70e9639c06261decc4ad4e77d6642fa3fcd |
| SHA512 | 8cf9a447fd89072649401278c9c6f5b318ee06ba829821b6052763ccf1fdf90079aea616852cf6f93ff61616514418e136712c3032ec7a981dafceefb3d8aaa6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | babff89c66eb006edba294381cdedf5d |
| SHA1 | f2653c510bdb3812485bafce0e13df3b0dbda9ba |
| SHA256 | 9c8fd205accd1eabcec27f0bb9712ddd63e0573e8713da0bb70c96818ba11123 |
| SHA512 | 6fb7863a0e0c0f6f8f1f1c1718805d56bd041f958d44b9b278f4486510af9f973d6215ba4d971ba63a47eb9d7c73632f36237b7f1ec58111fd62cc0e19f7f2b5 |
C:\Users\Admin\Downloads\Bon.zip
| MD5 | 65259c11e1ff8d040f9ec58524a47f02 |
| SHA1 | 2d5a24f7cadd10140dd6d3dd0dc6d0f02c2d40fd |
| SHA256 | 755bd7f1fc6e93c3a69a1125dd74735895bdbac9b7cabad0506195a066bdde42 |
| SHA512 | 37096eeb1ab0e11466c084a9ce78057e250f856b919cb9ef3920dad29b2bb2292daabbee15c64dc7bc2a48dd930a52a2fb9294943da2c1c3692863cec2bae03d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
| MD5 | 12a9b59c31f705220f44a362dd78ae95 |
| SHA1 | d1c267364c06c75d60ef922ba2607613caa77349 |
| SHA256 | be5241562b6019f96c909705fbdea12a283c5b45f626000c58963f85590bd58a |
| SHA512 | 0034585e051782cd18ec1f4f78e655c0785a44ebcc984b8000b3db54ad83d5c56f837c2dccd13637fc00942dacec19f557684211b7f934e88a3e9f4d4f7d8dc9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4bc2f75369eb2839_0
| MD5 | 3c39b07a1aa6bd38882ae0c28d03550a |
| SHA1 | cafaa15f2d266ac23a0cb57da6ba41bb4187805f |
| SHA256 | cada7b9b94e16bec6519beef8945a76b0324bc3870f9c158e062c462067d8ea3 |
| SHA512 | 15648f5fe2df82e1261a52d83c6655d6337b48768d34195b8e8906f220c02d0bc18b132ba6a06504ec732583f028b3a545da1010560c695c9c0a448f72aacbcf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\67c50de98b45ef7a_0
| MD5 | 2900b7bea8c878595c12172a241d12cd |
| SHA1 | 99212ae931e5fec61f1364f15db52c3839ce6841 |
| SHA256 | 346588735e35988e910932a7d6749a3946af8a0357904818b5bebe8d3e84fca1 |
| SHA512 | 2035e75db9da65919cb5ceaf1946e2ce517f02c8f39fafaffb17bbbc8a0c3dce13c0d6feb7575a3bdad9eec99c5650279a421e11337b59d6d513da981528d1d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\29a3a61f63e5181b_0
| MD5 | 40a1457e9b6459b838ff84253cf86553 |
| SHA1 | e3bff849e547e1181d0e7b726c38287074886163 |
| SHA256 | 9abb1366287a9fd290671d1254c459f62991e9a7d26043c55aff41be9156ed6d |
| SHA512 | f1e45349399ef6df3a123a884df1d3af2afe8cb1dd75ca69af102be34fb70fe99c1db88eb741dcfa658a0c8efbd8705902baa8581499786aeb4fd78d3e01dbb4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\da9715a0f8cc45b2_0
| MD5 | e85ff8ea2279497cf2686d14f5ca6e5b |
| SHA1 | fb24089eea343242d4436d1511b71ec89ca31dda |
| SHA256 | a2e57b1d3318c1f123baf1fd05987ac5fdb332d4a2cbd653391592eea293749f |
| SHA512 | b1e9de0210e8be319f6dfdec32867099b7e71165182df32d2fd1da3342634a5a5f8ee9a4978aef83e5615c7c5c59f0a314ecbc5a7d56b7d8caf3012d8e0df363 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fc4e9ec405c0278f_0
| MD5 | ceb6c8b990cbdf1f6c49dac6ae42a3fb |
| SHA1 | a43a440d1412d2e4ad3cf6f92cacf26f2eee581c |
| SHA256 | dfe2bd0290bb35089b8886ecd9a2463abfcabfbf461422c20cabb7113ba3ec4d |
| SHA512 | a59cb9c474b288095642a89d67e38b318e2e38d4031628c77ad49cd38496dad1f1e3865e7d7c9202c33c1da6452050e663d8ee48defbddd37fef856a1931be3a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9c2bfb1943c821c8_0
| MD5 | 17547f158262481ac2ba09e0563156fa |
| SHA1 | 6956471ee59bc146df1992b75b54d721a0dc3f61 |
| SHA256 | 04fb46bf349f5e0383f2ec938ef89c5d19b9e4fa37feba8657b9aca9c1cba4f1 |
| SHA512 | ab6c680b4af245aa4fc2f009f40086cbe5f32e3dd700ac21cee982e727a7a426a7188e01b595d80e9f42d352eefaf6d1167a60f67920a06673b2a4263923c912 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\75edcb36895ccfd0_0
| MD5 | f603d325e4a260af6dcaf14f2c377571 |
| SHA1 | ec4fcc556b17030e3ad33a7c1bf54e71e5a6c891 |
| SHA256 | 020d8a95566a3e8e3118338188f369afe578d7cc22de5a0134551be19cf4f603 |
| SHA512 | 088db311f59654e7e4e26d85dcb83d9c8bda1d888c161ea6eea92a790f33be56654cc229b091dd6ddd13c53f7a10cfc697785dfe6e8aeb5716984735defca8ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 83ea8a5e86d95f525ac594c1f256987e |
| SHA1 | dbd742a3f0cbba3e659570bf4b0677fcc494a9fc |
| SHA256 | 3d260e54dc9ced6e07a1d0051012c0edecf4699d9a03a2e2db753abd89ecb6c6 |
| SHA512 | e56c82195dbf6ef0024aff77970c9c7d86f8d2364e8962a52913a76f29be13aa6f16f4fba3f8dafec46e0594fd8e52381e242f4d8783a5b644ac9f326da00857 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 0cf573b4dbccc9442bfa4f88a5df0330 |
| SHA1 | c255f5b3deb76709b5881e029a73be8fde078619 |
| SHA256 | b352923035b766cca60ce41220ffbbca7355315e4dff9a1f047ae08986787868 |
| SHA512 | 2c662c2d0e9982ca3eec0bdf4f21bd8118a7229e82743e6e72ce5438f621a9e7efbb2694300531193192d5fb388d37d84b53d0187172e9de2268ba5cfe4eb288 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056
| MD5 | 319e0c36436ee0bf24476acbcc83565c |
| SHA1 | fb2658d5791fe5b37424119557ab8cee30acdc54 |
| SHA256 | f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1 |
| SHA512 | ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4cc5a48a235fc00a9b33654fe5e2aeb0 |
| SHA1 | 962578f408539e4db2780417ee43ba1cc54e70c6 |
| SHA256 | 44523017b428b4bf166b66c859f98a99800b5d98c18a3133d68be379c5bb6104 |
| SHA512 | e87ddca3b419fdb5f4b39e26f42e2d8e00066086ec90ff74408a2b1622e60a2f00d9913b18f4b0f2160d7c8cb764397b71a4fdf0175d1bace90b2eaaa8dc1c5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ffe23e66e4708c30e6931fc037860b62 |
| SHA1 | 1dd15ef48bd355d48c80bc35c6a11ac639efdb97 |
| SHA256 | 22eaa68b5c3acf1f546427e2dd8bbb7755d6d56abbd2db1d2f6587d99540b1c0 |
| SHA512 | f80083d8ddb5142c98a6b0fd95de54c6a8d02912fe69ba6713ad2b93425eadfc47b16be66b501708393a07b962ded2453a713fe6df1e3d9cbda4ddeb15dd14f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2dc3c28da498726a2ed231272793de57 |
| SHA1 | bb2077ea1b528d61300d494281d3787210d6ba9c |
| SHA256 | 4289edf13a560ce693a7c7012d4e8d2c6d31989aa4b4c8feed72f40538cbc5ce |
| SHA512 | e3a672e70938bea30ca072e1dd39e9a33bc31211b9665a222caf8c6437fa9993ecd580e9d2ca2263b96d6cfe6a56d0754274c67b436a50a64a2f90006c64e473 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | edabd241a9782a68ac22df6d1ef8f5c2 |
| SHA1 | 3189bca96184b3fc770ab33af4f81599bf4cbcbd |
| SHA256 | 631bb4d88ea393924028c71416d6c57a558ec530e4b64c3ab11942e2a6587353 |
| SHA512 | 6c8746e6eb482d0ffbee501deb21a91563561352df2dd174010f60f268a7d107eeb8be33acc4086f8b1e8314959ccf3f9199f576af734e4eff288b924fa65162 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 4c5366e8da934ccff752ed8979b2bacc |
| SHA1 | b82847e060a7f6421227fa3f395fda8c1394e87d |
| SHA256 | 3f41a4cd59ba3413621c7fa0d67ea176d7d1e44e4ac233bcc55fefa12644e7a0 |
| SHA512 | 34a3b470cbfa9e3313b0dbbfcf553124b4116f4f29b5d5c518be4995f7963c8b86b4acf6acf9f47b538e2d269e0260874f641e604808e38fd980bfbf85cf4670 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ad1b9.TMP
| MD5 | d11ef8c09b58d49faa58c493b3f59275 |
| SHA1 | 7a3373ca30bb210ed0f2e3da6be04b8497a33ca0 |
| SHA256 | 2b03cba17ee1d94142347380cf67fb31bd2fd5f0f9935350cef83ef2d554900a |
| SHA512 | 7faf45fd737415204dc1a10e696780c2ab442bec9624d05bfc4a87ac2d371c9bd81ed951269e15f4cbe88edf7f02a00595b66b87f6fcbea2d343e0d8a10c154a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e949c12d34aff1084402017dd6b898de |
| SHA1 | 1e6f24af4105e44fcbdc24138f5473d584dab17e |
| SHA256 | 706ce1100191d70130a2ffe0137a9c55d32a1ac0cb9f25ef011174a337261493 |
| SHA512 | 74de619e345dd4869223dbff99a1f586bb0d12d89b77b9653ccfe3fadbc988b4c5ed2f373ba6357e339a004473cd7e56b5f8ab698b6986d3272a768c1ffeb5a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3423e55a30a7dab7f1c78047ecbdedb6 |
| SHA1 | 19675bcb517a5c338b4838f81dec902d566b32c2 |
| SHA256 | 783e06a4f4e1025c9d6094c14315f5fccb4008f0fffb2b505a27846b8f75019b |
| SHA512 | f1a2a19b79d0ded0df6974b2036c766c2b6ccc6775d267e1c32ee5fff16efa6b1b1f9b257cb5d534ae4236c56b54577b08de44c9580803f1a40903820a88ca79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9595c7b333244e21b4cded7e440d9607 |
| SHA1 | 9b4ffb9eec4f9a2c7cd78b5339a59539523ac52c |
| SHA256 | d2f2c238ec66584dcd14ce1cc21bdb85f27ee554343bbfe562c14bb7df86a3ac |
| SHA512 | ad3f18fcc4837d7c1abd841eb6f76669e582714ccadca6ca18f98dc3474855731592b3e04a88f9b96cd2632b24db80057dba9202d09116c01e21a5fbb1a42517 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f96cdfe3c827c68b63d64f24e4a6ad86 |
| SHA1 | 842f998ef7dfbd6cdb0504eff91f020d82d7f637 |
| SHA256 | 276eb10c1c1b934ccdca93e8f0157a0964996015b271b0c998322aa9b20c99ad |
| SHA512 | 7a4a654be31f45f1affc11b943c50237259c77a944d032cc1dc13932dfc61543bb56e4c62094c8b0c7903b071800444dadd7b533a8ee33b97b2745d25093efbd |
memory/2772-1391-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | 8623bf926f43c7076c367557816cd725 |
| SHA1 | 04b976d7a1acb7144f5c2b1779074046536d753e |
| SHA256 | 00616bdb7b2855a4ca199520c017a0f02b12bcf67f61f8f83b83fa291d5203b9 |
| SHA512 | 85614d647541572011d78d96203165a881525b5a2b391d47fdaf5b8c8c50514a8ddacd1f8435fc8a12adfa2199fb1da249af6af7738b046d55a04fc0a1ee2783 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
| MD5 | 968b68eea877f186e9245bb7b0ab6a36 |
| SHA1 | 7285c83711c30e92bdd18d975b72d92075949c5e |
| SHA256 | 8c5742989f495fb49322bf9c8b88677de62ea8a78f5a797debb9fc024166540a |
| SHA512 | ceb7f85c0b3dc0e0155536840b859d697dfb7430822213b589fe978b986337eeb5a137e5fff10ee58e331c149f18183d8d0a9e12b7715ce7a61b2676cf5feab8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | 0492f56253a5e617ab6827826c8bcf31 |
| SHA1 | a8db868c5f914e8b73f79bd9401d1749011aabb4 |
| SHA256 | 07ddfa2673d96e05e4534fd3236965155881fbbf426e04ff96ecbb0921944d64 |
| SHA512 | e00dab806bf9103e071ec9cee73a64a73272ebec13aff658d2bbba769b125ac543e5cc67e781784371186933fa44f26077a239353e299f1b3641790cc0997d88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
| MD5 | 30dfb67c82862da92bc89f33fd9f99e1 |
| SHA1 | 9b8420b1e1b1a3c3c70e39c2f710ae3ad22539b3 |
| SHA256 | 331cc2bc4d0980789b3ac18298824abc6201ce155f5c63aba67b2466ad486b53 |
| SHA512 | 5416c9bf576e1b917ae71518416c6f654572b42830fdcba7b48c324c72a8a48fab06911143e0ffa26643860258f87123ff71abe9ec646d764325c95e19686444 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 793f670245b06c39b2ac1875d5f25e7f |
| SHA1 | 58fee22152324393405bd55e299bf938621df028 |
| SHA256 | bfbe63c771bc05ad44cfbb1c4b3d23b9eca997160dc87118d2faeb45c3b7e506 |
| SHA512 | 8a1adfd87ae8b582c39eb9fe7aa37e8073db89ea2fd554f03cf567779b02bc2cc07641b21b7373190e44375c6e3d5e5b9dfcdbfb88922eb9dee66b8db7a28631 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 214d95e8dd7ea5808bb14e71c138a811 |
| SHA1 | 2b929b2fb18646bbde0a1aaf64a6fd19c232f02a |
| SHA256 | 7a4a66af4ae95f45b12c0ae78f6c2d47772a4711bf19ab6a12fcb74124275eed |
| SHA512 | 08c1aa4fc4faf9b50dda3c8c43ea2660b22f7458f792c2112cf46ee65651b8d56292884da0c2490ad8620012de0a5c4faaf2ce7fcde6c5baa4f8fd6fc240e390 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5a52b879ea363a86c1157e213a782dcc |
| SHA1 | 0261b64479158656a68b4d547fd74ac919467e1f |
| SHA256 | 7bae655c15e9201232c2b1d5d0051e08963a5e908940c02c511a25323ab3ed95 |
| SHA512 | 0e2660f44f88d29d691052fa2792f086629980741e06c69f7333e47f72058bf5b559eb0bd0a4424259cfdd26474c3cf3359c97de40a572d6e270e686610cd913 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | eabe425ca99731d87971354a3934dcec |
| SHA1 | 055ee3644555ec1c1223b83d46bee876bd64fe4c |
| SHA256 | 802c8f7e283751cfbd6e901fa8f5deb396b340b31a3b072ee53b53a2d689be60 |
| SHA512 | bb72a8387d368b9eeb022b9cd2bbaaeb71df598bfbf69ed8ba818ddb982b117a326372e5c7d40ffc669460c8a5a3ceffd2f38174f2b27fa7cdbe881349b488e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5ae2dc52af21fc65f6f3593928c73ff0 |
| SHA1 | eab773342663a22edf699b587a284e540b446db8 |
| SHA256 | 1fc5312b714ef1d57bb59d3f2ca7143d06aee4d7768c96800c9aef2c2fee0f83 |
| SHA512 | 61012c1c819689a7e758a1052678fb9d423b885fe5a1c8570f526792e0d5b205582773d884e478b79f9ec5db6aa40795f6552465e6258a9d801f246512883129 |
C:\Users\Admin\Downloads\MBSetup.exe
| MD5 | b6d8b7e6f74196f62caba2ca77a7ae91 |
| SHA1 | 6ac9c99f084b5772440e2f135b8d5365f7f45314 |
| SHA256 | 74b0bf9c17091ab1c6c61af0aefbc599f1ecc0fff6dee0144a3dfd5cd1f5e18f |
| SHA512 | ad58bc7b626a13606e3f44df7188b2420e0f31ecb55632eac4b6a05dc1574f1ec1b0ef6b52e11832713c6f8f91c807fe3a815699d0748284993ecc54f2823044 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0776cb047b52e0744d6645dc52e41f16 |
| SHA1 | 17806da7846bea732dc0802577c277e360274737 |
| SHA256 | 329b2c007ff60e7af17017f5564da448ce5c7bcfdfd7ded6b7967e558edc36bd |
| SHA512 | 87cbcf62cd7b31065dddf40b681a6fe2ce20d4dca3c07fde8df777cd4dce4895d553dcb459fa0f8140869b4820980742df8ff8a3d24a5d416412905b70ca4dab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 60bb0018f76031cd45eab33deb77e83f |
| SHA1 | 27ff23c636567ab8c7fbbf96b88eeae1f3d1c0d9 |
| SHA256 | b469f11dad0ffc89cbe28b1f5c006d32fafc1c275bff6e89f75eb1118f93b8fe |
| SHA512 | 5536488e560c8c4e1c6e7ea6606b7386c44f47ca85223a6803f246c10f60c3de311cd921d0d5c433554403d4c1275bf51570844a1ae2117c09cf1af0f4a867a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 72f963fc8d4caa32e24d7b055711a9d4 |
| SHA1 | 60ac3ab141d34bc9e0e2377a408050c4d3a995ac |
| SHA256 | 283db77fe30cac5f781fff95cce13c331c47c13adb718ce6f1c8da869f8f0388 |
| SHA512 | b881d9a0f44a9e6b1d43ae5dcbd7f7f3a6061af3904c8d011cb17ef01a27b8a2c67f52161ccffd6b58eb2a42d129b96696a0d96448fb571ad08133d7f5e4118a |
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp
| MD5 | 8e15b605349e149d4385675afff04ebf |
| SHA1 | f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b |
| SHA256 | 803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee |
| SHA512 | 8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d |
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
| MD5 | cc91fbc5e424154388afbe808de25ff6 |
| SHA1 | 94e1c35ea3f8d75622ccf6f14a2ad18bfac00e3e |
| SHA256 | ed16b285a19a54cb07262e0ac68608218307fbaaf075c0eac4d5e106d94c6c00 |
| SHA512 | 9185c81449cf4f81e68fe008ee4889388751f7d70cb550ed52b816bf146bdf1fb105e1da8e7ab2230ca028ee2079d9724fb0a80f8c1682082daa0ab94b130567 |
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp
| MD5 | 596cb5d019dec2c57cda897287895614 |
| SHA1 | 6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa |
| SHA256 | e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff |
| SHA512 | 8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20 |
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp
| MD5 | 7c8328586cdff4481b7f3d14659150ae |
| SHA1 | b55ffa83c7d4323a08ea5fabf5e1c93666fead5c |
| SHA256 | 5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc |
| SHA512 | aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d |
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp
| MD5 | 4f398982d0c53a7b4d12ae83d5955cce |
| SHA1 | 09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc |
| SHA256 | fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2 |
| SHA512 | 73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913 |
C:\Windows\msagent\chars\Bonzi.acs
| MD5 | 1fd2907e2c74c9a908e2af5f948006b5 |
| SHA1 | a390e9133bfd0d55ffda07d4714af538b6d50d3d |
| SHA256 | f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95 |
| SHA512 | 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171 |
C:\Windows\msagent\chars\Peedy.acs
| MD5 | 49654a47fadfd39414ddc654da7e3879 |
| SHA1 | 9248c10cef8b54a1d8665dfc6067253b507b73ad |
| SHA256 | b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5 |
| SHA512 | fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f |
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp
| MD5 | 94e0d650dcf3be9ab9ea5f8554bdcb9d |
| SHA1 | 21e38207f5dee33152e3a61e64b88d3c5066bf49 |
| SHA256 | 026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e |
| SHA512 | 039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6a061a52de265146621e3547e5fe7132 |
| SHA1 | 3450ba9c9f4d0a21825b2678c202a7ccbbfb3218 |
| SHA256 | ccefe22b3bf7329d47c9a642c8f9de14786fdfbf9c1894ea196de571752effe7 |
| SHA512 | 859c6d0e6233ae58e2d480b5d61b390c5a36fe426978c464ce72f08a20ebc093d8fde1697caa1077822bef0183ea66b6d1b0f6d23ec9ece34b2f88862988a2c1 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg
| MD5 | 108fd5475c19f16c28068f67fc80f305 |
| SHA1 | 4e1980ba338133a6fadd5fda4ffe6d4e8a039033 |
| SHA256 | 03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b |
| SHA512 | 98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg
| MD5 | e8f52918072e96bb5f4c573dbb76d74f |
| SHA1 | ba0a89ed469de5e36bd4576591ee94db2c7f8909 |
| SHA256 | 473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82 |
| SHA512 | d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f |
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp
| MD5 | b3b7f6b0fb38fc4aa08f0559e42305a2 |
| SHA1 | a66542f84ece3b2481c43cd4c08484dc32688eaf |
| SHA256 | 7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b |
| SHA512 | 0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
| MD5 | 8a30bd00d45a659e6e393915e5aef701 |
| SHA1 | b00c31de44328dd71a70f0c8e123b56934edc755 |
| SHA256 | 1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a |
| SHA512 | daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
| MD5 | 73feeab1c303db39cbe35672ae049911 |
| SHA1 | c14ce70e1b3530811a8c363d246eb43fc77b656c |
| SHA256 | 88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8 |
| SHA512 | 73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153 |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
| MD5 | 93f3ed21ad49fd54f249d0d536981a88 |
| SHA1 | ffca7f3846e538be9c6da1e871724dd935755542 |
| SHA256 | 5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc |
| SHA512 | 7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f |
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe
| MD5 | 068ace391e3c5399b26cb9edfa9af12f |
| SHA1 | 568482d214acf16e2f5522662b7b813679dcd4c7 |
| SHA256 | 2288f4f42373affffbaa63ce2fda9bb071fd7f14dbcd04f52d3af3a219b03485 |
| SHA512 | 0ba89fcdbb418ea6742eeb698f655206ed3b84c41ca53d49c06d30baed13ac4dfdb4662b53c05a28db0a2335aa4bc588635b3b205cfc36d8a55edfc720ac4b03 |
C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx
| MD5 | 3d225d8435666c14addf17c14806c355 |
| SHA1 | 262a951a98dd9429558ed35f423babe1a6cce094 |
| SHA256 | 2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877 |
| SHA512 | 391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1 |
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx
| MD5 | 66551c972574f86087032467aa6febb4 |
| SHA1 | 5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9 |
| SHA256 | 9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b |
| SHA512 | 35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089 |
C:\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe
| MD5 | c3b0a56e48bad8763e93653902fc7ccb |
| SHA1 | d7048dcf310a293eae23932d4e865c44f6817a45 |
| SHA256 | 821a16b65f68e745492419ea694f363926669ac16f6b470ed59fe5a3f1856fcb |
| SHA512 | ae35f88623418e4c9645b545ec9e8837e54d879641658996ca21546f384e3e1f90dae992768309ac0bd2aae90e1043663931d2ef64ac541977af889ee72e721a |
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX
| MD5 | 12c2755d14b2e51a4bb5cbdfc22ecb11 |
| SHA1 | 33f0f5962dbe0e518fe101fa985158d760f01df1 |
| SHA256 | 3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf |
| SHA512 | 4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf |
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX
| MD5 | 7bec181a21753498b6bd001c42a42722 |
| SHA1 | 3249f233657dc66632c0539c47895bfcee5770cc |
| SHA256 | 73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31 |
| SHA512 | d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc |
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx
| MD5 | 48c35ed0a09855b29d43f11485f8423b |
| SHA1 | 46716282cc5e0f66cb96057e165fa4d8d60fbae2 |
| SHA256 | 7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008 |
| SHA512 | 779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99 |
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX
| MD5 | 9484c04258830aa3c2f2a70eb041414c |
| SHA1 | b242a4fb0e9dcf14cb51dc36027baff9a79cb823 |
| SHA256 | bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5 |
| SHA512 | 9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0 |
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX
| MD5 | ce9216b52ded7e6fc63a50584b55a9b3 |
| SHA1 | 27bb8882b228725e2a3793b4b4da3e154d6bb2ea |
| SHA256 | 8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13 |
| SHA512 | 444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7 |
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX
| MD5 | 97ffaf46f04982c4bdb8464397ba2a23 |
| SHA1 | f32e89d9651fd6e3af4844fd7616a7f263dc5510 |
| SHA256 | 5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1 |
| SHA512 | 8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002 |
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx
| MD5 | 7303efb737685169328287a7e9449ab7 |
| SHA1 | 47bfe724a9f71d40b5e56811ec2c688c944f3ce7 |
| SHA256 | 596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be |
| SHA512 | e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03 |
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx
| MD5 | 32ff40a65ab92beb59102b5eaa083907 |
| SHA1 | af2824feb55fb10ec14ebd604809a0d424d49442 |
| SHA256 | 07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42 |
| SHA512 | 2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43 |
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat
| MD5 | 4877f2ce2833f1356ae3b534fce1b5e3 |
| SHA1 | 7365c9ef5997324b73b1ff0ea67375a328a9646a |
| SHA256 | 8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff |
| SHA512 | dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e |
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
| MD5 | 66996a076065ebdcdac85ff9637ceae0 |
| SHA1 | 4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce |
| SHA256 | 16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa |
| SHA512 | e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c |
C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
| MD5 | 3f8f18c9c732151dcdd8e1d8fe655896 |
| SHA1 | 222cc49201aa06313d4d35a62c5d494af49d1a56 |
| SHA256 | 709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331 |
| SHA512 | 398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
| MD5 | 81e5c8596a7e4e98117f5c5143293020 |
| SHA1 | 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081 |
| SHA256 | 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004 |
| SHA512 | 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf
| MD5 | 0a250bb34cfa851e3dd1804251c93f25 |
| SHA1 | c10e47a593c37dbb7226f65ad490ff65d9c73a34 |
| SHA256 | 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae |
| SHA512 | 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll
| MD5 | e7cd26405293ee866fefdd715fc8b5e5 |
| SHA1 | 6326412d0ea86add8355c76f09dfc5e7942f9c11 |
| SHA256 | 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255 |
| SHA512 | 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll
| MD5 | 497fd4a8f5c4fcdaaac1f761a92a366a |
| SHA1 | 81617006e93f8a171b2c47581c1d67fac463dc93 |
| SHA256 | 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a |
| SHA512 | 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf
| MD5 | c3e8aeabd1b692a9a6c5246f8dcaa7c9 |
| SHA1 | 4567ea5044a3cef9cb803210a70866d83535ed31 |
| SHA256 | 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e |
| SHA512 | f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp
| MD5 | 80d09149ca264c93e7d810aac6411d1d |
| SHA1 | 96e8ddc1d257097991f9cc9aaf38c77add3d6118 |
| SHA256 | 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42 |
| SHA512 | 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll
| MD5 | 1587bf2e99abeeae856f33bf98d3512e |
| SHA1 | aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9 |
| SHA256 | c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0 |
| SHA512 | 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll
| MD5 | ed98e67fa8cc190aad0757cd620e6b77 |
| SHA1 | 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d |
| SHA256 | e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d |
| SHA512 | ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0 |
memory/2772-2504-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL
| MD5 | 7210d5407a2d2f52e851604666403024 |
| SHA1 | 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9 |
| SHA256 | 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af |
| SHA512 | 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
| MD5 | e4a499b9e1fe33991dbcfb4e926c8821 |
| SHA1 | 951d4750b05ea6a63951a7667566467d01cb2d42 |
| SHA256 | 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d |
| SHA512 | a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL
| MD5 | 4be7661c89897eaa9b28dae290c3922f |
| SHA1 | 4c9d25195093fea7c139167f0c5a40e13f3000f2 |
| SHA256 | e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5 |
| SHA512 | 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
| MD5 | 237e13b95ab37d0141cf0bc585b8db94 |
| SHA1 | 102c6164c21de1f3e0b7d487dd5dc4c5249e0994 |
| SHA256 | d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a |
| SHA512 | 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL
| MD5 | 7c5aefb11e797129c9e90f279fbdf71b |
| SHA1 | cb9d9cbfbebb5aed6810a4e424a295c27520576e |
| SHA256 | 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed |
| SHA512 | df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL
| MD5 | 316999655fef30c52c3854751c663996 |
| SHA1 | a7862202c3b075bdeb91c5e04fe5ff71907dae59 |
| SHA256 | ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0 |
| SHA512 | 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB
| MD5 | f1656b80eaae5e5201dcbfbcd3523691 |
| SHA1 | 6f93d71c210eb59416e31f12e4cc6a0da48de85b |
| SHA256 | 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2 |
| SHA512 | e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL
| MD5 | 0cbf0f4c9e54d12d34cd1a772ba799e1 |
| SHA1 | 40e55eb54394d17d2d11ca0089b84e97c19634a7 |
| SHA256 | 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1 |
| SHA512 | bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP
| MD5 | 466d35e6a22924dd846a043bc7dd94b8 |
| SHA1 | 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10 |
| SHA256 | e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801 |
| SHA512 | 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF
| MD5 | b127d9187c6dbb1b948053c7c9a6811f |
| SHA1 | b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9 |
| SHA256 | bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00 |
| SHA512 | 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL
| MD5 | b4ac608ebf5a8fdefa2d635e83b7c0e8 |
| SHA1 | d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9 |
| SHA256 | 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f |
| SHA512 | 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
| MD5 | 9fafb9d0591f2be4c2a846f63d82d301 |
| SHA1 | 1df97aa4f3722b6695eac457e207a76a6b7457be |
| SHA256 | e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d |
| SHA512 | ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL
| MD5 | 48c00a7493b28139cbf197ccc8d1f9ed |
| SHA1 | a25243b06d4bb83f66b7cd738e79fccf9a02b33b |
| SHA256 | 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7 |
| SHA512 | c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL
| MD5 | 4fbbaac42cf2ecb83543f262973d07c0 |
| SHA1 | ab1b302d7cce10443dfc14a2eba528a0431e1718 |
| SHA256 | 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5 |
| SHA512 | 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE
| MD5 | 5c91bf20fe3594b81052d131db798575 |
| SHA1 | eab3a7a678528b5b2c60d65b61e475f1b2f45baa |
| SHA256 | e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175 |
| SHA512 | face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL
| MD5 | a334bbf5f5a19b3bdb5b7f1703363981 |
| SHA1 | 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c |
| SHA256 | c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de |
| SHA512 | 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46 |
memory/2772-2717-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c534adaf5a6528c653462d7898af6981 |
| SHA1 | 18537985b350067467e1d2536b54df89a4fea611 |
| SHA256 | a9e6898b5e2f69100ab71f1a9067191546b2898244ebb86125d4a1886c76a4d4 |
| SHA512 | 88818f8c4b60581fadf5a07c69e302748d8eede0eb517b4cde3fc9c33c9ecefbc8304a5e65e3f94c3e68c4a3d851c0aa3db0f8a7d191f2e59e824826414cf8d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 986713d4846ac531336758825616b177 |
| SHA1 | 5268eca0f664d91ffe95630e790c692baf8f833a |
| SHA256 | 2669a72435c2692fc02dbbe51ac37ee40cda87be8f361b7b998fbda95bb787ae |
| SHA512 | 5796e667d104b32d6da5c3c9158d7bfeb5239b375d52f3cd07412718f08dbf19437e926ac014326be138104a4ca3d38e302f6d8d4fd11231be06dba4496b10c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | e2214a0d6a305f1011d97eeb563f7b0e |
| SHA1 | 75f4842ed7c0505c641680eb2bee52c52eb4a8e6 |
| SHA256 | f02b2b28a386647ac01782bd8b616010fd4000fcbc0accdc1d916769fd201700 |
| SHA512 | 866204d2d7269bbf2e09bc48dcff23bebdcc52a6ec0c1cd14b9b213980666fdef27e9baa01bfb81d3558ece3ed5ce6a504fb93c60f4fc70f06e28278ef8852ca |
C:\Windows\Temp\MBInstallTemp5b5f67e7f51d11ee8bad725ee6097495\7z.dll
| MD5 | a144e24209683e3cba6e29dab5764162 |
| SHA1 | ab2112cce717bec8f5667721a072d790484095ec |
| SHA256 | b2ff9dbf90cbd0c45cd7d95ce4892377ec7e92970e05f2e56b0ce93861190348 |
| SHA512 | 2c823981b53b7eb7c1b726468d3b28c234c7e555aab35e759e88d38658566d267a20867f1cb18d96c830e7d53643629a9fa313eecee8b553703086fbb64cc984 |
C:\Windows\Temp\MBInstallTemp5b5f67e7f51d11ee8bad725ee6097495\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll
| MD5 | 3143ffcfcc9818e0cd47cb9a980d2169 |
| SHA1 | 72f1932fda377d3d71cb10f314fd946fab2ea77a |
| SHA256 | b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7 |
| SHA512 | 904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b |
C:\Windows\Temp\MBInstallTemp5b5f67e7f51d11ee8bad725ee6097495\servicepkg\MBAMService.exe
| MD5 | b9251f9808c8ade391e452f12f87e20d |
| SHA1 | 954410042b92a87cd9383995b52f76f5148da386 |
| SHA256 | 21e69db89f7e409e000ba45a020f24fa99903b7a1cfb1fe998f1c5815bccda04 |
| SHA512 | 142e93c83748dbe7e978bba3f82677e7e69ae02b25b196647644dc964e1b1d63cfd967729765a9e90261226026483d5c29b29d6df5b2e924a2fce9ef673c671a |
C:\Windows\Temp\MBInstallTemp5b5f67e7f51d11ee8bad725ee6097495\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json
| MD5 | d94cf983fba9ab1bb8a6cb3ad4a48f50 |
| SHA1 | 04855d8b7a76b7ec74633043ef9986d4500ca63c |
| SHA256 | 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a |
| SHA512 | 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998 |
C:\Windows\Temp\MBInstallTemp5b5f67e7f51d11ee8bad725ee6097495\dbclspkg\MBAMCoreV5.dll
| MD5 | b2763acfd7ac2ce596a4f3a930dd2a3f |
| SHA1 | ac18df54e4b64268e93b6e0af650d6cd8fe60274 |
| SHA256 | 3b8fdecc7155bbb62b1d76aa30f06bf079924bc794cf700f5d51ade13444d049 |
| SHA512 | 40b9f4bd1dc10034a5b18d3c0d2447a98aa6e4655d5d43b22aae83720e9eda8f818cf7febc0e8d0cd3b3f051805407a6112b66eb4fddd49ae2ca882a1aaa57b3 |
C:\Windows\Temp\MBInstallTemp5b5f67e7f51d11ee8bad725ee6097495\servicepkg\mbamelam.inf
| MD5 | c481ad4dd1d91860335787aa61177932 |
| SHA1 | 81633414c5bf5832a8584fb0740bc09596b9b66d |
| SHA256 | 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3 |
| SHA512 | d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830 |
C:\Windows\Temp\MBInstallTemp5b5f67e7f51d11ee8bad725ee6097495\servicepkg\mbamelam.cat
| MD5 | 60608328775d6acf03eaab38407e5b7c |
| SHA1 | 9f63644893517286753f63ad6d01bc8bfacf79b1 |
| SHA256 | 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59 |
| SHA512 | 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7 |
C:\Windows\Temp\MBInstallTemp5b5f67e7f51d11ee8bad725ee6097495\servicepkg\mbamelam.sys
| MD5 | 9e77c51e14fa9a323ee1635dc74ecc07 |
| SHA1 | a78bde0bd73260ce7af9cdc441af9db54d1637c2 |
| SHA256 | b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0 |
| SHA512 | a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186 |
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat
| MD5 | 35789c7ad83c065167201f3824b71a39 |
| SHA1 | 1c7a9b3214d58cb93ed2bc856431083df2b6d674 |
| SHA256 | e02d0bf83e0533a612afab6bef6e564da94d0f9d2f7a5379f65e563399c08aae |
| SHA512 | 86af0b7da8a43781ae8fa98d085ce4bc4c3a8240a99578963f1bbd87b0655523e48e9e374b5cd68eecc70328628ae08c237969afd7aef4d60fc08a0d22dd8167 |
C:\Program Files (x86)\BonziBuddy432\Reg.nbd
| MD5 | a8ed45f8bfdc5303b7b52ae2cce03a14 |
| SHA1 | fb9bee69ef99797ac15ba4d8a57988754f2c0c6b |
| SHA256 | 375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b |
| SHA512 | 37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c |
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
| MD5 | dc6a044a9e5fb7369f943ebbf74f6baf |
| SHA1 | 9160e7b61f87c01e58e90dc576fa65123b28a230 |
| SHA256 | 50038cde020982ce4a391e673a40cdc770940d41a52b44bce3e67f8b3a619bf4 |
| SHA512 | fd2a6c524943df077bcfcfa095aa8b52d9113b06f4d36edb4b45678d4ce4ad8ba1ae53dc9509ca19cdb150cdffff443d7cc57948c61f3209b4eef2d536d7b9b1 |
C:\Windows\Temp\MBInstallTemp5b5f67e7f51d11ee8bad725ee6097495\ctlrpkg\mbae64.sys
| MD5 | 95515708f41a7e283d6725506f56f6f2 |
| SHA1 | 9afc20a19db3d2a75b6915d8d9af602c5218735e |
| SHA256 | 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6 |
| SHA512 | d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08 |
C:\Program Files\Malwarebytes\Anti-Malware\version.dat
| MD5 | 814aeae03577c3ed6076b7bb5c87fb43 |
| SHA1 | c2381eeb04f69cf4fbfb184a4ea8739a53f475ec |
| SHA256 | 168ab218da1dd0adeb95dd72228da6f52cf0cbd0171a9bc83ac7f40b4a658732 |
| SHA512 | 527a3be928f188e12730b80e42e42163da05ad86591f86f6b1cf013ad679d63a06e83c694285d680978affffd17b210fbe17aa8d9426ed9cccebcb817c4d1b3a |
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat
| MD5 | f0ad6e929d078685cb345532878d29ef |
| SHA1 | fb489dc585e484cc33749dbcaaace62e0e8e2928 |
| SHA256 | 4741b51b6bb850a6481438201c8c7ea179b289fa0aa90cc187485fe30f5d8284 |
| SHA512 | 8dedab4f296e904c12f1d97e1a4ff54535d356b3d250195941e9e40ae3c43da212da93457fe598b5f2aec98762b5a59a39e86bad6bd810c51c96dbc3e010053b |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | 6a471800424f5858895bee6a78ce5b43 |
| SHA1 | f8853f54171bd4b6c47296a76fc6f4917c34c8ff |
| SHA256 | 0f8041858b3e1df6842f31a79ca01f8e91ebfdae222b45140a10b0dcee918c98 |
| SHA512 | 2c6a3037960058c7f3ae768263e50fc322f7e191e961a5e62e6ef0f6d258af19e305402d0446a49405c6cd02b08613c3f8d9c913461cc335fb34a86d48afa5bb |
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
| MD5 | 46f875f1fe3d6063b390e3a170c90e50 |
| SHA1 | 62b901749a6e3964040f9af5ddb9a684936f6c30 |
| SHA256 | 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec |
| SHA512 | fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557 |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
| MD5 | 5d1917024b228efbeab3c696e663873e |
| SHA1 | cec5e88c2481d323ec366c18024d61a117f01b21 |
| SHA256 | 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8 |
| SHA512 | 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a |
C:\Windows\System32\DriverStore\Temp\{e757ab25-ebc4-1a40-8500-65488f18d5fc}\mbtun.cat
| MD5 | 8abff1fbf08d70c1681a9b20384dbbf9 |
| SHA1 | c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6 |
| SHA256 | 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658 |
| SHA512 | 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f |
C:\Windows\System32\DriverStore\Temp\{e757ab25-ebc4-1a40-8500-65488f18d5fc}\mbtun.sys
| MD5 | 83d4fba999eb8b34047c38fabef60243 |
| SHA1 | 25731b57e9968282610f337bc6d769aa26af4938 |
| SHA256 | 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c |
| SHA512 | 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | 2effe5bc0e9a84a2d68c062315cee955 |
| SHA1 | 112d298ed66c1265ebe4a8fa07a47623535efa69 |
| SHA256 | 2563f536f92e5474f39af8b0329e7b0af496948dc9dacb70934a9ac845105fa3 |
| SHA512 | 757a692e5feb602062e9cd08d872bdfef7be07e17fb02e8056836cd00b0941539a5012c86cad31a0543fea155d2f50bf2257f56e4849e254ddcad6898ba97807 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 1d1ede40dd5178bab513bea7dc1f5211 |
| SHA1 | 78a93b3524d918636d4d61870d471b9d0dc1fdf4 |
| SHA256 | 31733f3feb0250c08d58c654116276f150df3250b937cc4a9608254e1dd5afe3 |
| SHA512 | 7361488cecea8403d129e960fbbfb71bf7a9e29ec8a56333f1d6f5bf40ef14c01ed97cb73c43ae3adcbe6d85445038d1ff99ae2b7174af2b09490516a09fd304 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 658a8dce31f37bb8310d23599c38d53c |
| SHA1 | 058aa016bbfe638977309c0bb9315990ba0ca652 |
| SHA256 | 42b573673aa8789b13a8300e525a9b6168f324b3a73ab367397950b4bf3b5b94 |
| SHA512 | b1c7c15f82e9a835abb1fa328837f48b876a10f67c3b39c272e861428240b7687668d90c617897b6fa5cff0cdb54916ec89381439f9b9fd3387952da7bba0aeb |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 133356a73ce016d0851ac85f96054db3 |
| SHA1 | 14de57e8aff1c29ffbe0ad33d8dba4bf6acd6cc1 |
| SHA256 | 2217b531ed59bcfe6b5e84a074e0abd76db92c6cf7813d982545e12a12c10cd7 |
| SHA512 | 0163080d1b58c7d225e42469bf64eef7c3588e15f8b69e8186a06c6cd999933d6cd023d2bf698f8170b2660d4432530f193961d3f25830c188b1a73e374b2626 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 6ff6208cfd9f7a8bb795d49186c3009b |
| SHA1 | d063a9667d2fb88050adc194965961685922e4be |
| SHA256 | 91e9f63d8b8034305f9d8ebd0cab06d263f06a83ba99441d303feaf01358564d |
| SHA512 | bd51a704669a979290602032045c8ff33d090ce6886d7f0352da3059fbffc5ade7de9e214de012d15a43e8517d8ad7a08488ccba1e44bc7007eed8c77dafd932 |
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat
| MD5 | bff7540ea1f1cf8f2e8a5003c3775cc7 |
| SHA1 | 95fb285a3a32fc888617208437449a5df36a254b |
| SHA256 | 1b7257ce4aaf6739e0f9e77ffc4b58857fe7e85a6a1af7537e650fc6d8356ee8 |
| SHA512 | 820d2f069d760acd3c115ff68e87e17d8a5ba704fbf9c3450bfc508692f26a994e57cb255500970752f494181ba4f404776facdab9d9d5c0f383fbd4879d8eff |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 0658af9acb20295a44dd0e5452aab509 |
| SHA1 | 55ef495ac6c3eb89043d32e0292fb99f244623f0 |
| SHA256 | 0b61bce941b13b5253bf5c93c7fd9c3e61f4e8acb2dcdfdc440184545b5d55e1 |
| SHA512 | 1440b9830b00a946041876346fd92472ee0b4bc270ea5234bd378ad5001ad614d30a99f9e35352cdb5f2f22f965c10da55e5cda156f67f54adde6e196601ec30 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 90d9c0226a24fdc1f6a4ef5c25a3117e |
| SHA1 | 1afb56a0292d06c50f423207e4dc0cc2393fbffa |
| SHA256 | 1274187106f2e3d9e5253e03590af6f94b54a837baa9be5f667be348a16225bf |
| SHA512 | 08280dc130cbec56cf30cbfb0d8f314874a18ee7eaeb97c216bf1ca6581287e671bff18350b6085b47536995dd4c9838ebffcb39252347b9c63472f0807d5497 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb
| MD5 | 546d9e30eadad8b22f5b3ffa875144bf |
| SHA1 | 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d |
| SHA256 | 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f |
| SHA512 | 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb
| MD5 | 2f7423ca7c6a0f1339980f3c8c7de9f8 |
| SHA1 | 102c77faa28885354cfe6725d987bc23bc7108ba |
| SHA256 | 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55 |
| SHA512 | e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb
| MD5 | 29e9c297980f2806cc4a5493a823a47d |
| SHA1 | 76edaf600bad855d33b3e51393895b3e94781168 |
| SHA256 | 2a64c59d40f3d336ca3f40833404e001012813e36438bc9a6d71b334962899f5 |
| SHA512 | cbca76e58bf74bcf4b7bd0007e7750207dde24225390518fc05e97a2c37189eef1ace6f0c7f0ad742b505d6301e983d828910bb64b996a86e4aea05f08ec411c |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb
| MD5 | a52fbd685c9b6d643da11a716ebed7ab |
| SHA1 | cf932580a1cfee83045b34c3c096f732a7b20267 |
| SHA256 | 96c4fd7cf3ae96300850056e06c7c32fc381c3b62031bd8fc7eff6a3b800a3ad |
| SHA512 | 78794d26deaaae895e98e297499d1ffcbfff3a2ef595e9c23f2d6c5ee8f98848d268561d57e989f5e309ef2b0595cb74b69f4d367370f96e47ba645d89b477a4 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb
| MD5 | 659a49b041abefa71148118ae4926041 |
| SHA1 | e6dd0abde5f40af9faa06e4c7af61f7fd9ac14c3 |
| SHA256 | f55755be891c737bcdd380082467457f2e37ef1d10053da591ae29d3417bcb49 |
| SHA512 | a0f39c19fa5a0a1e7c9a7e30b1b9a95490fa7be6ea4dde9534b2f14673481ae2b00163d2d561423699b75084eabca7685c6e80599a7d8c295a66a0736bb8ab2e |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb
| MD5 | 172f770b007d0ffb429a27d3dc72a529 |
| SHA1 | 3f11e112adf4aeb46e6166761a553d56ec6f40a5 |
| SHA256 | 77b40dd839aee7c9ffbfb484b0c8b9c736058326a1042ffa7745635853143bcb |
| SHA512 | 90935ba4e71a4985cb04702f48f41b47458c7d4f71ea13604e5e08304d17ef5acdbaf1edabab61860e6de3b3de06a177f7158405186780c435147881e0bce8ed |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb
| MD5 | 20989ce951c4c4ce5109e0c8cffa3d84 |
| SHA1 | 5ff04c3bb0abb1641b1c802422160b24e30b1cac |
| SHA256 | 33887a0de88fca95c87b61bb2e1b12dcd2be35c3cdd3524b9a4346626016ea04 |
| SHA512 | 6b45afe6b7b9f78bd4fd9f5564829c248915c4841c8162905687d9a3c322d335c4330f9f0ca375b78e801746c1b8044e12490184f198f6dd65a390aa7182b40a |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt
| MD5 | aef4eca7ee01bb1a146751c4d0510d2d |
| SHA1 | 5cf2273da41147126e5e1eabd3182f19304eea25 |
| SHA256 | 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f |
| SHA512 | d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
| MD5 | 20d70c6e04dbf14c01ab2d756e97854f |
| SHA1 | f172c8b8c0e87d2a9ab064513dce004d16d03e0d |
| SHA256 | c4002339b58bc493ae3540bafe1b2ca0a70bba0f853e29f60e0f6a1680fa9a24 |
| SHA512 | 13e073cd4b3d53c6d9fdda671a55962266b5c0a18abcb5774092c35f0d0bf2c5d0d9802d8955d32cceb166821634bfc067dac7809c9ade143cf3a3b497743b36 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll
| MD5 | 746df014f6869285e5545505d5fec062 |
| SHA1 | 52d5f0232b78c0d8746a29e75f80a2b436f38b69 |
| SHA256 | 22047c6efd6906c64ebb45bf08632220aa82c03d1fe21b79502b0cb7b67b32c2 |
| SHA512 | 58e7a0051cff72168ec56072339b2a4961a9bc12600a6fe4dd3c01f0aa8b7d22e3d79d72c7ee9a622508e4052eb7c82d047063659c23b34bf93eff7124619848 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe
| MD5 | bbb352dbbf17f6fc29cd86bc1d80a417 |
| SHA1 | 1c83c920ae75d0f6e8634804e508e9156f565148 |
| SHA256 | 73df768292a90e52fcbc5dedc51f8091083fb6042f4413d69afeace1cb0ba509 |
| SHA512 | 12242406306d9808afb3c9d9d590867f4d116a765d0ec761436b4e272ce456b0b72a5687856d1b6672980faf4246721d297b0520821d5fcb81d7eaa86775ee5f |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll
| MD5 | a3fe79081a59d493c01b5c1139babdc9 |
| SHA1 | 1505cb4053bcd9b55c40227ad6b62a2457cebbdf |
| SHA256 | 60c8c024ff020f04fcccec10ee78872bb1e6985463d6370c6af095761d88b860 |
| SHA512 | 22310a585edb36050ff20356cd9eb5129cdae3ffea2ccd7a54d9652dbd336d7f402ed119dc59ae3250b93bad40e75983184256c0bb239cff049bbb983f487bdc |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat
| MD5 | 10f23e7c8c791b91c86cd966d67b7bc7 |
| SHA1 | 3f596093b2bc33f7a2554818f8e41adbbd101961 |
| SHA256 | 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc |
| SHA512 | 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat
| MD5 | 78ede02676d871ec73599c55ea80c79f |
| SHA1 | a636c6f0939cda4c5b9a4e7f9982521fcc63828e |
| SHA256 | c6e7f7bcab28b90824c69df66818c2c2950eebab70f85657555c2c9e86947d08 |
| SHA512 | c4f1aaf568266505326df395e7ef36dfa421f4bb1d26fabb61f603a7acc8d60e406f23383501a3d505682de725299265a7c568cfabe796b3c7de2df5be0696a8 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat
| MD5 | 06391ac89596da208d835f3478c5362a |
| SHA1 | ed8cc5ca9aa6ca1f310e66b0938288cdeac73bdd |
| SHA256 | b6cf2fcd95c8ed86419199141d774b4f5b8e27f1b90496beeebb754982381018 |
| SHA512 | b6d0c7671a4f1434b95b6d8d00a75de78c8c24a767a798fc78d2bbc38ad249434e7a9bcb80dab36d5d7a3bbf5afd747e3fdb6836e64865eac91816e13e4a753c |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin
| MD5 | f3b1db948ee06dc934694baf8c3f7ceb |
| SHA1 | 99afacf2f17f5d22dc52eea2ead30800ea3d4605 |
| SHA256 | 2c72ca60b226fbe08eafbca219d734d3fee370f633d1c5687a99d9f15470cfd3 |
| SHA512 | 1d1d5a013b260ed187e5cb72d0c7ef7f3f1649a1ea3e79ba5fcdd6d2875faed329650cd332771d0dde568c3cfa8fdfd9b966383197f65624fff693b1307e256d |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm
| MD5 | 69158798b44af49a8cf66a5d7c37e5de |
| SHA1 | 42c72d401b0df6b2582f155684ee45ea90ae1a2b |
| SHA256 | f6b5bc6ea26610d4f8f43aa4ad4f6f9b8194b0b6288292f44fd25c53c542cf70 |
| SHA512 | d66609ef92fadfed249ee6fd4e907fddb74f13c663686e65ae9b143b4c2a923b451ce8cd470d9523e901d60aa5a6dc9fb7b33cb76bb04a7425ca43e397ae17fe |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr
| MD5 | 5227e6f7ee014de1869c313bd81a6752 |
| SHA1 | 116cd0171ec7630b8cdf061322e7e8e9643201f5 |
| SHA256 | 6209d18592c7dd2fe5e2c8925fd0da5b0446ca2f86729394b371c7db17939a83 |
| SHA512 | bfd6d92df3994cff4f2912849f11bb8d9b1179cd9845d2f99a7314fea4fa39589661927f20ea2d7e0cee157d36c2dacd6a0907bfc69d7e9f6da5f24802b3ceed |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 2ee7cf288e2a52af67ae55cc1cafd32c |
| SHA1 | 5ad6b8dfa484f815506ddc36844ca119677bb192 |
| SHA256 | 7c63dd4e1ed69a8999db8ce8f5505f5b7373bc34c746f5110490f809d0aba2ee |
| SHA512 | d78ffa56e877a8fba4921e5cdcdc9a2dbed14fa6830bfd1f8a9e2d1feb71918bf19e06ae12d95784409c2125436b8a2d66cd5641ec20d38a28919ca271e74552 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 81a6a68a541fe8217a3f5eb9b3b2ba62 |
| SHA1 | c67e5c93dd913d846c894d76427984716b4555c9 |
| SHA256 | eddbaf3a888c57aa008e7fe691b92e329d92e5b78000041d373278c6db9dfb36 |
| SHA512 | 0c78951bdc3f3582ea9af8774b8878c1c535b83c9463f2e942d0463e98f3387b20f4ebba270a4343b244fd533e3730d981fa172c7910f7bd6dfc8bd3cdb2b132 |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | 4ea6a5918dfdf6ebc9b901fde5d6fa63 |
| SHA1 | e3e1fd6151cfd241f42d04fd79c6ad7f015f73d1 |
| SHA256 | 6e59aabd35022cca4af3a9f8995996c5aad77b2d9239e02d9278e0ae98303ddd |
| SHA512 | b26ad2fe4d65e38c7fae7b44e083639036b8b1bfc511689f3b91d5faeae4376d68dae8d508ecd7b72b477de39db21d7db0d0bc77a2b84deabbdd5e84ae1a4193 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 0748282bd38ae1aad2dfa766a52d253b |
| SHA1 | 13b4ce2d74747bc1f7f52f179f3df238d7a4b70e |
| SHA256 | b3ac314474caa7ac892be904d346e0f8bf0904c4ee07dd99ff3f7e60106d6c4b |
| SHA512 | f66802a8c6e11495d84579269a24af4a5189abcdf2aaf4148986a38d8071e2209970068ff16cdc5aafbabe2d49da6e5a763c915989ddcf42f6ef4d6a7fc79773 |
C:\Windows\System32\drivers\mbamswissarmy.sys
| MD5 | 4b2cc2d3ebf42659ea5e6e63584e1b76 |
| SHA1 | 0042da8151f2e10a31ecceb60795eb428316e820 |
| SHA256 | 3db4366ccb9d94062388000926c060e2524c7d3ee4b6b7c7cf06f909f747fc6c |
| SHA512 | 804d64d346b3dbb1ce3095a5d0fa7acc5da0bf832c458e557dac486559fe53144f15f08c444fea84a01471fd5981e68801a809b143c56b5b63e3e16de9db0d98 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | daecd6d877cc391c70506a0f3953f4a8 |
| SHA1 | f8990ae8333df31c522162fd5e20bec9098669d9 |
| SHA256 | 1d6c3404977a5b317702a326ee2094f86e8e035e3a515b0011248bb911a0e04f |
| SHA512 | 010545545e7278e6011725b13fa040e2f484c985297559f163c2456c482a412618cba482a038b767c6506fa6c69bb0f50b7ae712b182c957562bfa34bc028359 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 88e751fe757508a3c56ed3ea15f35198 |
| SHA1 | 7cccb13007675a4ae38aafc8feac547cf25f1173 |
| SHA256 | 934d61d8c49e2b5009cfa7b5c3765f12c2cdb5b7da78f7870fb1d29e4f37c502 |
| SHA512 | 26c60c34f385015aaa738b899deeb6dc23c38205cfc2c2e4bad6b8c406d33d2fea592c1b0fbd4a4f321940baaedd0ba8849de6bd9e7a3523a41a7bd0c6048161 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 8bde3d4ad74440653d195da4a53609dd |
| SHA1 | 1157b2d9393318f5353ac7171a89346d263deb03 |
| SHA256 | 77303f13248b45842d26c504232c5604537c6ed8a638000f00f898d174754f5f |
| SHA512 | bd7d476c76c56244b834102c487ae03a9e58fc8622102a63fd00e7e6c8ae30fea18e41bf8daea246e840e9a1f9cf6604a6cb9c54f2c697b9ee5748d653269129 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 90a267e029d37c7c4ce2410c6f51fd82 |
| SHA1 | 095dfc79681a32a545657c3336f6941c102cf161 |
| SHA256 | d40f19de617f22c421a5927dce9d33f66d09701a3ae226665b736253b322429b |
| SHA512 | ea35f902fd5c06e5e2321c67729721976b121bfa6289eb6960bca257a32e6ae2c33030ce38507b8f648e374c6e983cc3bcd7c1c9ccfb937e1ea0580e9f4a6650 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 6f7166fc896a5a988002ee27514f7008 |
| SHA1 | b1c8d91cbb16e693d3131c2699a6bfc0277dae04 |
| SHA256 | e99d77a31b067584be44dcb79a985519ae8f16f2c3a950e459275d18ab5ad671 |
| SHA512 | dd578f412aa1d86a00afcb75780ee27c904dedb9c42b845c217ba04e11d2e53d18e023cbe6c6398e9dbfcd13ef6b06150bac0a93bcc56682fe0835d15db77499 |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | 0030506fa83c5379381177abf6211038 |
| SHA1 | 653c283c90a2e41736bd2f66afb86790e8d45397 |
| SHA256 | 99c41cf5c30312d27cceda17018518749af925c9537ca46354e68f1a73051e84 |
| SHA512 | 495e5c9ed40f4747ddf051f93777125785407512d0cbb79ce3b66e9a739608b8e3bdd7cb37b4e13e482dae67494fe9eb36237024c368a6ff607b388e79db3aca |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 679abb3428604eee09e26367e161b09f |
| SHA1 | 3ca3b1dfa4a513f590fd7aa9d92463c28d69c4de |
| SHA256 | 65673f282caafceb444a6a551101076d0329a34982a2c60a93d322f398923bc0 |
| SHA512 | 28eeec5a48ba2b965d48492e7caed2b355da21ae58bc7e165adb713dec2c7f23f260137175929eb7aa2ced48bbc82b9e551fd5d5e5ac776b2abab2d34d7db82d |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 70f3498d9e1f43a2893b202eade73498 |
| SHA1 | aec2c07e4b92b7144e43c8cbd9fdd9de36c6b44a |
| SHA256 | 9b674c6fe1933c2562fac81e53c865fda57ea1b167ee9e6e33e4c6581079dfa3 |
| SHA512 | ff64feac2e61e35328f74a0aabe90ec178926a6844f7bc38274d05d8d51e1f4a1f795d314c722819f9caac92615534bf4b3648bfa8ec8d26cf56b4312278a3dc |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 88145708ab39f9e1f25baea94835a5c7 |
| SHA1 | 698079d6cba5998ff4c3361cbf18230e83239265 |
| SHA256 | cb686b7b2279fd18db2274cfd06c13e54e867c2922167c051c14938aa29b1be4 |
| SHA512 | 056fb0d81b64392fb8befeafd4f826be45b3a123c9bb7c6ee7e22d28440c393221f42e039f0b54d9f391605eaddcf2b15c36e73579355a8b438eb7be86f60782 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 7e7e7ef26cbb64b3144cf8473cf275be |
| SHA1 | 5207239d56a458e1442dc6891f0be4d21d417c27 |
| SHA256 | 0d83b34118c8c3727ebb947301e3b921d41ee436c9bef891941122330fc238e9 |
| SHA512 | 6ca1da26def6780290e3370661aaa0ad570de51c3c11d9c83fc0c24d4ed7c966da41ee743880fccc22b7f34bce9d93d35f8154d54e80c0616bf877335adbdbe2 |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | 1a183d7ea0d2eb71b9b1b9392b085eba |
| SHA1 | 15e6839eaf0a25f37a7af10e2df16bd7b1cf329f |
| SHA256 | 2fc2b5dd58ec669062104ddad91d4d3e60ba6ebf418ee8985da60fc14bd77379 |
| SHA512 | ef5a33290fb1d8000f2f248a9aa29f35c3e99b6339904a63f986f760e4705432abe040452fc05d3c4133467bf31cab9880f9de2e62ec8a9cc3bbf68e974351fe |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | c7341ca086c9125265e4740379abc626 |
| SHA1 | f06edc6b6c0910839955550bdc7e38441eb1d116 |
| SHA256 | 28e567e6d2c0a3a8b47ddb37dd514e08a3a05ff4e83f0701149f52b47e2f858d |
| SHA512 | 2d7219e144c4a20deacae87b9cd37633c28622a1e02821bb9c4c65b20b1577843808aebbd78ceaaea907df9ccd7c9893e81187c8039000adec8cda6270025311 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json
| MD5 | 1b54aa56e9075c7cbafbb53ac121c30c |
| SHA1 | 95f44e222b1baf3fa66d330d14417de12c7a685e |
| SHA256 | 47ecf7513994ddd409d16124a3c1b91e96b835583987021ca485f9de0be7498f |
| SHA512 | 21f8f635fa7e19441445876664ba6da2167f5a10fcb05d24a39abc2d68e8f603faa31839519a8862a8eb2c56a59051ff4d0ac5ffe7897de8ed00cae90dc19f51 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 1177b91fc6129043ba75c53697ec6445 |
| SHA1 | 7098e81b1b0a1119711ea2f43392a6b3301f203c |
| SHA256 | 4cd0e708d7bfd4210f5c56e0a5189137c980b4dae2069bbd54a81ef5aec36efa |
| SHA512 | 8ac3608ca4d9d539392bf6023e361a94da3506755d1b800ca900665458d50a796d97a20bcdf04cbfab771dce11e53bcb5da536b766c3efad6ed34c3fe2de4dc7 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | 167ef62fe76cbb7170dcdf0c6944a1fb |
| SHA1 | ee73998c051078c7e646c3bb456dcd9a9c9be073 |
| SHA256 | 27e6320a309257516c944d15beff5b5d7e2a3fcebe2ded11bd4fc8b3818e45d7 |
| SHA512 | 67e711ae0199a9f264d936be77c6dd98d5ea438620604c5f1d53a0ac422ea37b99d6b25a5c50d9a8b207bff4b19e7140062fcb6baecc4f2e6e7078519a0fc1bf |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | 7d9b1d672b9cf006cfd1b831730fb940 |
| SHA1 | 93aea7617cfff673c87ab168ac3a353154a3c62e |
| SHA256 | 835795772a949ad8de42a2af3311172ef683543572b3ed2781ba9e87641574a7 |
| SHA512 | d380d2713a4987fc600a8bc9b0b1b351576ad378665075086922eed67bf0e9126d9fbfc77ff5a13398e6148686981e14ec899342660dd03ce3b6d41cf727a439 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | d60ef8452e475e137bb0f8581752e18b |
| SHA1 | 1710b5d0ca1c481ff26da5d97e65c0f393d661e9 |
| SHA256 | 296591107e020c6100134c4ef3619bf839b9a33027118c741f135ba53cc35fa9 |
| SHA512 | 05676901057567ab5c6d12a33649bd3fbc4034aeb92e63a8066044c326d2d246bb6066ba82b098d8334eb96b857f5a9db9c9e3131b90d70d0929c1811b2a60a1 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | c0a57280810df3ff00dc71cd22e35919 |
| SHA1 | 7a3688c601098e5884acb5a63636a59c618b13e0 |
| SHA256 | a57f9ba15c4f2e4e295968e837cfcad25f3dbfc7ea35a20d5d3331db511040e8 |
| SHA512 | eec29355d36348c8ed9a8cb5d3ec27768b448ecf211bb26d975aaa5e3896fe53567317f3770d033d825499cd3c202b837b9b5bf867e5a591ec3fd316a105ae23 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 039af91aba6cce68a1b3533da254f2eb |
| SHA1 | 6489c2e71ad8edb4149ded14f0bb76d6f1f50eb6 |
| SHA256 | e31d6d61ba869dbb849a660ce55b94f99fdf9cb88d3d81ee185da8bd9447b2f3 |
| SHA512 | c835f135c99316242a00d631df6472c5d26c3818063cb75e8825062d58db87b24f2b59246ac10adf6d6b4af2bcefe98da53c7793b794acd0ae4d0d17b4bddd14 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | e34ba35d6d9c3c13907f138aed4a8412 |
| SHA1 | 3968e33f3d459b155ba64ee1cbe5c401ea3d96be |
| SHA256 | 68030b156b71e6c41fa0bd1a8b15b273513725fd671da4816b661478ad171598 |
| SHA512 | 32e83692a54d68b925e0dec08061278cb978b589bd32212142a052d0358dbf80f1d88d18c3fd675515510f98c5e6361a24af98eb4e1624c4867b223367363707 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 995b205e4fcf882f5fb6437d71583c7f |
| SHA1 | 3e26b98d5fc0fac087929bf3099a15527b1136be |
| SHA256 | a4fb5d1f8a2f3ee066d78c7fae6b75a9c2535c0d984266bf52a8607efe0f5e94 |
| SHA512 | c58a5fd0f688dc0d32b3dcfc0fbd160fa4c443b454d71cdf7de57e312c60126b4c9dff085a6fc717b7581d221056c8b33b86b5c7b384c71bbf06ddd6ef7a9bec |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf
| MD5 | 5a9717e1385703e8f06b27aa10a69e87 |
| SHA1 | 84ee67a9167b5eb6560711b9871de98898ad07a5 |
| SHA256 | 47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4 |
| SHA512 | dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys
| MD5 | 262ccb223392f18adb4b4c846905c4da |
| SHA1 | 63403407fbe1712a4bfad0a74efabeba297325ca |
| SHA256 | 5d2004603e3b392693a1e74926a36a2ab3573c6790b00ddb14564c8affbd4f4f |
| SHA512 | 68b2684b9f0a2e5e33b76e43ac4b25b8e7d3dc3d678fc3c90d70ec5ee65ebdd884d838950fb4bc5145ff927e25796d2e6e97ee6bf365ed4f66ac7f7ba8f63b33 |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | c8097fc1a254c209398929dc5110726f |
| SHA1 | 7dfcad0153f6c21aaf386459fa952d5e4d22842a |
| SHA256 | e6c68c20dd5a4c3f81cac62ebe96263b937f7facce6365a1686e04bd8529471a |
| SHA512 | a4a7b51722cf253074f3e47ba1a009d07578d18dde30493ddb1d14105858b3846f84d55a5b8a36e5fefa43380d95b76266078160dc2269fe771c7d9fceace23c |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.sys
| MD5 | 5fe1668fe04528205fbb9af0c16b7234 |
| SHA1 | 551929c948158f6f47556f2eeabc5a7415fab5ee |
| SHA256 | c05ea9a6ca840acafe6751b3f0a4f4f4156980bbb7950e89fe491082e5709d45 |
| SHA512 | 66777c2033737d925e1967b2db97adf20537729f4f6cfb880bebb627922543d179c8ca080a9d46760def4250def3fd4e05e03807faa642561727203c2e5f07b7 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 1146ebd9d81a2c9cf780d1b22b14490f |
| SHA1 | a93a566357cad31ea264ec805c8f97e7c1bfc9d0 |
| SHA256 | 1000ee62a709012881b4b962f45d2ced7af9bee0740e5f9d2c94ac5f77308423 |
| SHA512 | 803f1787420ccc6f3a3248bb2676215f34f0019e10e52bb160906537123151fccd129702a929b64f7a23ce5c1f69074a438acb6a67b938d51a9d05573a368f3f |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 3e1bb855e4a0f5dd027d73d27dab305b |
| SHA1 | 7b1e9475e982508d9557b042d04986910f6f7e39 |
| SHA256 | 19d7754b14693ba887b3918627b1744dff19071a0291150b7692300d7892667d |
| SHA512 | 42112e2849d4157fbd537b0aba5338e683bd04e91d60af23915d0e663c1471132312ea9e546afa619f29635b9582f23b167cc82543ed24d0c9a9b3ac7ba9e13b |
C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe
| MD5 | eaac9032a5151ea0d7b74ae4bab32b35 |
| SHA1 | f2c1f886868f6b9f78aeda8cf95df5051239c1ef |
| SHA256 | 807379fdd7315c29bc1e96ed224285ac5ae0226bdfa5318642eaed6bb0ca3191 |
| SHA512 | 91fc6c387ee270372c401aa27aa399c5f6091dbcf1e94058c88e5edb473a7876c9de632cff5a4d6479a2a9bdcfb499c8ac6cdd3bd954b04db89685ccde0661db |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 348496b5fafce0b458abfae8c18db55d |
| SHA1 | 8fe57d8fc2396625f0733d57b78c9d9433c18878 |
| SHA256 | eaec19d7669861244be04a4a46f30ca250fe052fb1bfe48e1482f43e35dd63bc |
| SHA512 | 436d3b294632e93a9eb8646f549a99d9675e795f1955f976b7e409ef8748bf2be4ee7a99c8419c87046ffa80fa714e19900753138cb917af306290975546fe07 |
memory/5340-6886-0x00000152FC170000-0x00000152FC7E6000-memory.dmp
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.inf
| MD5 | 711bd19edced87c3777b0b6a5a32bbf8 |
| SHA1 | 9ddf9ff2ee2018c6e7830936c325e699728f7d4b |
| SHA256 | 84c4f8147bfcf02981da93b52fe4204251657305a1839bf3a19f61be4d13d37b |
| SHA512 | e0cef3fc1377785f934f6b3f68409505cb54ca7bdd3df501d6d6e5671323a4d219a177f6fa3c58ba76675f1c297b64e5fb5612eddc73aa40ed87cc6e1b18cc63 |
memory/6568-6913-0x00007FFB28D50000-0x00007FFB2924E000-memory.dmp
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.cat
| MD5 | bc4771fc4e22da9aa7418daeca4a6841 |
| SHA1 | 761590ad42a64e198869e028aaecf3aeaa1e86a3 |
| SHA256 | 1935f614a9b386845b17a7ffcfdeae4df873efdc8fea791e03a0518db21c0984 |
| SHA512 | 520cd4c883b8959bf0e936fe8ce0fa0e238922db18b63d4d54b69f79ef831778f7a61c57ecbd6a2a74989ddd49803a41c7aa1c40f702d70298e049283cf2c715 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 671cd803796f68b715af1dcbcbb3be01 |
| SHA1 | f666c93a94b57d78549fc09b3a0323c75d57fb0e |
| SHA256 | 99b19d717de387dfb5aaac647f6e7a281ec31e0ba70069c351b0de0e8eaeb9c4 |
| SHA512 | b59a16f4eb9275149ff5afd343fbee7a3cfa7d7758963c307587044d882f4379d74b8944c45e1dfb433d0ba2a349f9ee194efd4bae1718d76aa2e7eae27789b5 |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | afaf3788f59ca5ae000e757f0d2e6a88 |
| SHA1 | 8fa7207da53ab1828ac23f639f49f979614c6a24 |
| SHA256 | 6796872604e1cd0429716c4824fe952020ceea8488ed031796e111ae09757ec4 |
| SHA512 | 5ca82b3f7558b14028dff34fd237284fce464b2e0b6ca473335db7c97c0207cfa9e356c0c8548bdd7b61bbdc4c6142e298207eff3e90e03158089bea1a70d3d4 |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | ecafaad88868f860f456d244f4c45662 |
| SHA1 | cb836e5d5ac6d345de35527bc80c5b7cf7df6658 |
| SHA256 | 3a4ec666c72edccb805bb7a867ddf450460e09913b8880af32772f4280247008 |
| SHA512 | 630cafb4e3aa8e222490225ee2d7132ef29bfd8db527aafd66818114be1f72819cd0436904cd08e58c543071dc3008051bb504630d4d2c2a99dd80e32eaf7887 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | e1aad4863b4452749e9c319052d604ff |
| SHA1 | d46826ba0ceb8910a3252bca7cc648eb7d639c3b |
| SHA256 | 6dc0addf924a0d891bb9797b1b50832c8aa5a1f8e73b8b3d477ac6fac1a78012 |
| SHA512 | b2f02e0297877cb6f6079cd09e5f9be09807680f0baf4ad64b75848aad6f235a7c4890c3acdcdcfc6adfdc282b093c2320026f05f14539b4c45bc82a739aca22 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 2a281a7d791800b0aa043c3794320437 |
| SHA1 | ed59bfb2e2b3ef27eff5e662242dae0c95072e33 |
| SHA256 | a40f7f8b85292815c50e3303189edbd6eeebcdacd1b16c88736e742cc26a2521 |
| SHA512 | da27eab2aae112164b53cda10f45edcce82f15bf3b8e60b8ec5663b6aa3738451f0c5775f10a6a6fab1002de41735dcd69e54d03cb7d75ee6fcc522b5ae9f8f2 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat
| MD5 | 1cd8abdaea3bcd30214f01046ecd450d |
| SHA1 | abc8fef03a274dcb9f15c17396e9f0af85a0b0fd |
| SHA256 | cf981ad0b084c330fbfc00f9e559404c6731d407a9f004ce68b50ecd7abe7425 |
| SHA512 | a04f2beafbe2311a5eec84f8ecff16db1dda864d420643184b0164aca9958b679205c3ab23bb71095d710f45dc4c3c51ff8b267c36a1ffc768126b48556f5f86 |