Malware Analysis Report

2024-11-13 13:57

Sample ID 240407-yy1zxadf99
Target DiscordSetup.exe
SHA256 48d76602e4079a9f77e957649891631a128ebe39f04258c553026161329c1733
Tags
discovery persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

48d76602e4079a9f77e957649891631a128ebe39f04258c553026161329c1733

Threat Level: Likely malicious

The file DiscordSetup.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence spyware stealer

Drops file in Drivers directory

Sets service image path in registry

Modifies RDP port number used by Windows

Reads local data of messenger clients

Reads user/profile data of web browsers

Checks BIOS information in registry

Modifies Installed Components in the registry

Downloads MZ/PE file

Looks up external IP address via web service

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Registers COM server for autorun

Checks installed software on the system

Loads dropped DLL

Drops file in Windows directory

Executes dropped EXE

Drops file in Program Files directory

Enumerates physical storage devices

Modifies data under HKEY_USERS

Checks processor information in registry

NTFS ADS

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies registry key

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks SCSI registry key(s)

Enumerates system info in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious behavior: LoadsDriver

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 20:12

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 20:12

Reported

2024-04-07 20:29

Platform

win11-20240214-en

Max time kernel

347s

Max time network

363s

Command Line

"C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\MbamChameleon.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mwac.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET96D9.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET96D9.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\Downloads\MBSetup.exe N/A
File created C:\Windows\system32\drivers\mbae64.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mbamswissarmy.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\farflt11.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies RDP port number used by Windows

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\Downloads\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Reads local data of messenger clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe" C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\U: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\U: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.iplocation.net N/A N/A
N/A www.iplocation.net N/A N/A
N/A www.iplocation.net N/A N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_04b60d124553a40f\rndiscmp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\net8187bv64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\netefe3e.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_532c2a6259a26a38\netvchannel.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\net7800-x64-n650f.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\netwtw04.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_cf2766005585f6cd\c_net.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usb4p2pnetadapter.inf_amd64_a9fd59ce64f17c8a\usb4p2pnetadapter.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\netvf63a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\netwew00.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{e757ab25-ebc4-1a40-8500-65488f18d5fc}\SET76FE.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisimplatformmp.inf_amd64_206e9e544d84356f\ndisimplatformmp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\nete1e3e.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1ed57daf97af7063\netrasa.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\netwtw02.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_d2a498d51a4f7bec\rtcx21x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_bfb9fd6f3a078899\netvwifimp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{e757ab25-ebc4-1a40-8500-65488f18d5fc}\SET76FD.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\net8192se64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlans.inf_amd64_97cd1a72c2a7829c\netrtwlans.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\netk57a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ipoib6x.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_749854ac3f28f846\msux64w10.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\net8187se64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_a31306bfdf7135b0\bthpan.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ykinx64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\netl1e64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\netl1c63x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_1fab0fd8cb4d7dee\netwmbclass.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\netwsw00.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\net8192su64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\netl160a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_d54f628acb9dea33\dc21x4vm.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\nete1g3e.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtucx21x64.inf_amd64_d70642620058e2a4\rtucx21x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\qcwlan64.inf_amd64_71c84e1405061462\qcwlan64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\netxex64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_1a82423cc076e882\rtwlanu_oldic.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{e757ab25-ebc4-1a40-8500-65488f18d5fc}\SET76FD.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\netwbw02.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw10.inf_amd64_3b49c2812809f919\netwtw10.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\net7400-x64-n650.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{e757ab25-ebc4-1a40-8500-65488f18d5fc}\mbtun.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\e2xw10x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\netwtw06.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_f1efe88b4f90c639\netax88772.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmlx5.inf_amd64_7aeb3e6bfcb2f0f1\netmlx5.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\netwns64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{e757ab25-ebc4-1a40-8500-65488f18d5fc}\SET76FE.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\netbc64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\net9500-x64-n650f.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_62f41b89e0dc2537\netwtw08.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_bccd4c0a924862b1\netrndis.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\netathr10x.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\mwlu97w8x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page13.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.Registry.AccessControl.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.WindowsDesktop.App.deps.json C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework-SystemDrawing.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.NETCore.App.runtimeconfig.json C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.DataAnnotations.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\UIAutomationTypes.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Brotli.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-math-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.Lightweight.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\RTPControllerImpl.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\T001.nbd-SR C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Contracts.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\Microsoft.VisualBasic.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Snd2.wav C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tools.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\ReachFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework.Classic.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-memory-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Input.Manipulations.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\Microsoft.VisualBasic.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.Data.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-multibyte-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Input.Manipulations.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\UIAutomationClientSideProviders.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\System.DirectoryServices.AccountManagement.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page7.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework.Aero2.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hant\System.Windows.Input.Manipulations.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\SelfProtectionShim.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Bonzi.acs C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page6.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\WindowsBase.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\AEControllerImpl.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\BG\Bg3.bmp C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\System.Windows.Controls.Ribbon.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp006.gif C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Printing.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\WindowsFormsIntegration.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page0.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\BrowserSDKDLL.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\sentrynativesdk.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\netstandard.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\BonziBDY.vbw C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.Primitives.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\SwissarmyShim.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page16.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Linq.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Controls.Ribbon.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.tmf C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.StackTrace.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationProvider.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\SQLitePCLRaw.batteries_v2.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page9.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Runtimes\spchapi.EXE C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Serilog.Extensions.Logging.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page6.jpg C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\msagent\AgentAnm.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\chars\Peedy.acs C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Windows\lhsp\help\tv_enua.hlp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SET2073.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\SET141C.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SET208C.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\help\SET208A.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\intl\Agt0409.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\lhsp\help\SET142E.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET2041.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET2063.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET2089.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentCtl.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentMPx.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET2075.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\fonts\SET142F.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgtCtl15.tlb C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\tv_enua.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\lhsp\tv\SET141D.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\lhsp\tv\tvenuax.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\INF\tv_enua.inf C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET2062.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\mslwvtts.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentSvr.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentPsh.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\INF\SET2088.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\agtinst.inf C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\msagent\chars\Bonzi.acs C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
File opened for modification C:\Windows\lhsp\tv\SET141D.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\fonts\andmoipa.ttf C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\intl\SET208B.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\fonts\SET142F.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgentDPv.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\help\SET208A.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentDp2.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET2074.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET2074.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\lhsp\tv\SET141C.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\INF\SET1430.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET2063.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET2073.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET2087.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\msagent\SET2089.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\lhsp\help\SET142E.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\INF\SET1430.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SET2087.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\help\Agt0409.hlp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\intl\SET208B.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET208C.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET2041.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET2086.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\INF\SET2088.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET2062.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET2086.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET2075.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentSR.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbshlext.dll" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Malwarebytes\FirstRun = "false" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Malwarebytes\FirstRun = "false" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C247F24-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E20FD10-1BEB-11CE-80FB-0000C0C14E92} C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E91E27A1-C5AE-11D2-8D1B-00104B9E072A} C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8DB2224E-D2FA-4B2E-8402-085EA7CC826B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\DefaultIcon\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\assistant.exe,0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{59E42E77-5F19-4602-A559-3FFA9EE51202}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FFBD938D-3ABA-4895-97EF-5A0BDF7AC07D}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{29D9184E-BF09-4F13-B356-22841635C733}\1.0\FLAGS\ = "2" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E3867A2-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F050-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C247F22-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\ = "IAgentCommandWindow" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{50538523-AA2F-40D3-9B58-DB51D5BD3D4A} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1691A7E8-B8D1-46D5-BB29-3A4DB2D809C6}\ = "ICleanController" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{50538523-AA2F-40D3-9B58-DB51D5BD3D4A}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6655E528-3168-47A4-BF82-A71E9E6AB5F7} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3F656FD9-2597-4587-8F05-781C11710867}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D51C573D-B305-4980-8DFF-076C1878CCFB}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0E64B3CF-7D56-4F76-8B9F-A6CD0D3393AE}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MB.TelemetryController\ = "TelemetryController Class" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{71B13605-3569-4F4A-B971-08FF179A3A60}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F3B74800-4C27-4692-BC00-5AE37FA118E4}\ = "IMWACControllerV18" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Control C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveTabs.SSTabPanel\ = "SSTabPanel Control" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DECC98E1-EC4E-11D2-93E5-00104B9E078A}\TypeLib\ = "{0A45DB48-BD0D-11D2-8D14-00104B9E072A}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{108E7F3D-FB06-4024-94FB-3B8E687587E4}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{36BABBB6-6184-44EC-8109-76CBF522C9EF}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2E404A3-4E3F-4094-AE06-5E38D39B79AE}\TypeLib\ = "{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8640989C-20B4-41BE-BFE1-218EF5B076A6}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4900F69-055F-11D4-8F9B-00104BA312D6} C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{106E3995-72F9-458A-A317-9AFF9E45A1F0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{014D0CF7-ACC9-4004-B999-7BDBAAD274B7}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A9D47FCC-ECEC-453C-9936-2CD0F16A8696}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE11629C-36DF-11D3-9DD0-89D6DBBBA800}\verb\1 C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD3-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A0F9375-1809-45ED-AFE0-92852B971139}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C6D21D6-7470-4555-A8FB-6C2292B39C46}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Version C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\Version\ = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CLSID C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{960F2BB5-E954-45C5-97DF-A770D9D8C24B}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{78E69E6F-EC12-4B84-8431-1D68572C7A61}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\ToolboxBitmap32\ = "C:\\Windows\\msagent\\AgentCtl.dll, 105" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8153C0A7-AC17-452A-9388-358F782478D4}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{23416CFE-018D-418E-8CE9-5729D070CCED}\TypeLib\ = "{226C1698-A075-4315-BB5D-9C164A96ACE7}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D57ACF19-30E3-4B7E-BCDD-6EEB8E57AF27}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B1BDE8B0-F598-4334-9991-ECC7442EEAA6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDF-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{40FC6ED9-2438-11CF-A3DB-080036F12502} C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB52CF7B-3917-11CE-80FB-0000C0C14E92}\TypeLib C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C367B540-CEF4-4271-8395-0C28F0FDADDA}\ = "IPoliciesControllerV9" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD4-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{97DA9E74-558F-4085-AE41-6A82ED12D02C}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE35F2CA-6335-49BA-8E86-F6E246CFCEA6} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{638A43D2-5475-424B-87B8-042109D7768F} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{239C7555-993F-4071-9081-D2AE0B590D63}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4A9108FB-A377-47EC-96E3-3CB8B1FB7272}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C4D7E3C7-3C26-4052-A993-71E500EA8C05}\ProgID C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4E0F1EE6-E7CA-4BEE-8C08-0959842DA615}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E8D2DC04-56F2-4F6F-8E11-8CB2BB337FCA}\ = "IRTPControllerV17" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:Zone.Identifier:$DATA C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Users\Admin\Downloads\Bon.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4404 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 4404 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 4404 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 1508 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1508 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1508 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 4272 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 4272 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 4272 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\Update.exe
PID 1436 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\Update.exe
PID 1436 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\Update.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe
PID 1436 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Windows\SysWOW64\reg.exe
PID 1436 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Windows\SysWOW64\reg.exe
PID 1436 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Windows\SysWOW64\reg.exe
PID 1436 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Windows\SysWOW64\reg.exe
PID 1436 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Windows\SysWOW64\reg.exe
PID 1436 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Windows\SysWOW64\reg.exe
PID 1436 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Windows\SysWOW64\reg.exe
PID 1436 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Windows\SysWOW64\reg.exe
PID 1436 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe C:\Windows\SysWOW64\reg.exe

Processes

C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe

"C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe"

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .

C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe" --squirrel-install 1.0.9037

C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe

C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9037 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=22.3.26 --initial-client-data=0x54c,0x550,0x554,0x544,0x558,0x8645d78,0x8645d88,0x8645d94

C:\Users\Admin\AppData\Local\Discord\Update.exe

C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico

C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1936,i,9756090154897806154,15636213353471342693,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2024 --field-trial-handle=1936,i,9756090154897806154,15636213353471342693,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe\",-1" /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe\" --url -- \"%1\"" /f

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb31fa9758,0x7ffb31fa9768,0x7ffb31fa9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4044 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4948 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5008 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff6cf3d7688,0x7ff6cf3d7698,0x7ff6cf3d76a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5028 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5112 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4664 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3784 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4948 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5464 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5620 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5972 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5988 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=880 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3348 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3232 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6172 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6164 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5652 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6032 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5696 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5688 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7072 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6912 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5688 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6912 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7040 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5368 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6992 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6816 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6064 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6524 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6504 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5856 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6372 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=6696 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1628 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6420 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Bon.zip\BonziBuddy432.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=3704 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=3700 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7500 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7504 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=7528 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6924 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=7672 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7492 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7356 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7712 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7680 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7708 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7556 --field-trial-handle=1844,i,6706271469652011416,10122605034522731612,131072 /prefetch:8

C:\Users\Admin\Downloads\MBSetup.exe

"C:\Users\Admin\Downloads\MBSetup.exe"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "

C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE

MSAGENT.EXE

C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe

tv_enua.exe

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentSR.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"

C:\Windows\msagent\AgentSvr.exe

"C:\Windows\msagent\AgentSvr.exe" /regserver

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

"C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE"

C:\Windows\msagent\AgentSvr.exe

C:\Windows\msagent\AgentSvr.exe -Embedding

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004DC

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000154" "Service-0x0-3e7$\Default" "000000000000016C" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

Network

Country Destination Domain Proto
GB 2.18.66.72:443 tcp
BE 2.17.107.130:443 r.bing.com tcp
BE 2.17.107.130:443 r.bing.com tcp
BE 2.17.107.130:443 r.bing.com tcp
BE 2.17.107.130:443 r.bing.com tcp
BE 2.17.107.130:443 r.bing.com tcp
BE 2.17.107.130:443 r.bing.com tcp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 130.107.17.2.in-addr.arpa udp
US 20.42.73.30:443 browser.pipe.aria.microsoft.com tcp
US 13.107.237.254:443 t-ring-fdv2.msedge.net tcp
IN 20.219.13.99:443 a2951c1f694fc191df52b48e075019ce.azr.footprintdns.com tcp
US 8.8.8.8:53 www.google.com udp
DE 172.217.16.196:443 www.google.com tcp
DE 172.217.16.196:443 www.google.com tcp
DE 142.250.186.110:443 apis.google.com tcp
DE 172.217.16.196:443 www.google.com udp
DE 142.250.186.110:443 apis.google.com udp
DE 142.250.185.138:443 content-autofill.googleapis.com tcp
DE 216.58.206.46:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
DE 142.250.184.227:443 id.google.com tcp
DE 142.250.186.46:443 www.youtube.com tcp
DE 142.250.186.46:443 www.youtube.com tcp
DE 142.250.186.46:443 www.youtube.com udp
DE 142.250.184.227:443 id.google.com udp
DE 216.58.212.150:443 i.ytimg.com tcp
DE 216.58.212.150:443 i.ytimg.com tcp
DE 216.58.212.150:443 i.ytimg.com tcp
DE 216.58.212.142:443 www.youtube.com tcp
DE 216.58.212.142:443 www.youtube.com udp
DE 216.58.212.150:443 i.ytimg.com udp
DE 172.217.23.98:443 googleads.g.doubleclick.net tcp
DE 142.250.181.230:443 static.doubleclick.net tcp
DE 172.217.23.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 138.212.58.216.in-addr.arpa udp
FR 151.106.4.82:443 bonzi.link tcp
FR 151.106.4.82:443 bonzi.link tcp
FR 151.106.4.82:443 bonzi.link udp
DE 172.217.23.98:443 googleads.g.doubleclick.net udp
DE 142.250.186.65:443 tpc.googlesyndication.com tcp
DE 142.250.186.65:443 tpc.googlesyndication.com tcp
DE 142.250.186.65:443 tpc.googlesyndication.com tcp
DE 142.250.186.65:443 tpc.googlesyndication.com tcp
DE 142.250.186.65:443 tpc.googlesyndication.com tcp
DE 142.250.186.65:443 tpc.googlesyndication.com tcp
DE 142.250.186.65:443 tpc.googlesyndication.com udp
DE 216.58.206.46:443 fundingchoicesmessages.google.com udp
NL 216.58.206.70:443 s0.2mdn.net tcp
US 8.8.8.8:53 70.206.58.216.in-addr.arpa udp
US 172.64.151.101:443 dsum-sec.casalemedia.com tcp
DE 142.250.185.98:443 cm.g.doubleclick.net tcp
DE 142.250.185.98:443 cm.g.doubleclick.net tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
NL 216.58.206.70:443 s0.2mdn.net udp
US 172.64.151.101:443 dsum-sec.casalemedia.com tcp
DE 216.58.206.46:443 fundingchoicesmessages.google.com udp
DE 142.250.185.98:443 cm.g.doubleclick.net udp
US 172.64.151.101:443 dsum-sec.casalemedia.com udp
FR 151.106.4.82:80 bonzi.link tcp
DE 142.250.186.50:443 p4-fai5rxbxehx72-c3a7kmyjc6xnckyl-819167-i1-v6exp3.v4.metric.gstatic.com tcp
DE 142.250.185.242:443 p4-fai5rxbxehx72-c3a7kmyjc6xnckyl-819167-i2-v6exp3.ds.metric.gstatic.com tcp
FR 151.106.4.82:80 bonzi.link tcp
FR 151.106.4.82:80 bonzi.link tcp
DE 142.250.185.162:443 ade.googlesyndication.com tcp
FR 151.106.4.82:80 bonzi.link tcp
DE 142.250.185.162:443 ade.googlesyndication.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 104.26.6.214:443 www.iplocation.net tcp
US 104.26.6.214:443 www.iplocation.net tcp
FR 151.106.4.82:80 bonzi.link tcp
FR 151.106.4.82:80 bonzi.link tcp
FR 151.106.4.82:80 bonzi.link tcp
DE 142.250.186.163:443 p4-fai5rxbxehx72-c3a7kmyjc6xnckyl-819167-s1-v6exp3-v4.metric.gstatic.com tcp
FR 151.106.4.82:80 bonzi.link tcp
FR 151.106.4.82:80 bonzi.link tcp
FR 151.106.4.82:80 bonzi.link tcp
DE 142.250.185.162:443 ade.googlesyndication.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
KR 34.64.233.111:443 e2c5.gcp.gvt2.com tcp
KR 34.64.233.111:443 e2c5.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gvt2.com tcp
GB 172.217.169.3:443 beacons.gvt2.com tcp
DE 142.250.185.67:80 www.gstatic.com tcp
GB 172.217.169.3:443 beacons.gvt2.com udp
DE 172.217.16.196:443 www.google.com udp
US 8.8.8.8:53 e2c26.gcp.gvt2.com udp
US 34.86.82.41:443 e2c26.gcp.gvt2.com tcp
US 8.8.8.8:53 41.82.86.34.in-addr.arpa udp
US 8.8.8.8:53 e2c11.gcp.gvt2.com udp
AU 34.129.38.245:443 e2c11.gcp.gvt2.com tcp
AU 34.129.38.245:443 e2c11.gcp.gvt2.com tcp
US 8.8.8.8:53 245.38.129.34.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
DE 172.217.16.206:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
HK 172.217.27.3:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 206.16.217.172.in-addr.arpa udp
HK 172.217.27.3:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 e2c8.gcp.gvt2.com udp
SG 34.87.124.238:443 e2c8.gcp.gvt2.com tcp
US 8.8.8.8:53 3.27.217.172.in-addr.arpa udp
SG 34.87.124.238:443 e2c8.gcp.gvt2.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 www.recaptcha.net udp
DE 172.217.16.131:443 beacons3.gvt2.com tcp
DE 172.217.16.195:443 www.recaptcha.net tcp
US 8.8.8.8:53 238.124.87.34.in-addr.arpa udp
US 8.8.8.8:53 46.34.125.74.in-addr.arpa udp
DE 142.250.184.195:443 recaptcha.net tcp
DE 142.250.184.195:443 recaptcha.net udp
DE 142.250.185.138:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 232.184.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.184.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.181.250.142.in-addr.arpa udp
US 74.125.34.46:443 www.virustotal.com tcp
DE 142.250.185.162:443 ade.googlesyndication.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
DE 172.217.16.196:443 www.google.com udp
FI 35.217.17.196:443 e2c39.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gvt2.com udp
US 35.212.207.78:443 e2c51.gcp.gvt2.com tcp
HK 172.217.27.3:443 beacons2.gvt2.com udp
DE 142.250.186.46:443 encrypted-tbn1.gstatic.com udp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 plausible.io udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
GB 143.244.38.136:443 plausible.io tcp
US 192.0.76.3:443 stats.wp.com tcp
GB 143.244.38.136:443 plausible.io udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
GB 143.244.38.136:443 plausible.io tcp
US 8.8.8.8:53 233.66.0.192.in-addr.arpa udp
US 8.8.8.8:53 137.102.96.34.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 50.19.73.65:443 genesis.malwarebytes.com tcp
DE 142.250.185.138:443 content-autofill.googleapis.com udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 35.245.208.72:443 r1.visualwebsiteoptimizer.com tcp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 72.208.245.35.in-addr.arpa udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 api.demandbase.com udp
US 192.0.76.3:443 pixel.wp.com udp
ES 18.67.240.43:443 api.demandbase.com tcp
US 8.8.8.8:53 www-api.malwarebytes.com udp
ES 18.154.41.67:443 www-api.malwarebytes.com tcp
ES 18.154.41.67:443 www-api.malwarebytes.com tcp
ES 18.154.41.67:443 www-api.malwarebytes.com tcp
ES 18.154.41.67:443 www-api.malwarebytes.com tcp
ES 18.154.41.67:443 www-api.malwarebytes.com tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
DE 172.217.16.131:443 beacons3.gvt2.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 api2.amplitude.com udp
US 54.71.232.169:443 api2.amplitude.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 169.232.71.54.in-addr.arpa udp
US 8.8.8.8:53 ark.mwbsys.com udp
US 52.2.64.5:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
ES 13.224.115.3:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 5.64.2.52.in-addr.arpa udp
US 8.8.8.8:53 3.115.224.13.in-addr.arpa udp
US 52.2.64.5:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
ES 13.224.115.66:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 66.115.224.13.in-addr.arpa udp
US 52.2.64.5:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
ES 13.224.115.66:443 cdn.mwbsys.com tcp
US 52.2.64.5:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
ES 13.224.115.66:443 cdn.mwbsys.com tcp
US 52.2.64.5:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
ES 13.224.115.3:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 ipv4.am.i.mullvad.net udp
US 8.8.8.8:53 holocron.mwbsys.com udp
SE 45.83.223.233:443 ipv4.am.i.mullvad.net tcp
US 23.20.67.183:443 holocron.mwbsys.com tcp
US 23.20.67.183:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 233.223.83.45.in-addr.arpa udp
US 8.8.8.8:53 183.67.20.23.in-addr.arpa udp
US 8.8.8.8:53 holocron.mwbsys.com udp
US 34.198.76.229:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 229.76.198.34.in-addr.arpa udp
US 8.8.8.8:53 crl.comodoca.com udp
US 172.64.149.23:80 crl.comodoca.com tcp
US 172.64.149.23:80 crl.comodoca.com tcp
US 104.18.38.233:80 crl.comodoca.com tcp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.21.17.194:80 www.microsoft.com tcp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

MD5 b80e266f10752d57fd4f5df29f4c5b18
SHA1 393253b81af010c29f91653716a29b92f9f79872
SHA256 52624abd44d7ff29a4eda72f9c5317c6c52f80743c02d3d0b4462153e76fc3c2
SHA512 c6afcb7dc071233145a54b6e190e8ab9587ce1d1958cc5599b3dfe02be5897ada2a4eac7f2bc70fc6637d261144df86fa5478134d54c332bfe2750a6d9f8e88f

memory/1508-9-0x0000000000BF0000-0x0000000000D66000-memory.dmp

memory/1508-10-0x00000000738B0000-0x0000000074061000-memory.dmp

memory/1508-11-0x0000000005850000-0x0000000005860000-memory.dmp

C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

MD5 7763bf329f69dda236bed5d4cc4636a9
SHA1 c7286e00b9673d9536770aa6fce42899d39f34bb
SHA256 c728be42dbebe9010039ed3c2667d60b3f19e4f2cdb48c740bdb8e034401cc71
SHA512 d9377fe4cd86a464a4ac664872f0ead92b5a0a10770d279a6b5454691e4e3520af37b4c2332316c08ebf797df8338559d5c4d70f25f4b86cc370288a6febde67

C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9037-full.nupkg

MD5 77fd55678dd0eed9bcbb311d0a8c0b85
SHA1 db9d881928aa2bb808834470f1b03d5a7037cb43
SHA256 f3342765e0ce49f97fa92e70825b8892224e4829355c6dadb7038e01f4ac62a2
SHA512 ec9edd00875b8fa5b96718bc45c1c758cf9003f43e997820c2dbd4ffca070291d210c109b3c6b6a5ea92d4eeaf90a09099098c3d8498c6656d0ff712c66208b8

C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\Discord.exe

MD5 fdd2dc840e723643ae48859c97fea71a
SHA1 28db738f5a99bdb35168724ee00f28382adf2134
SHA256 47cbd931e266bb3b3a6125b956e6d169647612fd19bdfa1798932b633e760bc1
SHA512 9fc50389e4ed27e59935c1b607c1c0a8e197c1c20564364f5f03b096cbb1a1189678c92ae9c641ecf5ea644b287064d3a1c7d99e52e4156df139ded4daa26a5c

memory/1508-197-0x0000000007EF0000-0x0000000007EF8000-memory.dmp

memory/1508-199-0x00000000101B0000-0x00000000101E8000-memory.dmp

memory/1508-200-0x0000000010190000-0x000000001019E000-memory.dmp

memory/1508-201-0x0000000005850000-0x0000000005860000-memory.dmp

C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\ffmpeg.dll

MD5 22e4f4d52854aa6fc16a7570e8450912
SHA1 c4bde8528c16dced387e4ba2e6743bf1a2546566
SHA256 937e0ed0fb5682bcc549ea44e389e97a269b0141d57d08ace74e54bc14ecf12d
SHA512 973b14599dc95b762fce0af6c6cc5d869ac6e3eb50d875f5b67ca83a6cbe076dd69a1b82f7e66f8fd71a09e7f9461cb50d36115a3a5c14bc05816e2c80ab86e3

C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\v8_context_snapshot.bin

MD5 3f6f227dc46c0d5262cd6ca9bb7703e5
SHA1 c8bc76f93cc6305e70f2041a52acfa6c44e9889b
SHA256 869f5e88fb5e04840f035fc1c3f688e94499c8514bd053c9979413ebb8de4611
SHA512 566394fef910b8edeb04c7f5c172ce9b361478275463f7eee4b5611536241431fa7638e47e5ac4b9df7467c98b120869b4e4f87e46628b40dae5685897cd256c

C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\icudtl.dat

MD5 76bef9b8bb32e1e54fe1054c97b84a10
SHA1 05dfea2a3afeda799ab01bb7fbce628cacd596f4
SHA256 97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3
SHA512 7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\resources\app.asar

MD5 285e0f97a0c2bb8e2790d8228b88127e
SHA1 47da0b46e5183d8cd5b6f4e35d1ad5678eb0999f
SHA256 f03e68c56c8d4c594130f1aed49b1caff51d8d9db552aa33e2eed72c1c48aa19
SHA512 122774c569e08989a4d5ebe7772292c8ae1555742410596ef819f5054439416822b571e80c84bb8721a615090563d154dd8daf41883067a2dbdbdae38265f4a3

C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\resources\build_info.json

MD5 3e62eda73a7542411dea90593126c515
SHA1 3dfed1182a2158e65926799229af4f3441e4d275
SHA256 ef0c6245e8684ff7c7eab648d0a5df441ea9ac172b7afb28641084b40a865620
SHA512 d0f4bf63a09e0c8eeff4105eb033b853575ff609c26ce28c3c90ae10c0c3d43643925cd03f2b616ed67a5373560998b694cd55541969fc3ef063fb4755706ee5

C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\app.ico

MD5 084f9bc0136f779f82bea88b5c38a358
SHA1 64f210b7888e5474c3aabcb602d895d58929b451
SHA256 dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43
SHA512 65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\resources.pak

MD5 3b20663d297fe4175c62e07df022d436
SHA1 03e57b5fd5d33eeec5d510c5382a263b4514c306
SHA256 c8895857a61455b2b2beca23f6d400d29fe1685666bef79f11385a3485d24628
SHA512 ddebaa58495c93ebc282b27bfa883eebc36048707ad779f8557eb12683c38f1db9be8e2f96257456aa6ce6b26e8d639dc28783b6cddc92d294219ace66c9134f

memory/3564-223-0x00000000738B0000-0x0000000074061000-memory.dmp

C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\locales\en-US.pak

MD5 3f6f4b2c2f24e3893882cdaa1ccfe1a3
SHA1 b021cca30e774e0b91ee21b5beb030fea646098f
SHA256 bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f
SHA512 bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

memory/3564-226-0x0000000004CE0000-0x0000000004D00000-memory.dmp

memory/3564-229-0x0000000004DD0000-0x0000000004DE0000-memory.dmp

C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\chrome_200_percent.pak

MD5 5604b67e3f03ab2741f910a250c91137
SHA1 a4bb15ac7914c22575f1051a29c448f215fe027f
SHA256 1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c
SHA512 5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\chrome_100_percent.pak

MD5 d31f3439e2a3f7bee4ddd26f46a2b83f
SHA1 c5a26f86eb119ae364c5bf707bebed7e871fc214
SHA256 9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e
SHA512 aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\D3DCompiler_47.dll

MD5 08ac37f455e0640c0250936090fe91b6
SHA1 7a91992d739448bc89e9f37a6b7efeb736efc43d
SHA256 2438b520ac961e38c5852779103734be373ee2b6d1e5a7a5d49248b52acc7c4d
SHA512 35a118f62b21160b0e7a92c7b9305da708c5cbd3491a724da330e3fc147dde2ca494387866c4e835f8e729b89ee0903fd1b479fcc75b9e516df8b86a2f1364c8

\??\pipe\crashpad_1436_CIFMOKNICXVWYWOM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\libglesv2.dll

MD5 3cfdbeca8f05caeaaf4299d7defa6ea9
SHA1 b1d60f5a7a430223f529944dd4e5d1133961df1f
SHA256 aea9b2d2ede35e098a2b1e71296c13c80fb686d3f8c50161bd91aef58c456d61
SHA512 33770ea4502826f602bfe8d3316a0cebf3f0339013a45461700d002665cdea5fc9814637182167af6dd226ea96fb2bd8344c5215af7f24bc3b13e3b771696faa

C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\libegl.dll

MD5 5151514e51221d954916e23b262df83d
SHA1 59671bfc513f995703b3f5d34434f7a7ef695b87
SHA256 a57a95b5a0a5858610ee1845cf49a3d44c9bf38b6fbfee3f228c3cc516d05c2f
SHA512 ec0eec9de3382e66eedfc067a9961f1247be27392d54d4844e2faa944adc29efd7e420cc5de9d64d25f40adbd420b418ba8921d07060b0d83386dfcdc7b688b3

C:\Users\Admin\AppData\Local\Discord\app-1.0.9037\vk_swiftshader.dll

MD5 094a0365a255a3b62227c87bdace1678
SHA1 0810540ae0ef480b7357d1f0b3620725d6f903fe
SHA256 196f8e5a50cf5d83f5256d9237ff705cbdaeadd9c2660b4da88037403425093b
SHA512 7c805f17f285899c172d29728958a4fab109609266706b167b12d883004fbef2f53219a8c135fbdae6ed08c9a07a9e1d34ae0f067bf6bffb7da3753903add376

memory/3564-291-0x00000000738B0000-0x0000000074061000-memory.dmp

memory/1508-314-0x00000000738B0000-0x0000000074061000-memory.dmp

memory/1508-315-0x0000000005850000-0x0000000005860000-memory.dmp

memory/1508-316-0x0000000005850000-0x0000000005860000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 55f93fb296bd19d92c9275d14e63e426
SHA1 a053044a3c652b92a0cb00acb33107585d98b6cb
SHA256 9e35d87a56aaf57120b9d3f2aac97dee52d2824c8452a7bf7d172e1cc17fc496
SHA512 94e7a1af3685d777dd9002f1b85012b3b2e65740b47ddb8adf62c18fa846a725b75288e03e438e3404262205746627dc028e41cbf21946caa1a855ac488d2eaf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4d2827a52a66412dba30fa686f2dd27c
SHA1 8d0de576260582319425b3e30c4c4fdfb6b42560
SHA256 79c4b25e77ef6201ab1b9dccd6158361b7d96b4f440212cc009a2a92ebe3c6d3
SHA512 36e59d77f67cf5d6a0707ef0c2405a94446a3ed22a51ec5167991be2012e2784b240f9138634ed63dea2c04692d98a8164bdb7fb1a1cc232f18a9a7682faa7a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 45d7d33e9b919e3ae40d54ec124fac6c
SHA1 4e0f254290c1aed71f3a7e6f0c27589bb71fc2bd
SHA256 add71e1b9e797999ddae6be5e82a11b79236b3446741d4e17c046abbebfa5dd7
SHA512 ae793da5d726ce98301b994216a4dfa0738d8374c9b1df933e5ffc9c999bf8a5edb4596a5d29e755c39c8a0d146cf82c286bd0aebc610c1eddd926d903f4d258

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 eed838ae2ae17694325ac7c02cfd107d
SHA1 be45282576d7d49fdcc542946071988021376c55
SHA256 35810960cd56d6794509eb06db7c6ec17697042cfdb2476a0166a3f319562c35
SHA512 cefac585061b1c0b50248360d56799590b3f88f153e325f64b7b5077c20038e2b9410842e6bd5f9950ec4a857960a589a5c11912b65397801e2fc49c0a236155

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dffe3cadce1661d3c64ca26736a0220a
SHA1 04015f2e0e85a238ae7ea80fcfc62da0ca567418
SHA256 3643345680da55cd47212e4e8a99b59152db99da737ca859b6228e1a034a50c4
SHA512 b0fbd180af675fc3ef8055d6aeb3f011878b6c26548a3494d4349a94e61375d00c23767654f9704b6fb5262beaf857118c2e2800de56a9a10595cf47ce41a4e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 43926a0dc0348596728ac39a76c0a3ce
SHA1 f11ec9eadcd00e03c831be3d4515e083ba517cc5
SHA256 fe00d609fed069c729f32f35e715526f62ee095124c32df2b44186529f6673ac
SHA512 52a078419bf0e377fe184e7a9aaba7c6b81b8f7df798d417e49eae67540fcf912a685eaf5a860c4d2e09e28c365e5ea706f406f84d3c55e27084123af85ed57b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 bf89ffc08dddb2e610f22e6f6482b59e
SHA1 0935a5b4037121a21ac415df3bc50ed650f2797e
SHA256 85605fbddc4e7adf25ea44dec486d0de703e606a92df9435807c63471505df6f
SHA512 e3a5f57616c88e406e21e07745ca4f8b7bd11bbc0bc768303fc89e664ef6b40f754a56671c6f36bb629d5252c9b1ffd08cfea96274350e0622269c80c2989af9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 eaeb9c60d461979c1667ba6adfc74c69
SHA1 beac5272e486bc96e5ae15371297db9cebbb9fa2
SHA256 0cb2d8df9498e647171bda1eacf1a1e505a228f6cf36813a49f3b60f9fc8b896
SHA512 63ebc6f683f683cef6d6d2f69f79ef2a021fd38f8729725b9065c74c1208c5fdb522a08f1dc0ce48e9c28c8eb53b1ba096a78b804729aa37a8b186b9426126d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 e3b7c1f55a368984a5ba8cba843ed6b7
SHA1 3362755d9f77b6eb0801ea9b3301a24ee63fb22d
SHA256 7bd1a844aaf30cf44b61e3e9266a2db03f61dad8c851d78b170df9034ceecce5
SHA512 64b0d6689a59da5bf40762169b925eb0dc0d47d0f60c8a83c3cb3696af2c036eba4fb7336e77b99509d9c80ec3b942649c62950c179185ebcbaa132804bb133c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58a3ad.TMP

MD5 2a4ca26adc3023fd185de26af756f976
SHA1 362a32be66709d58f2dd7805540b8f9d35f9680f
SHA256 f52e5005494307e566821626e5d0e9c6720a5ed097198237a2afb448f40d2fe4
SHA512 c1a75ac2350b470ad73401eeddbce11d939dc540156b6228ed30845bc67229afd8281b03559ec78273f56723aa820b23c796d2e38747a356e63038265dae1b2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 e7598fb8a37cba6f15fac8dfe908a277
SHA1 d2c6bc5abf785b0d5e2c20625983c4795733add4
SHA256 27d1731e1488d642126ec8fc645f0943a85f9db5521b45119af696c9c49e41b3
SHA512 d19abf40c6da8f47c20df579bacb234fba91ece1c12bd1b1af120b2bba29caaa332bc8d06ab0036174049a1e49c88149f9262e2086639f4c934022e35938e4df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fd5188e3699ec96e9d4c674f6843ef4a
SHA1 f7dae59bc3df3068411ce36c85b84e397d2c850c
SHA256 47def1fcab5019b1bdb162b9107bab954744f4cbbe18559fee79dff1f225b5d7
SHA512 33107205378cb3f38192525d2e7d4bc6b923104381e1c36e1d8d8cac592a00c9574df89d9b0f6424ebbd836f49fbff114b3d302801e58379695bc871fca98071

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4b4bd9341b4943025ac3ce037a3e7069
SHA1 081fb33a67c28bd0987ee7643cf6e0448f9ab1f8
SHA256 28c181baa0dc785950ba49a677febcf29715717c35cc081a03f506553939ebf3
SHA512 2fbae72129fffdf66c8bd2ef93d1a5eed4299ce92c454a51f6d27513c85dee2639887da7e148d9d08a1e6e018763dde44645898fc76192a6ea7401c11f35e9d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 13da424e1ede114691c3d87bcaa3134a
SHA1 2557389800bf1d940e1b3938f05469a4c9f8b551
SHA256 ae04852c1ee5988f9cafaf1095f42ac89a85e2857ae2b279992223a7142f66e0
SHA512 d1446e601116d60538dcebbc81116b446638decde9daefb2230535d9b45f84593b3fb7a97b6076be8e3928f71c74b632a2f21f329d5597336c8e4a8538c7955a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2d9e364d88f102ae4164c143fdf6baf8
SHA1 2c352278a47c41010e7deab14005a0230a4c87eb
SHA256 1e103f3c56625c9cb806b5c8818a72f14923eed7d14a509937d2cf1c80d69d4f
SHA512 ab2715942ce90472d2a78e547506577794f32d4056f0426accef69b97c39c8ab1ea091d802613fe7858db01353210c36f44b7319b01e0589819560ac21456125

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58e9ee.TMP

MD5 519b3e4378914569e568bfad125cdc27
SHA1 7156cfeaff820d936aceea491009366fa088853d
SHA256 5c90816279bffcccb2c3572abeb1e0098d7968ff0d6d3641825d94aded2e8a2e
SHA512 a961d8103123f429d893c2dc0847cf34724e412204654109ec64f84758fc2387f9b41da9dc4cff268ca667e22ea0d9ce65de7e2dcab4fac76b20a97786a38865

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 352f66f14122e82874ad91891dd7de75
SHA1 123eae04c90d80acbc520f35f880bf0a2212c79c
SHA256 dd144c24c3c5b3dfb5dd6ea46c143b362bb9ee2c1bb2fa74959060a130c8f0cd
SHA512 6724bb9cfeb71562e6c1bdf92cb40cb87c7b2398b08e0f5d34e9d8e4fa77f34508769a99e4ac4ffc939bfb7f1112c8df943e54a88a069ef1f5905f27e6bfe7b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3f17fb0469521d7c5327bed382983a18
SHA1 ffcb0756765597b370d684fb8b6d66cc8ddb1150
SHA256 71a1f79c15356470130f65e3a82cc765aa1fd41ceb5a05e5ccd8560130ae20f6
SHA512 c7c5742136d5e6d672b2f871ce64cc46ff03cbbb1909c4e4a850bc2e5411d23e33d944afe961f5931f85c82477c80667a1584fb176f6eb0531cb4e3648a75630

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 10932728c94c1c938207cb19d43ad3a6
SHA1 8cc2dd81dde175337a86bf8dd2b96472f515db66
SHA256 d94fc913c0706f7d142911e80cb5b9c87d11cecce12714ac0f011ddf7620d65d
SHA512 32312a5e89396caad186d61bd7d5252fa0852828dc645a2018c3b99404a378e014d4167075fecf08c904756c1dfa53f441de2f5b92dab71dad4028d3c3151db3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6caa77c33edc54ce8d1d74c47df35115
SHA1 cf8ee9886da208816bb2ee4869971860b75a695e
SHA256 bae82e8d1aef06c161046cda5dc61d53dee8c8fc80f86c69f47b8b4a7d125672
SHA512 9c087705b9118260929c9c77c3dfd27766960435ea83c54ced89cde2af778d5040b203dcfb43a00554243b1926d6a4915334a718afc0b47dfa0d93434dff572a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e4b3355c60bd2275b90e575b5d49857d
SHA1 7ea8debe38030e583ce745381d3f9003744d4f1e
SHA256 f9e306db2f0ab7d45e00cb08bd74859bccb1099ac31684bf7c8f5ba98d022e45
SHA512 237231010051b3a42dfa20bf74d961dee12f9ca115cff11bbf769c371ca838cf6ccf559d6af178500c47873fc1fa27593984d7396ee5752916875d202cbb2ddf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 253fa410b53de1a4db67faeae475e7be
SHA1 d446f0225ab9cfe94057affc92f72b1cd5e3ed9b
SHA256 f4cec3e4fefef136bca5a41aab940beec5387d533db1901a599bda14fecbde0f
SHA512 be99a077b02a8ad3ae0125c2371d1263d11c152cfc3e5019ca40aae0752b78b29d0524b504c28741601cae5c28ba698d2c0e8727598051a7e9a982ee181f9655

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f0320956f83e336f81c62932d38c7807
SHA1 c28e1c4cd71da97053a64424a5564a779a0b04f0
SHA256 8afe19a20eb11de967ecdf1c20d5634920c6aac5ab2c3f1c6feda3757459791e
SHA512 6e2a31c46e75789a3ddda4f8dad3b8fffbb60ec93ca68bad6b783faad850f6687fb00df1cce78bd60bb3994cc8b29daa0e4ff7d860160cee14a53d37353de8cb

C:\Users\Admin\Downloads\c56ff5d8-ddd5-448d-b42f-3b0dcb998238.tmp

MD5 25afcf36b7f5aba6e436d7db60f15829
SHA1 c61b46c34c57d4b250de09467376f3ec819d70ea
SHA256 a4de5e8127fd600d77bc3463fd501693abb59490ae585811be196269c9d80963
SHA512 156d5acabd891fc00ce28c272e576d13b95603317821422173aae88e778a11c6128bcd47cacaba2c564302ca5c70f420ba12f1b39acf7a888477fa21aac7d4b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7dc46bd4e720f11e093de17f12283f41
SHA1 a2fb6cfee53f571c7c5b4c0c6c5021a0972a8620
SHA256 5683029e7257627785301019aa32a949455ae8290248a21fc120db82a2e9c2d3
SHA512 5158358d35c18bf4739d226fe0b4284a7014bad46513f2677a07bf16063b5e813eb55cfd469db8bf71abbb31bd87cbe89bc69aba5863ede0e24f69a80f6c4336

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5ccf56ae123267c499641f7e342430ef
SHA1 3b42af60e158359b8a9e0fcbce1a8c1bcb729147
SHA256 a7b42e6a549dba1262de97887b00c948aeebee86fe6072bfb06f65a7e697eeac
SHA512 59cf4ff871c2ada70fb5e4bd77d585530daaaa01a75dd64f235f2e9d27085239e0cb9996501306b19f6381db0540d59886f6853afdd7c6badaa5c2988fb4de93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 9868f905aa172d2ce76a9000d498426f
SHA1 565e49a6553f07ee724de2fafb3b9194e7a3c5e8
SHA256 ca03b6472a05799b195c2fe3ae71e2bdf370527e688dda23bd9cce6de3bf09da
SHA512 95abfadaa0b7c043198d657870b58caa1bf8d720b3c308c69170db9fc214a091a53dbad1135c838f6c3ce2be709fba5d1d75f9c9e0be5f52c144522bc4fdd1dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 101aab38f387656a91c82dcaadb4b2a3
SHA1 d00927f341349772a75379ffcff72670bdc224f7
SHA256 879e82d2fe1836cdf7141a0c0e9d4ff63ced9c1e1b48797dae14d597a8afb4bc
SHA512 d250e4e976a0dda95b4aac649330b2ebbd691153c619ada4a28cad8630c6ec583d78dda087f7c6c14fac7493ccaaeb2a20c5ae33fc67b82356d9175acca8e41c

C:\Users\Admin\Downloads\Bon.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c69e4645ebf5eaf6877e8135797781a3
SHA1 dbde122659a962eeb7085abfde5c4c2afc46b926
SHA256 5c047fc9071e1cb8d0971a852161b70e9639c06261decc4ad4e77d6642fa3fcd
SHA512 8cf9a447fd89072649401278c9c6f5b318ee06ba829821b6052763ccf1fdf90079aea616852cf6f93ff61616514418e136712c3032ec7a981dafceefb3d8aaa6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 babff89c66eb006edba294381cdedf5d
SHA1 f2653c510bdb3812485bafce0e13df3b0dbda9ba
SHA256 9c8fd205accd1eabcec27f0bb9712ddd63e0573e8713da0bb70c96818ba11123
SHA512 6fb7863a0e0c0f6f8f1f1c1718805d56bd041f958d44b9b278f4486510af9f973d6215ba4d971ba63a47eb9d7c73632f36237b7f1ec58111fd62cc0e19f7f2b5

C:\Users\Admin\Downloads\Bon.zip

MD5 65259c11e1ff8d040f9ec58524a47f02
SHA1 2d5a24f7cadd10140dd6d3dd0dc6d0f02c2d40fd
SHA256 755bd7f1fc6e93c3a69a1125dd74735895bdbac9b7cabad0506195a066bdde42
SHA512 37096eeb1ab0e11466c084a9ce78057e250f856b919cb9ef3920dad29b2bb2292daabbee15c64dc7bc2a48dd930a52a2fb9294943da2c1c3692863cec2bae03d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 12a9b59c31f705220f44a362dd78ae95
SHA1 d1c267364c06c75d60ef922ba2607613caa77349
SHA256 be5241562b6019f96c909705fbdea12a283c5b45f626000c58963f85590bd58a
SHA512 0034585e051782cd18ec1f4f78e655c0785a44ebcc984b8000b3db54ad83d5c56f837c2dccd13637fc00942dacec19f557684211b7f934e88a3e9f4d4f7d8dc9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4bc2f75369eb2839_0

MD5 3c39b07a1aa6bd38882ae0c28d03550a
SHA1 cafaa15f2d266ac23a0cb57da6ba41bb4187805f
SHA256 cada7b9b94e16bec6519beef8945a76b0324bc3870f9c158e062c462067d8ea3
SHA512 15648f5fe2df82e1261a52d83c6655d6337b48768d34195b8e8906f220c02d0bc18b132ba6a06504ec732583f028b3a545da1010560c695c9c0a448f72aacbcf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\67c50de98b45ef7a_0

MD5 2900b7bea8c878595c12172a241d12cd
SHA1 99212ae931e5fec61f1364f15db52c3839ce6841
SHA256 346588735e35988e910932a7d6749a3946af8a0357904818b5bebe8d3e84fca1
SHA512 2035e75db9da65919cb5ceaf1946e2ce517f02c8f39fafaffb17bbbc8a0c3dce13c0d6feb7575a3bdad9eec99c5650279a421e11337b59d6d513da981528d1d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\29a3a61f63e5181b_0

MD5 40a1457e9b6459b838ff84253cf86553
SHA1 e3bff849e547e1181d0e7b726c38287074886163
SHA256 9abb1366287a9fd290671d1254c459f62991e9a7d26043c55aff41be9156ed6d
SHA512 f1e45349399ef6df3a123a884df1d3af2afe8cb1dd75ca69af102be34fb70fe99c1db88eb741dcfa658a0c8efbd8705902baa8581499786aeb4fd78d3e01dbb4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\da9715a0f8cc45b2_0

MD5 e85ff8ea2279497cf2686d14f5ca6e5b
SHA1 fb24089eea343242d4436d1511b71ec89ca31dda
SHA256 a2e57b1d3318c1f123baf1fd05987ac5fdb332d4a2cbd653391592eea293749f
SHA512 b1e9de0210e8be319f6dfdec32867099b7e71165182df32d2fd1da3342634a5a5f8ee9a4978aef83e5615c7c5c59f0a314ecbc5a7d56b7d8caf3012d8e0df363

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fc4e9ec405c0278f_0

MD5 ceb6c8b990cbdf1f6c49dac6ae42a3fb
SHA1 a43a440d1412d2e4ad3cf6f92cacf26f2eee581c
SHA256 dfe2bd0290bb35089b8886ecd9a2463abfcabfbf461422c20cabb7113ba3ec4d
SHA512 a59cb9c474b288095642a89d67e38b318e2e38d4031628c77ad49cd38496dad1f1e3865e7d7c9202c33c1da6452050e663d8ee48defbddd37fef856a1931be3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9c2bfb1943c821c8_0

MD5 17547f158262481ac2ba09e0563156fa
SHA1 6956471ee59bc146df1992b75b54d721a0dc3f61
SHA256 04fb46bf349f5e0383f2ec938ef89c5d19b9e4fa37feba8657b9aca9c1cba4f1
SHA512 ab6c680b4af245aa4fc2f009f40086cbe5f32e3dd700ac21cee982e727a7a426a7188e01b595d80e9f42d352eefaf6d1167a60f67920a06673b2a4263923c912

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\75edcb36895ccfd0_0

MD5 f603d325e4a260af6dcaf14f2c377571
SHA1 ec4fcc556b17030e3ad33a7c1bf54e71e5a6c891
SHA256 020d8a95566a3e8e3118338188f369afe578d7cc22de5a0134551be19cf4f603
SHA512 088db311f59654e7e4e26d85dcb83d9c8bda1d888c161ea6eea92a790f33be56654cc229b091dd6ddd13c53f7a10cfc697785dfe6e8aeb5716984735defca8ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 83ea8a5e86d95f525ac594c1f256987e
SHA1 dbd742a3f0cbba3e659570bf4b0677fcc494a9fc
SHA256 3d260e54dc9ced6e07a1d0051012c0edecf4699d9a03a2e2db753abd89ecb6c6
SHA512 e56c82195dbf6ef0024aff77970c9c7d86f8d2364e8962a52913a76f29be13aa6f16f4fba3f8dafec46e0594fd8e52381e242f4d8783a5b644ac9f326da00857

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 0cf573b4dbccc9442bfa4f88a5df0330
SHA1 c255f5b3deb76709b5881e029a73be8fde078619
SHA256 b352923035b766cca60ce41220ffbbca7355315e4dff9a1f047ae08986787868
SHA512 2c662c2d0e9982ca3eec0bdf4f21bd8118a7229e82743e6e72ce5438f621a9e7efbb2694300531193192d5fb388d37d84b53d0187172e9de2268ba5cfe4eb288

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056

MD5 319e0c36436ee0bf24476acbcc83565c
SHA1 fb2658d5791fe5b37424119557ab8cee30acdc54
SHA256 f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1
SHA512 ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4cc5a48a235fc00a9b33654fe5e2aeb0
SHA1 962578f408539e4db2780417ee43ba1cc54e70c6
SHA256 44523017b428b4bf166b66c859f98a99800b5d98c18a3133d68be379c5bb6104
SHA512 e87ddca3b419fdb5f4b39e26f42e2d8e00066086ec90ff74408a2b1622e60a2f00d9913b18f4b0f2160d7c8cb764397b71a4fdf0175d1bace90b2eaaa8dc1c5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ffe23e66e4708c30e6931fc037860b62
SHA1 1dd15ef48bd355d48c80bc35c6a11ac639efdb97
SHA256 22eaa68b5c3acf1f546427e2dd8bbb7755d6d56abbd2db1d2f6587d99540b1c0
SHA512 f80083d8ddb5142c98a6b0fd95de54c6a8d02912fe69ba6713ad2b93425eadfc47b16be66b501708393a07b962ded2453a713fe6df1e3d9cbda4ddeb15dd14f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2dc3c28da498726a2ed231272793de57
SHA1 bb2077ea1b528d61300d494281d3787210d6ba9c
SHA256 4289edf13a560ce693a7c7012d4e8d2c6d31989aa4b4c8feed72f40538cbc5ce
SHA512 e3a672e70938bea30ca072e1dd39e9a33bc31211b9665a222caf8c6437fa9993ecd580e9d2ca2263b96d6cfe6a56d0754274c67b436a50a64a2f90006c64e473

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 edabd241a9782a68ac22df6d1ef8f5c2
SHA1 3189bca96184b3fc770ab33af4f81599bf4cbcbd
SHA256 631bb4d88ea393924028c71416d6c57a558ec530e4b64c3ab11942e2a6587353
SHA512 6c8746e6eb482d0ffbee501deb21a91563561352df2dd174010f60f268a7d107eeb8be33acc4086f8b1e8314959ccf3f9199f576af734e4eff288b924fa65162

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 4c5366e8da934ccff752ed8979b2bacc
SHA1 b82847e060a7f6421227fa3f395fda8c1394e87d
SHA256 3f41a4cd59ba3413621c7fa0d67ea176d7d1e44e4ac233bcc55fefa12644e7a0
SHA512 34a3b470cbfa9e3313b0dbbfcf553124b4116f4f29b5d5c518be4995f7963c8b86b4acf6acf9f47b538e2d269e0260874f641e604808e38fd980bfbf85cf4670

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ad1b9.TMP

MD5 d11ef8c09b58d49faa58c493b3f59275
SHA1 7a3373ca30bb210ed0f2e3da6be04b8497a33ca0
SHA256 2b03cba17ee1d94142347380cf67fb31bd2fd5f0f9935350cef83ef2d554900a
SHA512 7faf45fd737415204dc1a10e696780c2ab442bec9624d05bfc4a87ac2d371c9bd81ed951269e15f4cbe88edf7f02a00595b66b87f6fcbea2d343e0d8a10c154a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e949c12d34aff1084402017dd6b898de
SHA1 1e6f24af4105e44fcbdc24138f5473d584dab17e
SHA256 706ce1100191d70130a2ffe0137a9c55d32a1ac0cb9f25ef011174a337261493
SHA512 74de619e345dd4869223dbff99a1f586bb0d12d89b77b9653ccfe3fadbc988b4c5ed2f373ba6357e339a004473cd7e56b5f8ab698b6986d3272a768c1ffeb5a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3423e55a30a7dab7f1c78047ecbdedb6
SHA1 19675bcb517a5c338b4838f81dec902d566b32c2
SHA256 783e06a4f4e1025c9d6094c14315f5fccb4008f0fffb2b505a27846b8f75019b
SHA512 f1a2a19b79d0ded0df6974b2036c766c2b6ccc6775d267e1c32ee5fff16efa6b1b1f9b257cb5d534ae4236c56b54577b08de44c9580803f1a40903820a88ca79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9595c7b333244e21b4cded7e440d9607
SHA1 9b4ffb9eec4f9a2c7cd78b5339a59539523ac52c
SHA256 d2f2c238ec66584dcd14ce1cc21bdb85f27ee554343bbfe562c14bb7df86a3ac
SHA512 ad3f18fcc4837d7c1abd841eb6f76669e582714ccadca6ca18f98dc3474855731592b3e04a88f9b96cd2632b24db80057dba9202d09116c01e21a5fbb1a42517

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f96cdfe3c827c68b63d64f24e4a6ad86
SHA1 842f998ef7dfbd6cdb0504eff91f020d82d7f637
SHA256 276eb10c1c1b934ccdca93e8f0157a0964996015b271b0c998322aa9b20c99ad
SHA512 7a4a654be31f45f1affc11b943c50237259c77a944d032cc1dc13932dfc61543bb56e4c62094c8b0c7903b071800444dadd7b533a8ee33b97b2745d25093efbd

memory/2772-1391-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 8623bf926f43c7076c367557816cd725
SHA1 04b976d7a1acb7144f5c2b1779074046536d753e
SHA256 00616bdb7b2855a4ca199520c017a0f02b12bcf67f61f8f83b83fa291d5203b9
SHA512 85614d647541572011d78d96203165a881525b5a2b391d47fdaf5b8c8c50514a8ddacd1f8435fc8a12adfa2199fb1da249af6af7738b046d55a04fc0a1ee2783

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 968b68eea877f186e9245bb7b0ab6a36
SHA1 7285c83711c30e92bdd18d975b72d92075949c5e
SHA256 8c5742989f495fb49322bf9c8b88677de62ea8a78f5a797debb9fc024166540a
SHA512 ceb7f85c0b3dc0e0155536840b859d697dfb7430822213b589fe978b986337eeb5a137e5fff10ee58e331c149f18183d8d0a9e12b7715ce7a61b2676cf5feab8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 0492f56253a5e617ab6827826c8bcf31
SHA1 a8db868c5f914e8b73f79bd9401d1749011aabb4
SHA256 07ddfa2673d96e05e4534fd3236965155881fbbf426e04ff96ecbb0921944d64
SHA512 e00dab806bf9103e071ec9cee73a64a73272ebec13aff658d2bbba769b125ac543e5cc67e781784371186933fa44f26077a239353e299f1b3641790cc0997d88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 30dfb67c82862da92bc89f33fd9f99e1
SHA1 9b8420b1e1b1a3c3c70e39c2f710ae3ad22539b3
SHA256 331cc2bc4d0980789b3ac18298824abc6201ce155f5c63aba67b2466ad486b53
SHA512 5416c9bf576e1b917ae71518416c6f654572b42830fdcba7b48c324c72a8a48fab06911143e0ffa26643860258f87123ff71abe9ec646d764325c95e19686444

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 793f670245b06c39b2ac1875d5f25e7f
SHA1 58fee22152324393405bd55e299bf938621df028
SHA256 bfbe63c771bc05ad44cfbb1c4b3d23b9eca997160dc87118d2faeb45c3b7e506
SHA512 8a1adfd87ae8b582c39eb9fe7aa37e8073db89ea2fd554f03cf567779b02bc2cc07641b21b7373190e44375c6e3d5e5b9dfcdbfb88922eb9dee66b8db7a28631

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 214d95e8dd7ea5808bb14e71c138a811
SHA1 2b929b2fb18646bbde0a1aaf64a6fd19c232f02a
SHA256 7a4a66af4ae95f45b12c0ae78f6c2d47772a4711bf19ab6a12fcb74124275eed
SHA512 08c1aa4fc4faf9b50dda3c8c43ea2660b22f7458f792c2112cf46ee65651b8d56292884da0c2490ad8620012de0a5c4faaf2ce7fcde6c5baa4f8fd6fc240e390

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5a52b879ea363a86c1157e213a782dcc
SHA1 0261b64479158656a68b4d547fd74ac919467e1f
SHA256 7bae655c15e9201232c2b1d5d0051e08963a5e908940c02c511a25323ab3ed95
SHA512 0e2660f44f88d29d691052fa2792f086629980741e06c69f7333e47f72058bf5b559eb0bd0a4424259cfdd26474c3cf3359c97de40a572d6e270e686610cd913

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eabe425ca99731d87971354a3934dcec
SHA1 055ee3644555ec1c1223b83d46bee876bd64fe4c
SHA256 802c8f7e283751cfbd6e901fa8f5deb396b340b31a3b072ee53b53a2d689be60
SHA512 bb72a8387d368b9eeb022b9cd2bbaaeb71df598bfbf69ed8ba818ddb982b117a326372e5c7d40ffc669460c8a5a3ceffd2f38174f2b27fa7cdbe881349b488e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5ae2dc52af21fc65f6f3593928c73ff0
SHA1 eab773342663a22edf699b587a284e540b446db8
SHA256 1fc5312b714ef1d57bb59d3f2ca7143d06aee4d7768c96800c9aef2c2fee0f83
SHA512 61012c1c819689a7e758a1052678fb9d423b885fe5a1c8570f526792e0d5b205582773d884e478b79f9ec5db6aa40795f6552465e6258a9d801f246512883129

C:\Users\Admin\Downloads\MBSetup.exe

MD5 b6d8b7e6f74196f62caba2ca77a7ae91
SHA1 6ac9c99f084b5772440e2f135b8d5365f7f45314
SHA256 74b0bf9c17091ab1c6c61af0aefbc599f1ecc0fff6dee0144a3dfd5cd1f5e18f
SHA512 ad58bc7b626a13606e3f44df7188b2420e0f31ecb55632eac4b6a05dc1574f1ec1b0ef6b52e11832713c6f8f91c807fe3a815699d0748284993ecc54f2823044

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0776cb047b52e0744d6645dc52e41f16
SHA1 17806da7846bea732dc0802577c277e360274737
SHA256 329b2c007ff60e7af17017f5564da448ce5c7bcfdfd7ded6b7967e558edc36bd
SHA512 87cbcf62cd7b31065dddf40b681a6fe2ce20d4dca3c07fde8df777cd4dce4895d553dcb459fa0f8140869b4820980742df8ff8a3d24a5d416412905b70ca4dab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 60bb0018f76031cd45eab33deb77e83f
SHA1 27ff23c636567ab8c7fbbf96b88eeae1f3d1c0d9
SHA256 b469f11dad0ffc89cbe28b1f5c006d32fafc1c275bff6e89f75eb1118f93b8fe
SHA512 5536488e560c8c4e1c6e7ea6606b7386c44f47ca85223a6803f246c10f60c3de311cd921d0d5c433554403d4c1275bf51570844a1ae2117c09cf1af0f4a867a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 72f963fc8d4caa32e24d7b055711a9d4
SHA1 60ac3ab141d34bc9e0e2377a408050c4d3a995ac
SHA256 283db77fe30cac5f781fff95cce13c331c47c13adb718ce6f1c8da869f8f0388
SHA512 b881d9a0f44a9e6b1d43ae5dcbd7f7f3a6061af3904c8d011cb17ef01a27b8a2c67f52161ccffd6b58eb2a42d129b96696a0d96448fb571ad08133d7f5e4118a

C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

MD5 8e15b605349e149d4385675afff04ebf
SHA1 f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b
SHA256 803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee
SHA512 8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

MD5 cc91fbc5e424154388afbe808de25ff6
SHA1 94e1c35ea3f8d75622ccf6f14a2ad18bfac00e3e
SHA256 ed16b285a19a54cb07262e0ac68608218307fbaaf075c0eac4d5e106d94c6c00
SHA512 9185c81449cf4f81e68fe008ee4889388751f7d70cb550ed52b816bf146bdf1fb105e1da8e7ab2230ca028ee2079d9724fb0a80f8c1682082daa0ab94b130567

C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

MD5 596cb5d019dec2c57cda897287895614
SHA1 6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa
SHA256 e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff
SHA512 8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

MD5 7c8328586cdff4481b7f3d14659150ae
SHA1 b55ffa83c7d4323a08ea5fabf5e1c93666fead5c
SHA256 5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc
SHA512 aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

MD5 4f398982d0c53a7b4d12ae83d5955cce
SHA1 09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc
SHA256 fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2
SHA512 73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

C:\Windows\msagent\chars\Bonzi.acs

MD5 1fd2907e2c74c9a908e2af5f948006b5
SHA1 a390e9133bfd0d55ffda07d4714af538b6d50d3d
SHA256 f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95
SHA512 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

C:\Windows\msagent\chars\Peedy.acs

MD5 49654a47fadfd39414ddc654da7e3879
SHA1 9248c10cef8b54a1d8665dfc6067253b507b73ad
SHA256 b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5
SHA512 fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

MD5 94e0d650dcf3be9ab9ea5f8554bdcb9d
SHA1 21e38207f5dee33152e3a61e64b88d3c5066bf49
SHA256 026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e
SHA512 039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6a061a52de265146621e3547e5fe7132
SHA1 3450ba9c9f4d0a21825b2678c202a7ccbbfb3218
SHA256 ccefe22b3bf7329d47c9a642c8f9de14786fdfbf9c1894ea196de571752effe7
SHA512 859c6d0e6233ae58e2d480b5d61b390c5a36fe426978c464ce72f08a20ebc093d8fde1697caa1077822bef0183ea66b6d1b0f6d23ec9ece34b2f88862988a2c1

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg

MD5 108fd5475c19f16c28068f67fc80f305
SHA1 4e1980ba338133a6fadd5fda4ffe6d4e8a039033
SHA256 03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b
SHA512 98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg

MD5 e8f52918072e96bb5f4c573dbb76d74f
SHA1 ba0a89ed469de5e36bd4576591ee94db2c7f8909
SHA256 473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82
SHA512 d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp

MD5 b3b7f6b0fb38fc4aa08f0559e42305a2
SHA1 a66542f84ece3b2481c43cd4c08484dc32688eaf
SHA256 7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b
SHA512 0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

MD5 8a30bd00d45a659e6e393915e5aef701
SHA1 b00c31de44328dd71a70f0c8e123b56934edc755
SHA256 1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a
SHA512 daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

MD5 73feeab1c303db39cbe35672ae049911
SHA1 c14ce70e1b3530811a8c363d246eb43fc77b656c
SHA256 88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8
SHA512 73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

MD5 93f3ed21ad49fd54f249d0d536981a88
SHA1 ffca7f3846e538be9c6da1e871724dd935755542
SHA256 5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc
SHA512 7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

C:\Program Files (x86)\BonziBuddy432\Uninstall.exe

MD5 068ace391e3c5399b26cb9edfa9af12f
SHA1 568482d214acf16e2f5522662b7b813679dcd4c7
SHA256 2288f4f42373affffbaa63ce2fda9bb071fd7f14dbcd04f52d3af3a219b03485
SHA512 0ba89fcdbb418ea6742eeb698f655206ed3b84c41ca53d49c06d30baed13ac4dfdb4662b53c05a28db0a2335aa4bc588635b3b205cfc36d8a55edfc720ac4b03

C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx

MD5 3d225d8435666c14addf17c14806c355
SHA1 262a951a98dd9429558ed35f423babe1a6cce094
SHA256 2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877
SHA512 391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx

MD5 66551c972574f86087032467aa6febb4
SHA1 5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9
SHA256 9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b
SHA512 35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

C:\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe

MD5 c3b0a56e48bad8763e93653902fc7ccb
SHA1 d7048dcf310a293eae23932d4e865c44f6817a45
SHA256 821a16b65f68e745492419ea694f363926669ac16f6b470ed59fe5a3f1856fcb
SHA512 ae35f88623418e4c9645b545ec9e8837e54d879641658996ca21546f384e3e1f90dae992768309ac0bd2aae90e1043663931d2ef64ac541977af889ee72e721a

C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX

MD5 12c2755d14b2e51a4bb5cbdfc22ecb11
SHA1 33f0f5962dbe0e518fe101fa985158d760f01df1
SHA256 3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf
SHA512 4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

C:\Program Files (x86)\BonziBuddy432\MSINET.OCX

MD5 7bec181a21753498b6bd001c42a42722
SHA1 3249f233657dc66632c0539c47895bfcee5770cc
SHA256 73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31
SHA512 d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx

MD5 48c35ed0a09855b29d43f11485f8423b
SHA1 46716282cc5e0f66cb96057e165fa4d8d60fbae2
SHA256 7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008
SHA512 779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX

MD5 9484c04258830aa3c2f2a70eb041414c
SHA1 b242a4fb0e9dcf14cb51dc36027baff9a79cb823
SHA256 bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5
SHA512 9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX

MD5 ce9216b52ded7e6fc63a50584b55a9b3
SHA1 27bb8882b228725e2a3793b4b4da3e154d6bb2ea
SHA256 8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13
SHA512 444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX

MD5 97ffaf46f04982c4bdb8464397ba2a23
SHA1 f32e89d9651fd6e3af4844fd7616a7f263dc5510
SHA256 5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1
SHA512 8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx

MD5 7303efb737685169328287a7e9449ab7
SHA1 47bfe724a9f71d40b5e56811ec2c688c944f3ce7
SHA256 596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be
SHA512 e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

C:\Program Files (x86)\BonziBuddy432\Regicon.ocx

MD5 32ff40a65ab92beb59102b5eaa083907
SHA1 af2824feb55fb10ec14ebd604809a0d424d49442
SHA256 07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42
SHA512 2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat

MD5 4877f2ce2833f1356ae3b534fce1b5e3
SHA1 7365c9ef5997324b73b1ff0ea67375a328a9646a
SHA256 8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff
SHA512 dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE

MD5 66996a076065ebdcdac85ff9637ceae0
SHA1 4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce
SHA256 16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa
SHA512 e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c

C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe

MD5 3f8f18c9c732151dcdd8e1d8fe655896
SHA1 222cc49201aa06313d4d35a62c5d494af49d1a56
SHA256 709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331
SHA512 398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

MD5 81e5c8596a7e4e98117f5c5143293020
SHA1 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA256 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA512 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

MD5 0a250bb34cfa851e3dd1804251c93f25
SHA1 c10e47a593c37dbb7226f65ad490ff65d9c73a34
SHA256 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae
SHA512 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

MD5 e7cd26405293ee866fefdd715fc8b5e5
SHA1 6326412d0ea86add8355c76f09dfc5e7942f9c11
SHA256 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255
SHA512 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

MD5 497fd4a8f5c4fcdaaac1f761a92a366a
SHA1 81617006e93f8a171b2c47581c1d67fac463dc93
SHA256 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a
SHA512 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

MD5 c3e8aeabd1b692a9a6c5246f8dcaa7c9
SHA1 4567ea5044a3cef9cb803210a70866d83535ed31
SHA256 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e
SHA512 f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

MD5 80d09149ca264c93e7d810aac6411d1d
SHA1 96e8ddc1d257097991f9cc9aaf38c77add3d6118
SHA256 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42
SHA512 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

MD5 1587bf2e99abeeae856f33bf98d3512e
SHA1 aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9
SHA256 c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0
SHA512 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

MD5 ed98e67fa8cc190aad0757cd620e6b77
SHA1 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d
SHA256 e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d
SHA512 ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

memory/2772-2504-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

MD5 7210d5407a2d2f52e851604666403024
SHA1 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA512 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

MD5 e4a499b9e1fe33991dbcfb4e926c8821
SHA1 951d4750b05ea6a63951a7667566467d01cb2d42
SHA256 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512 a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

MD5 4be7661c89897eaa9b28dae290c3922f
SHA1 4c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256 e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA512 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

MD5 237e13b95ab37d0141cf0bc585b8db94
SHA1 102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256 d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA512 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

MD5 7c5aefb11e797129c9e90f279fbdf71b
SHA1 cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512 df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

MD5 316999655fef30c52c3854751c663996
SHA1 a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256 ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA512 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

MD5 f1656b80eaae5e5201dcbfbcd3523691
SHA1 6f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA256 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512 e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

MD5 0cbf0f4c9e54d12d34cd1a772ba799e1
SHA1 40e55eb54394d17d2d11ca0089b84e97c19634a7
SHA256 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512 bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

MD5 466d35e6a22924dd846a043bc7dd94b8
SHA1 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256 e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA512 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

MD5 b127d9187c6dbb1b948053c7c9a6811f
SHA1 b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256 bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA512 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

MD5 b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1 d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA256 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA512 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

MD5 9fafb9d0591f2be4c2a846f63d82d301
SHA1 1df97aa4f3722b6695eac457e207a76a6b7457be
SHA256 e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512 ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

MD5 48c00a7493b28139cbf197ccc8d1f9ed
SHA1 a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512 c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

MD5 4fbbaac42cf2ecb83543f262973d07c0
SHA1 ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA256 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA512 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

MD5 5c91bf20fe3594b81052d131db798575
SHA1 eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256 e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512 face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

MD5 a334bbf5f5a19b3bdb5b7f1703363981
SHA1 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256 c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA512 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

memory/2772-2717-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c534adaf5a6528c653462d7898af6981
SHA1 18537985b350067467e1d2536b54df89a4fea611
SHA256 a9e6898b5e2f69100ab71f1a9067191546b2898244ebb86125d4a1886c76a4d4
SHA512 88818f8c4b60581fadf5a07c69e302748d8eede0eb517b4cde3fc9c33c9ecefbc8304a5e65e3f94c3e68c4a3d851c0aa3db0f8a7d191f2e59e824826414cf8d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 986713d4846ac531336758825616b177
SHA1 5268eca0f664d91ffe95630e790c692baf8f833a
SHA256 2669a72435c2692fc02dbbe51ac37ee40cda87be8f361b7b998fbda95bb787ae
SHA512 5796e667d104b32d6da5c3c9158d7bfeb5239b375d52f3cd07412718f08dbf19437e926ac014326be138104a4ca3d38e302f6d8d4fd11231be06dba4496b10c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 e2214a0d6a305f1011d97eeb563f7b0e
SHA1 75f4842ed7c0505c641680eb2bee52c52eb4a8e6
SHA256 f02b2b28a386647ac01782bd8b616010fd4000fcbc0accdc1d916769fd201700
SHA512 866204d2d7269bbf2e09bc48dcff23bebdcc52a6ec0c1cd14b9b213980666fdef27e9baa01bfb81d3558ece3ed5ce6a504fb93c60f4fc70f06e28278ef8852ca

C:\Windows\Temp\MBInstallTemp5b5f67e7f51d11ee8bad725ee6097495\7z.dll

MD5 a144e24209683e3cba6e29dab5764162
SHA1 ab2112cce717bec8f5667721a072d790484095ec
SHA256 b2ff9dbf90cbd0c45cd7d95ce4892377ec7e92970e05f2e56b0ce93861190348
SHA512 2c823981b53b7eb7c1b726468d3b28c234c7e555aab35e759e88d38658566d267a20867f1cb18d96c830e7d53643629a9fa313eecee8b553703086fbb64cc984

C:\Windows\Temp\MBInstallTemp5b5f67e7f51d11ee8bad725ee6097495\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll

MD5 3143ffcfcc9818e0cd47cb9a980d2169
SHA1 72f1932fda377d3d71cb10f314fd946fab2ea77a
SHA256 b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7
SHA512 904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b

C:\Windows\Temp\MBInstallTemp5b5f67e7f51d11ee8bad725ee6097495\servicepkg\MBAMService.exe

MD5 b9251f9808c8ade391e452f12f87e20d
SHA1 954410042b92a87cd9383995b52f76f5148da386
SHA256 21e69db89f7e409e000ba45a020f24fa99903b7a1cfb1fe998f1c5815bccda04
SHA512 142e93c83748dbe7e978bba3f82677e7e69ae02b25b196647644dc964e1b1d63cfd967729765a9e90261226026483d5c29b29d6df5b2e924a2fce9ef673c671a

C:\Windows\Temp\MBInstallTemp5b5f67e7f51d11ee8bad725ee6097495\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json

MD5 d94cf983fba9ab1bb8a6cb3ad4a48f50
SHA1 04855d8b7a76b7ec74633043ef9986d4500ca63c
SHA256 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a
SHA512 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

C:\Windows\Temp\MBInstallTemp5b5f67e7f51d11ee8bad725ee6097495\dbclspkg\MBAMCoreV5.dll

MD5 b2763acfd7ac2ce596a4f3a930dd2a3f
SHA1 ac18df54e4b64268e93b6e0af650d6cd8fe60274
SHA256 3b8fdecc7155bbb62b1d76aa30f06bf079924bc794cf700f5d51ade13444d049
SHA512 40b9f4bd1dc10034a5b18d3c0d2447a98aa6e4655d5d43b22aae83720e9eda8f818cf7febc0e8d0cd3b3f051805407a6112b66eb4fddd49ae2ca882a1aaa57b3

C:\Windows\Temp\MBInstallTemp5b5f67e7f51d11ee8bad725ee6097495\servicepkg\mbamelam.inf

MD5 c481ad4dd1d91860335787aa61177932
SHA1 81633414c5bf5832a8584fb0740bc09596b9b66d
SHA256 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3
SHA512 d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

C:\Windows\Temp\MBInstallTemp5b5f67e7f51d11ee8bad725ee6097495\servicepkg\mbamelam.cat

MD5 60608328775d6acf03eaab38407e5b7c
SHA1 9f63644893517286753f63ad6d01bc8bfacf79b1
SHA256 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59
SHA512 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

C:\Windows\Temp\MBInstallTemp5b5f67e7f51d11ee8bad725ee6097495\servicepkg\mbamelam.sys

MD5 9e77c51e14fa9a323ee1635dc74ecc07
SHA1 a78bde0bd73260ce7af9cdc441af9db54d1637c2
SHA256 b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0
SHA512 a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat

MD5 35789c7ad83c065167201f3824b71a39
SHA1 1c7a9b3214d58cb93ed2bc856431083df2b6d674
SHA256 e02d0bf83e0533a612afab6bef6e564da94d0f9d2f7a5379f65e563399c08aae
SHA512 86af0b7da8a43781ae8fa98d085ce4bc4c3a8240a99578963f1bbd87b0655523e48e9e374b5cd68eecc70328628ae08c237969afd7aef4d60fc08a0d22dd8167

C:\Program Files (x86)\BonziBuddy432\Reg.nbd

MD5 a8ed45f8bfdc5303b7b52ae2cce03a14
SHA1 fb9bee69ef99797ac15ba4d8a57988754f2c0c6b
SHA256 375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b
SHA512 37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

MD5 dc6a044a9e5fb7369f943ebbf74f6baf
SHA1 9160e7b61f87c01e58e90dc576fa65123b28a230
SHA256 50038cde020982ce4a391e673a40cdc770940d41a52b44bce3e67f8b3a619bf4
SHA512 fd2a6c524943df077bcfcfa095aa8b52d9113b06f4d36edb4b45678d4ce4ad8ba1ae53dc9509ca19cdb150cdffff443d7cc57948c61f3209b4eef2d536d7b9b1

C:\Windows\Temp\MBInstallTemp5b5f67e7f51d11ee8bad725ee6097495\ctlrpkg\mbae64.sys

MD5 95515708f41a7e283d6725506f56f6f2
SHA1 9afc20a19db3d2a75b6915d8d9af602c5218735e
SHA256 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6
SHA512 d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

C:\Program Files\Malwarebytes\Anti-Malware\version.dat

MD5 814aeae03577c3ed6076b7bb5c87fb43
SHA1 c2381eeb04f69cf4fbfb184a4ea8739a53f475ec
SHA256 168ab218da1dd0adeb95dd72228da6f52cf0cbd0171a9bc83ac7f40b4a658732
SHA512 527a3be928f188e12730b80e42e42163da05ad86591f86f6b1cf013ad679d63a06e83c694285d680978affffd17b210fbe17aa8d9426ed9cccebcb817c4d1b3a

C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

MD5 f0ad6e929d078685cb345532878d29ef
SHA1 fb489dc585e484cc33749dbcaaace62e0e8e2928
SHA256 4741b51b6bb850a6481438201c8c7ea179b289fa0aa90cc187485fe30f5d8284
SHA512 8dedab4f296e904c12f1d97e1a4ff54535d356b3d250195941e9e40ae3c43da212da93457fe598b5f2aec98762b5a59a39e86bad6bd810c51c96dbc3e010053b

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 6a471800424f5858895bee6a78ce5b43
SHA1 f8853f54171bd4b6c47296a76fc6f4917c34c8ff
SHA256 0f8041858b3e1df6842f31a79ca01f8e91ebfdae222b45140a10b0dcee918c98
SHA512 2c6a3037960058c7f3ae768263e50fc322f7e191e961a5e62e6ef0f6d258af19e305402d0446a49405c6cd02b08613c3f8d9c913461cc335fb34a86d48afa5bb

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

MD5 46f875f1fe3d6063b390e3a170c90e50
SHA1 62b901749a6e3964040f9af5ddb9a684936f6c30
SHA256 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec
SHA512 fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557

C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf

MD5 5d1917024b228efbeab3c696e663873e
SHA1 cec5e88c2481d323ec366c18024d61a117f01b21
SHA256 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8
SHA512 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a

C:\Windows\System32\DriverStore\Temp\{e757ab25-ebc4-1a40-8500-65488f18d5fc}\mbtun.cat

MD5 8abff1fbf08d70c1681a9b20384dbbf9
SHA1 c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6
SHA256 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658
SHA512 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f

C:\Windows\System32\DriverStore\Temp\{e757ab25-ebc4-1a40-8500-65488f18d5fc}\mbtun.sys

MD5 83d4fba999eb8b34047c38fabef60243
SHA1 25731b57e9968282610f337bc6d769aa26af4938
SHA256 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c
SHA512 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 2effe5bc0e9a84a2d68c062315cee955
SHA1 112d298ed66c1265ebe4a8fa07a47623535efa69
SHA256 2563f536f92e5474f39af8b0329e7b0af496948dc9dacb70934a9ac845105fa3
SHA512 757a692e5feb602062e9cd08d872bdfef7be07e17fb02e8056836cd00b0941539a5012c86cad31a0543fea155d2f50bf2257f56e4849e254ddcad6898ba97807

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 1d1ede40dd5178bab513bea7dc1f5211
SHA1 78a93b3524d918636d4d61870d471b9d0dc1fdf4
SHA256 31733f3feb0250c08d58c654116276f150df3250b937cc4a9608254e1dd5afe3
SHA512 7361488cecea8403d129e960fbbfb71bf7a9e29ec8a56333f1d6f5bf40ef14c01ed97cb73c43ae3adcbe6d85445038d1ff99ae2b7174af2b09490516a09fd304

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 658a8dce31f37bb8310d23599c38d53c
SHA1 058aa016bbfe638977309c0bb9315990ba0ca652
SHA256 42b573673aa8789b13a8300e525a9b6168f324b3a73ab367397950b4bf3b5b94
SHA512 b1c7c15f82e9a835abb1fa328837f48b876a10f67c3b39c272e861428240b7687668d90c617897b6fa5cff0cdb54916ec89381439f9b9fd3387952da7bba0aeb

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 133356a73ce016d0851ac85f96054db3
SHA1 14de57e8aff1c29ffbe0ad33d8dba4bf6acd6cc1
SHA256 2217b531ed59bcfe6b5e84a074e0abd76db92c6cf7813d982545e12a12c10cd7
SHA512 0163080d1b58c7d225e42469bf64eef7c3588e15f8b69e8186a06c6cd999933d6cd023d2bf698f8170b2660d4432530f193961d3f25830c188b1a73e374b2626

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 6ff6208cfd9f7a8bb795d49186c3009b
SHA1 d063a9667d2fb88050adc194965961685922e4be
SHA256 91e9f63d8b8034305f9d8ebd0cab06d263f06a83ba99441d303feaf01358564d
SHA512 bd51a704669a979290602032045c8ff33d090ce6886d7f0352da3059fbffc5ade7de9e214de012d15a43e8517d8ad7a08488ccba1e44bc7007eed8c77dafd932

C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat

MD5 bff7540ea1f1cf8f2e8a5003c3775cc7
SHA1 95fb285a3a32fc888617208437449a5df36a254b
SHA256 1b7257ce4aaf6739e0f9e77ffc4b58857fe7e85a6a1af7537e650fc6d8356ee8
SHA512 820d2f069d760acd3c115ff68e87e17d8a5ba704fbf9c3450bfc508692f26a994e57cb255500970752f494181ba4f404776facdab9d9d5c0f383fbd4879d8eff

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 0658af9acb20295a44dd0e5452aab509
SHA1 55ef495ac6c3eb89043d32e0292fb99f244623f0
SHA256 0b61bce941b13b5253bf5c93c7fd9c3e61f4e8acb2dcdfdc440184545b5d55e1
SHA512 1440b9830b00a946041876346fd92472ee0b4bc270ea5234bd378ad5001ad614d30a99f9e35352cdb5f2f22f965c10da55e5cda156f67f54adde6e196601ec30

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 90d9c0226a24fdc1f6a4ef5c25a3117e
SHA1 1afb56a0292d06c50f423207e4dc0cc2393fbffa
SHA256 1274187106f2e3d9e5253e03590af6f94b54a837baa9be5f667be348a16225bf
SHA512 08280dc130cbec56cf30cbfb0d8f314874a18ee7eaeb97c216bf1ca6581287e671bff18350b6085b47536995dd4c9838ebffcb39252347b9c63472f0807d5497

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb

MD5 546d9e30eadad8b22f5b3ffa875144bf
SHA1 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d
SHA256 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f
SHA512 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb

MD5 2f7423ca7c6a0f1339980f3c8c7de9f8
SHA1 102c77faa28885354cfe6725d987bc23bc7108ba
SHA256 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55
SHA512 e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

MD5 29e9c297980f2806cc4a5493a823a47d
SHA1 76edaf600bad855d33b3e51393895b3e94781168
SHA256 2a64c59d40f3d336ca3f40833404e001012813e36438bc9a6d71b334962899f5
SHA512 cbca76e58bf74bcf4b7bd0007e7750207dde24225390518fc05e97a2c37189eef1ace6f0c7f0ad742b505d6301e983d828910bb64b996a86e4aea05f08ec411c

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb

MD5 a52fbd685c9b6d643da11a716ebed7ab
SHA1 cf932580a1cfee83045b34c3c096f732a7b20267
SHA256 96c4fd7cf3ae96300850056e06c7c32fc381c3b62031bd8fc7eff6a3b800a3ad
SHA512 78794d26deaaae895e98e297499d1ffcbfff3a2ef595e9c23f2d6c5ee8f98848d268561d57e989f5e309ef2b0595cb74b69f4d367370f96e47ba645d89b477a4

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb

MD5 659a49b041abefa71148118ae4926041
SHA1 e6dd0abde5f40af9faa06e4c7af61f7fd9ac14c3
SHA256 f55755be891c737bcdd380082467457f2e37ef1d10053da591ae29d3417bcb49
SHA512 a0f39c19fa5a0a1e7c9a7e30b1b9a95490fa7be6ea4dde9534b2f14673481ae2b00163d2d561423699b75084eabca7685c6e80599a7d8c295a66a0736bb8ab2e

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb

MD5 172f770b007d0ffb429a27d3dc72a529
SHA1 3f11e112adf4aeb46e6166761a553d56ec6f40a5
SHA256 77b40dd839aee7c9ffbfb484b0c8b9c736058326a1042ffa7745635853143bcb
SHA512 90935ba4e71a4985cb04702f48f41b47458c7d4f71ea13604e5e08304d17ef5acdbaf1edabab61860e6de3b3de06a177f7158405186780c435147881e0bce8ed

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

MD5 20989ce951c4c4ce5109e0c8cffa3d84
SHA1 5ff04c3bb0abb1641b1c802422160b24e30b1cac
SHA256 33887a0de88fca95c87b61bb2e1b12dcd2be35c3cdd3524b9a4346626016ea04
SHA512 6b45afe6b7b9f78bd4fd9f5564829c248915c4841c8162905687d9a3c322d335c4330f9f0ca375b78e801746c1b8044e12490184f198f6dd65a390aa7182b40a

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt

MD5 aef4eca7ee01bb1a146751c4d0510d2d
SHA1 5cf2273da41147126e5e1eabd3182f19304eea25
SHA256 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f
SHA512 d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

MD5 20d70c6e04dbf14c01ab2d756e97854f
SHA1 f172c8b8c0e87d2a9ab064513dce004d16d03e0d
SHA256 c4002339b58bc493ae3540bafe1b2ca0a70bba0f853e29f60e0f6a1680fa9a24
SHA512 13e073cd4b3d53c6d9fdda671a55962266b5c0a18abcb5774092c35f0d0bf2c5d0d9802d8955d32cceb166821634bfc067dac7809c9ade143cf3a3b497743b36

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

MD5 746df014f6869285e5545505d5fec062
SHA1 52d5f0232b78c0d8746a29e75f80a2b436f38b69
SHA256 22047c6efd6906c64ebb45bf08632220aa82c03d1fe21b79502b0cb7b67b32c2
SHA512 58e7a0051cff72168ec56072339b2a4961a9bc12600a6fe4dd3c01f0aa8b7d22e3d79d72c7ee9a622508e4052eb7c82d047063659c23b34bf93eff7124619848

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

MD5 bbb352dbbf17f6fc29cd86bc1d80a417
SHA1 1c83c920ae75d0f6e8634804e508e9156f565148
SHA256 73df768292a90e52fcbc5dedc51f8091083fb6042f4413d69afeace1cb0ba509
SHA512 12242406306d9808afb3c9d9d590867f4d116a765d0ec761436b4e272ce456b0b72a5687856d1b6672980faf4246721d297b0520821d5fcb81d7eaa86775ee5f

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

MD5 a3fe79081a59d493c01b5c1139babdc9
SHA1 1505cb4053bcd9b55c40227ad6b62a2457cebbdf
SHA256 60c8c024ff020f04fcccec10ee78872bb1e6985463d6370c6af095761d88b860
SHA512 22310a585edb36050ff20356cd9eb5129cdae3ffea2ccd7a54d9652dbd336d7f402ed119dc59ae3250b93bad40e75983184256c0bb239cff049bbb983f487bdc

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat

MD5 10f23e7c8c791b91c86cd966d67b7bc7
SHA1 3f596093b2bc33f7a2554818f8e41adbbd101961
SHA256 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc
SHA512 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat

MD5 78ede02676d871ec73599c55ea80c79f
SHA1 a636c6f0939cda4c5b9a4e7f9982521fcc63828e
SHA256 c6e7f7bcab28b90824c69df66818c2c2950eebab70f85657555c2c9e86947d08
SHA512 c4f1aaf568266505326df395e7ef36dfa421f4bb1d26fabb61f603a7acc8d60e406f23383501a3d505682de725299265a7c568cfabe796b3c7de2df5be0696a8

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat

MD5 06391ac89596da208d835f3478c5362a
SHA1 ed8cc5ca9aa6ca1f310e66b0938288cdeac73bdd
SHA256 b6cf2fcd95c8ed86419199141d774b4f5b8e27f1b90496beeebb754982381018
SHA512 b6d0c7671a4f1434b95b6d8d00a75de78c8c24a767a798fc78d2bbc38ad249434e7a9bcb80dab36d5d7a3bbf5afd747e3fdb6836e64865eac91816e13e4a753c

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin

MD5 f3b1db948ee06dc934694baf8c3f7ceb
SHA1 99afacf2f17f5d22dc52eea2ead30800ea3d4605
SHA256 2c72ca60b226fbe08eafbca219d734d3fee370f633d1c5687a99d9f15470cfd3
SHA512 1d1d5a013b260ed187e5cb72d0c7ef7f3f1649a1ea3e79ba5fcdd6d2875faed329650cd332771d0dde568c3cfa8fdfd9b966383197f65624fff693b1307e256d

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm

MD5 69158798b44af49a8cf66a5d7c37e5de
SHA1 42c72d401b0df6b2582f155684ee45ea90ae1a2b
SHA256 f6b5bc6ea26610d4f8f43aa4ad4f6f9b8194b0b6288292f44fd25c53c542cf70
SHA512 d66609ef92fadfed249ee6fd4e907fddb74f13c663686e65ae9b143b4c2a923b451ce8cd470d9523e901d60aa5a6dc9fb7b33cb76bb04a7425ca43e397ae17fe

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

MD5 5227e6f7ee014de1869c313bd81a6752
SHA1 116cd0171ec7630b8cdf061322e7e8e9643201f5
SHA256 6209d18592c7dd2fe5e2c8925fd0da5b0446ca2f86729394b371c7db17939a83
SHA512 bfd6d92df3994cff4f2912849f11bb8d9b1179cd9845d2f99a7314fea4fa39589661927f20ea2d7e0cee157d36c2dacd6a0907bfc69d7e9f6da5f24802b3ceed

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 2ee7cf288e2a52af67ae55cc1cafd32c
SHA1 5ad6b8dfa484f815506ddc36844ca119677bb192
SHA256 7c63dd4e1ed69a8999db8ce8f5505f5b7373bc34c746f5110490f809d0aba2ee
SHA512 d78ffa56e877a8fba4921e5cdcdc9a2dbed14fa6830bfd1f8a9e2d1feb71918bf19e06ae12d95784409c2125436b8a2d66cd5641ec20d38a28919ca271e74552

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 81a6a68a541fe8217a3f5eb9b3b2ba62
SHA1 c67e5c93dd913d846c894d76427984716b4555c9
SHA256 eddbaf3a888c57aa008e7fe691b92e329d92e5b78000041d373278c6db9dfb36
SHA512 0c78951bdc3f3582ea9af8774b8878c1c535b83c9463f2e942d0463e98f3387b20f4ebba270a4343b244fd533e3730d981fa172c7910f7bd6dfc8bd3cdb2b132

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 4ea6a5918dfdf6ebc9b901fde5d6fa63
SHA1 e3e1fd6151cfd241f42d04fd79c6ad7f015f73d1
SHA256 6e59aabd35022cca4af3a9f8995996c5aad77b2d9239e02d9278e0ae98303ddd
SHA512 b26ad2fe4d65e38c7fae7b44e083639036b8b1bfc511689f3b91d5faeae4376d68dae8d508ecd7b72b477de39db21d7db0d0bc77a2b84deabbdd5e84ae1a4193

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 0748282bd38ae1aad2dfa766a52d253b
SHA1 13b4ce2d74747bc1f7f52f179f3df238d7a4b70e
SHA256 b3ac314474caa7ac892be904d346e0f8bf0904c4ee07dd99ff3f7e60106d6c4b
SHA512 f66802a8c6e11495d84579269a24af4a5189abcdf2aaf4148986a38d8071e2209970068ff16cdc5aafbabe2d49da6e5a763c915989ddcf42f6ef4d6a7fc79773

C:\Windows\System32\drivers\mbamswissarmy.sys

MD5 4b2cc2d3ebf42659ea5e6e63584e1b76
SHA1 0042da8151f2e10a31ecceb60795eb428316e820
SHA256 3db4366ccb9d94062388000926c060e2524c7d3ee4b6b7c7cf06f909f747fc6c
SHA512 804d64d346b3dbb1ce3095a5d0fa7acc5da0bf832c458e557dac486559fe53144f15f08c444fea84a01471fd5981e68801a809b143c56b5b63e3e16de9db0d98

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 daecd6d877cc391c70506a0f3953f4a8
SHA1 f8990ae8333df31c522162fd5e20bec9098669d9
SHA256 1d6c3404977a5b317702a326ee2094f86e8e035e3a515b0011248bb911a0e04f
SHA512 010545545e7278e6011725b13fa040e2f484c985297559f163c2456c482a412618cba482a038b767c6506fa6c69bb0f50b7ae712b182c957562bfa34bc028359

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 88e751fe757508a3c56ed3ea15f35198
SHA1 7cccb13007675a4ae38aafc8feac547cf25f1173
SHA256 934d61d8c49e2b5009cfa7b5c3765f12c2cdb5b7da78f7870fb1d29e4f37c502
SHA512 26c60c34f385015aaa738b899deeb6dc23c38205cfc2c2e4bad6b8c406d33d2fea592c1b0fbd4a4f321940baaedd0ba8849de6bd9e7a3523a41a7bd0c6048161

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 8bde3d4ad74440653d195da4a53609dd
SHA1 1157b2d9393318f5353ac7171a89346d263deb03
SHA256 77303f13248b45842d26c504232c5604537c6ed8a638000f00f898d174754f5f
SHA512 bd7d476c76c56244b834102c487ae03a9e58fc8622102a63fd00e7e6c8ae30fea18e41bf8daea246e840e9a1f9cf6604a6cb9c54f2c697b9ee5748d653269129

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 90a267e029d37c7c4ce2410c6f51fd82
SHA1 095dfc79681a32a545657c3336f6941c102cf161
SHA256 d40f19de617f22c421a5927dce9d33f66d09701a3ae226665b736253b322429b
SHA512 ea35f902fd5c06e5e2321c67729721976b121bfa6289eb6960bca257a32e6ae2c33030ce38507b8f648e374c6e983cc3bcd7c1c9ccfb937e1ea0580e9f4a6650

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 6f7166fc896a5a988002ee27514f7008
SHA1 b1c8d91cbb16e693d3131c2699a6bfc0277dae04
SHA256 e99d77a31b067584be44dcb79a985519ae8f16f2c3a950e459275d18ab5ad671
SHA512 dd578f412aa1d86a00afcb75780ee27c904dedb9c42b845c217ba04e11d2e53d18e023cbe6c6398e9dbfcd13ef6b06150bac0a93bcc56682fe0835d15db77499

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 0030506fa83c5379381177abf6211038
SHA1 653c283c90a2e41736bd2f66afb86790e8d45397
SHA256 99c41cf5c30312d27cceda17018518749af925c9537ca46354e68f1a73051e84
SHA512 495e5c9ed40f4747ddf051f93777125785407512d0cbb79ce3b66e9a739608b8e3bdd7cb37b4e13e482dae67494fe9eb36237024c368a6ff607b388e79db3aca

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 679abb3428604eee09e26367e161b09f
SHA1 3ca3b1dfa4a513f590fd7aa9d92463c28d69c4de
SHA256 65673f282caafceb444a6a551101076d0329a34982a2c60a93d322f398923bc0
SHA512 28eeec5a48ba2b965d48492e7caed2b355da21ae58bc7e165adb713dec2c7f23f260137175929eb7aa2ced48bbc82b9e551fd5d5e5ac776b2abab2d34d7db82d

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 70f3498d9e1f43a2893b202eade73498
SHA1 aec2c07e4b92b7144e43c8cbd9fdd9de36c6b44a
SHA256 9b674c6fe1933c2562fac81e53c865fda57ea1b167ee9e6e33e4c6581079dfa3
SHA512 ff64feac2e61e35328f74a0aabe90ec178926a6844f7bc38274d05d8d51e1f4a1f795d314c722819f9caac92615534bf4b3648bfa8ec8d26cf56b4312278a3dc

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 88145708ab39f9e1f25baea94835a5c7
SHA1 698079d6cba5998ff4c3361cbf18230e83239265
SHA256 cb686b7b2279fd18db2274cfd06c13e54e867c2922167c051c14938aa29b1be4
SHA512 056fb0d81b64392fb8befeafd4f826be45b3a123c9bb7c6ee7e22d28440c393221f42e039f0b54d9f391605eaddcf2b15c36e73579355a8b438eb7be86f60782

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 7e7e7ef26cbb64b3144cf8473cf275be
SHA1 5207239d56a458e1442dc6891f0be4d21d417c27
SHA256 0d83b34118c8c3727ebb947301e3b921d41ee436c9bef891941122330fc238e9
SHA512 6ca1da26def6780290e3370661aaa0ad570de51c3c11d9c83fc0c24d4ed7c966da41ee743880fccc22b7f34bce9d93d35f8154d54e80c0616bf877335adbdbe2

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 1a183d7ea0d2eb71b9b1b9392b085eba
SHA1 15e6839eaf0a25f37a7af10e2df16bd7b1cf329f
SHA256 2fc2b5dd58ec669062104ddad91d4d3e60ba6ebf418ee8985da60fc14bd77379
SHA512 ef5a33290fb1d8000f2f248a9aa29f35c3e99b6339904a63f986f760e4705432abe040452fc05d3c4133467bf31cab9880f9de2e62ec8a9cc3bbf68e974351fe

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 c7341ca086c9125265e4740379abc626
SHA1 f06edc6b6c0910839955550bdc7e38441eb1d116
SHA256 28e567e6d2c0a3a8b47ddb37dd514e08a3a05ff4e83f0701149f52b47e2f858d
SHA512 2d7219e144c4a20deacae87b9cd37633c28622a1e02821bb9c4c65b20b1577843808aebbd78ceaaea907df9ccd7c9893e81187c8039000adec8cda6270025311

C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json

MD5 1b54aa56e9075c7cbafbb53ac121c30c
SHA1 95f44e222b1baf3fa66d330d14417de12c7a685e
SHA256 47ecf7513994ddd409d16124a3c1b91e96b835583987021ca485f9de0be7498f
SHA512 21f8f635fa7e19441445876664ba6da2167f5a10fcb05d24a39abc2d68e8f603faa31839519a8862a8eb2c56a59051ff4d0ac5ffe7897de8ed00cae90dc19f51

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 1177b91fc6129043ba75c53697ec6445
SHA1 7098e81b1b0a1119711ea2f43392a6b3301f203c
SHA256 4cd0e708d7bfd4210f5c56e0a5189137c980b4dae2069bbd54a81ef5aec36efa
SHA512 8ac3608ca4d9d539392bf6023e361a94da3506755d1b800ca900665458d50a796d97a20bcdf04cbfab771dce11e53bcb5da536b766c3efad6ed34c3fe2de4dc7

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 167ef62fe76cbb7170dcdf0c6944a1fb
SHA1 ee73998c051078c7e646c3bb456dcd9a9c9be073
SHA256 27e6320a309257516c944d15beff5b5d7e2a3fcebe2ded11bd4fc8b3818e45d7
SHA512 67e711ae0199a9f264d936be77c6dd98d5ea438620604c5f1d53a0ac422ea37b99d6b25a5c50d9a8b207bff4b19e7140062fcb6baecc4f2e6e7078519a0fc1bf

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 7d9b1d672b9cf006cfd1b831730fb940
SHA1 93aea7617cfff673c87ab168ac3a353154a3c62e
SHA256 835795772a949ad8de42a2af3311172ef683543572b3ed2781ba9e87641574a7
SHA512 d380d2713a4987fc600a8bc9b0b1b351576ad378665075086922eed67bf0e9126d9fbfc77ff5a13398e6148686981e14ec899342660dd03ce3b6d41cf727a439

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 d60ef8452e475e137bb0f8581752e18b
SHA1 1710b5d0ca1c481ff26da5d97e65c0f393d661e9
SHA256 296591107e020c6100134c4ef3619bf839b9a33027118c741f135ba53cc35fa9
SHA512 05676901057567ab5c6d12a33649bd3fbc4034aeb92e63a8066044c326d2d246bb6066ba82b098d8334eb96b857f5a9db9c9e3131b90d70d0929c1811b2a60a1

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 c0a57280810df3ff00dc71cd22e35919
SHA1 7a3688c601098e5884acb5a63636a59c618b13e0
SHA256 a57f9ba15c4f2e4e295968e837cfcad25f3dbfc7ea35a20d5d3331db511040e8
SHA512 eec29355d36348c8ed9a8cb5d3ec27768b448ecf211bb26d975aaa5e3896fe53567317f3770d033d825499cd3c202b837b9b5bf867e5a591ec3fd316a105ae23

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 039af91aba6cce68a1b3533da254f2eb
SHA1 6489c2e71ad8edb4149ded14f0bb76d6f1f50eb6
SHA256 e31d6d61ba869dbb849a660ce55b94f99fdf9cb88d3d81ee185da8bd9447b2f3
SHA512 c835f135c99316242a00d631df6472c5d26c3818063cb75e8825062d58db87b24f2b59246ac10adf6d6b4af2bcefe98da53c7793b794acd0ae4d0d17b4bddd14

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 e34ba35d6d9c3c13907f138aed4a8412
SHA1 3968e33f3d459b155ba64ee1cbe5c401ea3d96be
SHA256 68030b156b71e6c41fa0bd1a8b15b273513725fd671da4816b661478ad171598
SHA512 32e83692a54d68b925e0dec08061278cb978b589bd32212142a052d0358dbf80f1d88d18c3fd675515510f98c5e6361a24af98eb4e1624c4867b223367363707

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 995b205e4fcf882f5fb6437d71583c7f
SHA1 3e26b98d5fc0fac087929bf3099a15527b1136be
SHA256 a4fb5d1f8a2f3ee066d78c7fae6b75a9c2535c0d984266bf52a8607efe0f5e94
SHA512 c58a5fd0f688dc0d32b3dcfc0fbd160fa4c443b454d71cdf7de57e312c60126b4c9dff085a6fc717b7581d221056c8b33b86b5c7b384c71bbf06ddd6ef7a9bec

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf

MD5 5a9717e1385703e8f06b27aa10a69e87
SHA1 84ee67a9167b5eb6560711b9871de98898ad07a5
SHA256 47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4
SHA512 dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys

MD5 262ccb223392f18adb4b4c846905c4da
SHA1 63403407fbe1712a4bfad0a74efabeba297325ca
SHA256 5d2004603e3b392693a1e74926a36a2ab3573c6790b00ddb14564c8affbd4f4f
SHA512 68b2684b9f0a2e5e33b76e43ac4b25b8e7d3dc3d678fc3c90d70ec5ee65ebdd884d838950fb4bc5145ff927e25796d2e6e97ee6bf365ed4f66ac7f7ba8f63b33

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 c8097fc1a254c209398929dc5110726f
SHA1 7dfcad0153f6c21aaf386459fa952d5e4d22842a
SHA256 e6c68c20dd5a4c3f81cac62ebe96263b937f7facce6365a1686e04bd8529471a
SHA512 a4a7b51722cf253074f3e47ba1a009d07578d18dde30493ddb1d14105858b3846f84d55a5b8a36e5fefa43380d95b76266078160dc2269fe771c7d9fceace23c

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.sys

MD5 5fe1668fe04528205fbb9af0c16b7234
SHA1 551929c948158f6f47556f2eeabc5a7415fab5ee
SHA256 c05ea9a6ca840acafe6751b3f0a4f4f4156980bbb7950e89fe491082e5709d45
SHA512 66777c2033737d925e1967b2db97adf20537729f4f6cfb880bebb627922543d179c8ca080a9d46760def4250def3fd4e05e03807faa642561727203c2e5f07b7

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 1146ebd9d81a2c9cf780d1b22b14490f
SHA1 a93a566357cad31ea264ec805c8f97e7c1bfc9d0
SHA256 1000ee62a709012881b4b962f45d2ced7af9bee0740e5f9d2c94ac5f77308423
SHA512 803f1787420ccc6f3a3248bb2676215f34f0019e10e52bb160906537123151fccd129702a929b64f7a23ce5c1f69074a438acb6a67b938d51a9d05573a368f3f

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 3e1bb855e4a0f5dd027d73d27dab305b
SHA1 7b1e9475e982508d9557b042d04986910f6f7e39
SHA256 19d7754b14693ba887b3918627b1744dff19071a0291150b7692300d7892667d
SHA512 42112e2849d4157fbd537b0aba5338e683bd04e91d60af23915d0e663c1471132312ea9e546afa619f29635b9582f23b167cc82543ed24d0c9a9b3ac7ba9e13b

C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe

MD5 eaac9032a5151ea0d7b74ae4bab32b35
SHA1 f2c1f886868f6b9f78aeda8cf95df5051239c1ef
SHA256 807379fdd7315c29bc1e96ed224285ac5ae0226bdfa5318642eaed6bb0ca3191
SHA512 91fc6c387ee270372c401aa27aa399c5f6091dbcf1e94058c88e5edb473a7876c9de632cff5a4d6479a2a9bdcfb499c8ac6cdd3bd954b04db89685ccde0661db

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 348496b5fafce0b458abfae8c18db55d
SHA1 8fe57d8fc2396625f0733d57b78c9d9433c18878
SHA256 eaec19d7669861244be04a4a46f30ca250fe052fb1bfe48e1482f43e35dd63bc
SHA512 436d3b294632e93a9eb8646f549a99d9675e795f1955f976b7e409ef8748bf2be4ee7a99c8419c87046ffa80fa714e19900753138cb917af306290975546fe07

memory/5340-6886-0x00000152FC170000-0x00000152FC7E6000-memory.dmp

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.inf

MD5 711bd19edced87c3777b0b6a5a32bbf8
SHA1 9ddf9ff2ee2018c6e7830936c325e699728f7d4b
SHA256 84c4f8147bfcf02981da93b52fe4204251657305a1839bf3a19f61be4d13d37b
SHA512 e0cef3fc1377785f934f6b3f68409505cb54ca7bdd3df501d6d6e5671323a4d219a177f6fa3c58ba76675f1c297b64e5fb5612eddc73aa40ed87cc6e1b18cc63

memory/6568-6913-0x00007FFB28D50000-0x00007FFB2924E000-memory.dmp

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.cat

MD5 bc4771fc4e22da9aa7418daeca4a6841
SHA1 761590ad42a64e198869e028aaecf3aeaa1e86a3
SHA256 1935f614a9b386845b17a7ffcfdeae4df873efdc8fea791e03a0518db21c0984
SHA512 520cd4c883b8959bf0e936fe8ce0fa0e238922db18b63d4d54b69f79ef831778f7a61c57ecbd6a2a74989ddd49803a41c7aa1c40f702d70298e049283cf2c715

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 671cd803796f68b715af1dcbcbb3be01
SHA1 f666c93a94b57d78549fc09b3a0323c75d57fb0e
SHA256 99b19d717de387dfb5aaac647f6e7a281ec31e0ba70069c351b0de0e8eaeb9c4
SHA512 b59a16f4eb9275149ff5afd343fbee7a3cfa7d7758963c307587044d882f4379d74b8944c45e1dfb433d0ba2a349f9ee194efd4bae1718d76aa2e7eae27789b5

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 afaf3788f59ca5ae000e757f0d2e6a88
SHA1 8fa7207da53ab1828ac23f639f49f979614c6a24
SHA256 6796872604e1cd0429716c4824fe952020ceea8488ed031796e111ae09757ec4
SHA512 5ca82b3f7558b14028dff34fd237284fce464b2e0b6ca473335db7c97c0207cfa9e356c0c8548bdd7b61bbdc4c6142e298207eff3e90e03158089bea1a70d3d4

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 ecafaad88868f860f456d244f4c45662
SHA1 cb836e5d5ac6d345de35527bc80c5b7cf7df6658
SHA256 3a4ec666c72edccb805bb7a867ddf450460e09913b8880af32772f4280247008
SHA512 630cafb4e3aa8e222490225ee2d7132ef29bfd8db527aafd66818114be1f72819cd0436904cd08e58c543071dc3008051bb504630d4d2c2a99dd80e32eaf7887

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 e1aad4863b4452749e9c319052d604ff
SHA1 d46826ba0ceb8910a3252bca7cc648eb7d639c3b
SHA256 6dc0addf924a0d891bb9797b1b50832c8aa5a1f8e73b8b3d477ac6fac1a78012
SHA512 b2f02e0297877cb6f6079cd09e5f9be09807680f0baf4ad64b75848aad6f235a7c4890c3acdcdcfc6adfdc282b093c2320026f05f14539b4c45bc82a739aca22

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 2a281a7d791800b0aa043c3794320437
SHA1 ed59bfb2e2b3ef27eff5e662242dae0c95072e33
SHA256 a40f7f8b85292815c50e3303189edbd6eeebcdacd1b16c88736e742cc26a2521
SHA512 da27eab2aae112164b53cda10f45edcce82f15bf3b8e60b8ec5663b6aa3738451f0c5775f10a6a6fab1002de41735dcd69e54d03cb7d75ee6fcc522b5ae9f8f2

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat

MD5 1cd8abdaea3bcd30214f01046ecd450d
SHA1 abc8fef03a274dcb9f15c17396e9f0af85a0b0fd
SHA256 cf981ad0b084c330fbfc00f9e559404c6731d407a9f004ce68b50ecd7abe7425
SHA512 a04f2beafbe2311a5eec84f8ecff16db1dda864d420643184b0164aca9958b679205c3ab23bb71095d710f45dc4c3c51ff8b267c36a1ffc768126b48556f5f86