Malware Analysis Report

2024-09-23 05:21

Sample ID 240604-ws4gqseh6v
Target .
SHA256 e8a4ba10ad14247a21d441c7fb1f9f23d376f70e87a0a97e3fb3c62852de8e90
Tags
gandcrab backdoor bootkit discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e8a4ba10ad14247a21d441c7fb1f9f23d376f70e87a0a97e3fb3c62852de8e90

Threat Level: Known bad

The file . was found to be: Known bad.

Malicious Activity Summary

gandcrab backdoor bootkit discovery persistence ransomware spyware stealer

Gandcrab

Suspicious use of NtCreateUserProcessOtherParentProcess

Renames multiple (223) files with added filename extension

Downloads MZ/PE file

Modifies RDP port number used by Windows

Sets service image path in registry

Drops file in Drivers directory

Checks computer location settings

Reads user/profile data of web browsers

Executes dropped EXE

Drops startup file

Checks BIOS information in registry

Loads dropped DLL

Registers COM server for autorun

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Looks up external IP address via web service

Adds Run key to start application

Writes to the Master Boot Record (MBR)

Checks installed software on the system

Sets desktop wallpaper using registry

Drops file in System32 directory

Drops file in Windows directory

Launches sc.exe

Drops file in Program Files directory

Program crash

Enumerates physical storage devices

Script User-Agent

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious behavior: LoadsDriver

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

Modifies system certificate store

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Volume Shadow Copy service COM API

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-04 18:11

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 18:11

Reported

2024-06-04 18:31

Platform

win10v2004-20240508-en

Max time kernel

896s

Max time network

899s

Command Line

C:\Windows\Explorer.EXE

Signatures

Gandcrab

ransomware backdoor gandcrab

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 5688 created 3476 N/A C:\Users\Admin\Desktop\MBSetup.exe C:\Windows\Explorer.EXE

Renames multiple (223) files with added filename extension

ransomware

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mbamswissarmy.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\MbamChameleon.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mbam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\Desktop\MBSetup.exe N/A
File created C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\Desktop\MBSetup.exe N/A
File created C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\drivers\mbae64.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Windows\system32\DRIVERS\mwac.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\farflt.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies RDP port number used by Windows

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Desktop\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\Desktop\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Desktop\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\Desktop\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\ETKOG-MANUAL.txt C:\Users\Admin\Desktop\GandCrab.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\6760a1b06760a65d5c.lock C:\Users\Admin\Desktop\GandCrab.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
N/A N/A C:\Users\Admin\Butterfly on Desktop\ButterflyOnDesktop.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\ServiceHelper.Agent.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\ServiceHelper.Agent.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
N/A N/A C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Windows-outbyte-driver-updater.exe N/A
N/A N/A C:\Users\Admin\Desktop\Windows-outbyte-driver-updater.exe N/A
N/A N/A C:\Users\Admin\Desktop\Windows-outbyte-driver-updater.exe N/A
N/A N/A C:\Users\Admin\Desktop\Windows-outbyte-driver-updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{05098CD5-9914-48C2-A453-DB782F55A65F}\InProcServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Desktop\7z2406-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Desktop\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05098CD5-9914-48C2-A453-DB782F55A65F}\InProcServer32\ThreadingModel = "Both" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05098CD5-9914-48C2-A453-DB782F55A65F}\InProcServer32\ = "C:\\PROGRAM FILES\\MALWAREBYTES\\ANTI-MALWARE\\mbamsi64.dll" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbshlext.dll" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
File opened (read-only) \??\F: C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Desktop\GandCrab.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Desktop\GandCrab.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
File opened (read-only) \??\T: C:\Users\Admin\Desktop\GandCrab.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Desktop\GandCrab.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
File opened (read-only) \??\M: C:\Users\Admin\Desktop\GandCrab.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
File opened (read-only) \??\H: C:\Users\Admin\Desktop\GandCrab.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Desktop\GandCrab.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Desktop\GandCrab.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
File opened (read-only) \??\A: C:\Users\Admin\Desktop\GandCrab.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
File opened (read-only) \??\E: C:\Users\Admin\Desktop\GandCrab.exe N/A
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
File opened (read-only) \??\S: C:\Users\Admin\Desktop\GandCrab.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Desktop\GandCrab.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Desktop\GandCrab.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\U: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipgeolocation.io N/A N/A
N/A api.ipgeolocation.io N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\netefe3e.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\pnpxinternetgatewaydevices.inf_amd64_82b90e51473d48ea\pnpxinternetgatewaydevices.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\SysWOW64\Driver Updater\is-F661M.tmp C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\bcmfn2.inf_amd64_5ebadf201c5b5845\bcmfn2.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_smartcardfilter.inf_amd64_3573afe136371e51\c_smartcardfilter.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\netmlx4eth63.inf_amd64_3809a4a3e7e07703\netmlx4eth63.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\iastorav.inf_amd64_87f761c07c99d5e7\iastorav.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\wstorvsc.inf_amd64_50cb8ebb1c9584af\wstorvsc.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_cashdrawer.inf_amd64_a648ee708660440c\c_cashdrawer.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\volsnap.inf_amd64_ce438b6e0c5b1af2\volsnap.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\usbncm.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\netwtw08.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_fscontentscreener.inf_amd64_bd1517e25f3e419f\c_fscontentscreener.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_processor.inf_amd64_4431cc603de6e020\c_processor.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\SysWOW64\Driver Updater\Lang\is-RHMQP.tmp C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_5b64b65052c3a32a\digitalmediadevice.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmgl009.inf_amd64_3bab34655afeb7e4\mdmgl009.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmhayes.inf_amd64_055d85baabbda8f6\mdmhayes.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmnis2u.inf_amd64_0c5757ecd1574b3d\mdmnis2u.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_mouse.inf_amd64_822333b41326bc2f\c_mouse.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmadc.inf_amd64_7b6fc0e15997ce81\mdmadc.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmarn.inf_amd64_947cdd3822225c16\mdmarn.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmdp2.inf_amd64_6550f790ed88c7ba\mdmdp2.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\netvchannel.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\wdmvsc.inf_amd64_8666ee4da6ad6325\wdmvsc.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\netwtw02.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\msux64w10.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\acpipmi.inf_amd64_310dc613a7e31ec8\acpipmi.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\netvf63a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_linedisplay.inf_amd64_a720ddb820f10790\c_linedisplay.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\wvmbus.inf_amd64_a192dbf28b4634a7\wvmbus.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\percsas2i.inf_amd64_a7f5d94e6751c911\percsas2i.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\wvmgid.inf_amd64_3a0240393de08f95\wvmgid.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmcpv.inf_amd64_906547002cc7c58e\mdmcpv.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_battery.inf_amd64_5637e58e54fb24bb\c_battery.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmbtmdm.inf_amd64_9e5602638617558e\mdmbtmdm.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmzyxel.inf_amd64_1edcf626fd489056\mdmzyxel.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{df246f33-a880-d744-b8f5-3f552995995a}\mbtun.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\SysWOW64\Driver Updater\is-BONHT.tmp C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_diskdrive.inf_amd64_1debcd2bd95e9c0c\c_diskdrive.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_monitor.inf_amd64_f02375bf47a4adb2\c_monitor.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_system.inf_amd64_184528953a6fb673\c_system.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_volsnap.inf_amd64_47e3741bbf4d6b06\c_volsnap.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\stornvme.inf_amd64_1218fad01506b7af\stornvme.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\wmbclass_wmc_union.inf_amd64_a02e4111c770770d\wmbclass_wmc_union.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\battery.inf_amd64_a239bc596073092a\battery.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmiodat.inf_amd64_95e01117eb9c1bd2\mdmiodat.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\wvmbushid.inf_amd64_fd2fe159a9daf508\wvmbushid.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\kscaptur.inf_amd64_b95d9f4691816045\kscaptur.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\lltdio.inf_amd64_4faf5a37ebdbec2b\lltdio.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\tpm.inf_amd64_154e6da862a6dc30\tpm.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmbug3.inf_amd64_aef240978776cd0b\mdmbug3.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmzyp.inf_amd64_19eb30e94285f2a6\mdmzyp.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\net9500-x64-n650f.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\netathrx.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\percsas3i.inf_amd64_c17a63dada1eaa02\percsas3i.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\wave.inf_amd64_8e8496aa33c0a7f6\wave.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_a084e687a06b255f\wudfusbcciddriver.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\hidir.inf_amd64_7bf4a320e4ec8b3d\hidir.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{df246f33-a880-d744-b8f5-3f552995995a}\SET3442.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\netsstpa.PNF C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\\\bxmeoengtf.bmp" C:\Users\Admin\Desktop\GandCrab.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\System.Windows.Controls.Ribbon.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Windows.Forms.Design.Editors.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Xaml.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.DependencyInjection.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\be.txt C:\Users\Admin\Desktop\7z2406-x64.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\c18ee09a-ff71-485f-a9c9-72eca98b5161 C:\Users\Admin\Desktop\MBSetup.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ReachFramework.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Csp.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt C:\Users\Admin\Desktop\7z2406-x64.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\VPNControllerImpl.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\SelfProtectionShim.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\UIAutomationClient.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt C:\Users\Admin\Desktop\7z2406-x64.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l2-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.HttpListener.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework.Classic.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\PresentationUI.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sa.txt C:\Users\Admin\Desktop\7z2406-x64.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Reader.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.WindowsDesktop.App.runtimeconfig.json C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\ArwControllerImpl.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Expressions.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.IO.Packaging.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.inf C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ro.txt C:\Users\Admin\Desktop\7z2406-x64.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsBase.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\BrowserSDKDLLShim.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\Desktop\7z2406-x64.exe N/A
File created C:\Program Files\ETKOG-MANUAL.txt C:\Users\Admin\Desktop\GandCrab.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\UIAutomationClientSideProviders.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordbi.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Sockets.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.Design.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnel_wireguard.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Swissarmy.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\Desktop\7z2406-x64.exe N/A
File opened for modification C:\Program Files\WriteRename.rtf C:\Users\Admin\Desktop\GandCrab.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Registry.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClient.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\Desktop\7z2406-x64.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-sysinfo-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\an.txt C:\Users\Admin\Desktop\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eu.txt C:\Users\Admin\Desktop\7z2406-x64.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\UIAutomationProvider.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\PresentationUI.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files\ApproveConvertTo.inf C:\Users\Admin\Desktop\GandCrab.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hant\UIAutomationTypes.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\WindowsFormsIntegration.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\UIAutomationProvider.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\assistant.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\ReachFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\LicenseControllerImpl.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbam.firefox.manifest.json C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ba.txt C:\Users\Admin\Desktop\7z2406-x64.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Primitives.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hant\WindowsFormsIntegration.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Desktop\GandCrab.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000005b1010511f65dd1c0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800005b1010510000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809005b101051000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d5b101051000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000005b10105100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006\ C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\ C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\ C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\ C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\ C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\ C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006 C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006 C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\ C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006\ C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\ C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E\ C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\ C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006 C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\ C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004 C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E\ C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Desktop\GandCrab.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Desktop\GandCrab.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\Desktop\GandCrab.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes\FirstRun = "false" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EAD7766B-F8F3-4944-AFE6-5D667E535709}\TypeLib\ = "{783B187E-360F-419C-B6DA-592892764A01}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E3F70EF-D9BE-485F-A6F5-816DD0EDC757}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D8258E71-3A7A-4D9D-85BB-C7999F95B7E4}\ = "IAEControllerV4" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31A02CB9-6064-4A3B-BCB4-A329528D4648}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7BCC13C-47B9-4DC0-8FC6-B2A489EF60EF}\ = "IScanControllerV4" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FC60FEE4-E373-4962-B548-BA2E06119D54}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BADF77CD-ECCE-4B36-88FF-6A2804FFE307}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D57ACF19-30E3-4B7E-BCDD-6EEB8E57AF27}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BAFDF38F-72A8-4791-AACC-72EB8E09E460}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4163399F-AB08-4E5E-BE28-6B9440393AD3}\ = "IMWACControllerV13" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49207D05-5DFE-4F52-9286-1856A92A5BFE} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49207D05-5DFE-4F52-9286-1856A92A5BFE}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6EC225D5-FD37-4F9B-B80F-09FAE36103AE}\ = "IMWACControllerV2" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{767D2042-D2F6-4BAA-B30E-00E0CD4015BD}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DC97FF29-5CE2-4897-8175-94672057E02D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{560EB17C-4365-4DFC-A855-F99B223F02AF}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B38EDC4F-A2CD-4F76-8607-F123FE4031D5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAD5232C-6E05-4458-9709-0B4DCB22EA09}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E32ABD9A-1CBD-44A5-8A62-55D347D3C4F0} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{09FAE0FE-2897-496A-9FD2-39C86556F1D2}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E3D4AC2-A9AE-478A-91EE-79C35D3CA8C7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00A73BC0-754E-44E1-B190-D59E187A5EA1}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E03FDF96-969E-4700-844D-7F754F1657EF}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9B34A461-332D-479F-B8C4-7D168D650EBD}\TypeLib\ = "{2446F405-83F0-460F-B837-F04540BB330C}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{118F4330-CAF5-4A54-ABB0-DC936669ED2F}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{503084FD-0743-46C7-833F-D0057E8AC505}\ = "_ICleanControllerEventsV5" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A7FB145-B72D-466E-A3AC-21599BBE9E8C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2D56B7B-4B87-45A1-A6D3-5C77035141A6}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BD221458-5E85-4235-B1EF-4658F6751519}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE35F2CA-6335-49BA-8E86-F6E246CFCEA6}\ = "ILogControllerEvents" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A82D6A8-59F8-4B47-BBD0-8F5E5DBB3C7D} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0F2D6C4F-0B95-4A53-BA9D-55526737DC34} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A2D4A69C-14CA-4825-9376-5B4215AF5C5E} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MB.TelemetryController C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E41AC038-1688-417F-BE23-52D898B93903}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49F6AC60-2104-42C6-8F71-B3916D5AA732}\1.0\0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5083B4CA-BBA6-43DD-B36E-DEA787CA0CAD}\ = "IMWACControllerV8" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FFBD938D-3ABA-4895-97EF-5A0BDF7AC07D}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49207D05-5DFE-4F52-9286-1856A92A5BFE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{78E69E6F-EC12-4B84-8431-1D68572C7A61}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BADF77CD-ECCE-4B36-88FF-6A2804FFE307}\ = "_IScanControllerEventsV11" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F418F2F6-5173-4E4F-80EF-AF21E516C461}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B1BDE8B0-F598-4334-9991-ECC7442EEAA6} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E3F70EF-D9BE-485F-A6F5-816DD0EDC757} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ABC1D1AF-23ED-4483-BDA4-90BCC21DFBDB}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0B14402F-4F35-443E-A34E-0F511098C644} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2DFD7E94-47E6-483A-B4FD-DC586A52CE5D} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B1F1EB48-7803-4D84-B07F-255FE87083F4}\ = "IMWACControllerV3" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{77AD284A-4686-413D-AA76-BDFC1DF52A19}\TypeLib\ = "{59DBD1B8-A7BD-4322-998F-41B0D2516FA0}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D81C2A20-D03D-40D4-A371-A499633A2AD3}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B3FCAA7C-EA26-43E6-A312-CDB85491DDD8}\ = "IRTPControllerV18" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\DefaultIcon C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{960F2BB5-E954-45C5-97DF-A770D9D8C24B}\ = "IScanParametersV9" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B8E2CB10-C8DE-4225-ABBB-6CE77FF04FFA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B3DFEA6-6514-42CF-A091-C4DFFD9C2158}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{25321640-5EF1-4095-A0DA-30DE19699441} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C85F3EB8-B099-4598-89C3-E33BAC2CE53D}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49F6AC60-2104-42C6-8F71-B3916D5AA732} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{090D2E82-C71B-414E-AF6A-6681A92FF2B3}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAB53395-8218-47FF-91B7-144994C0AD83}\ = "IAEController" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\VersionIndependentProgID C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 474051.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:SmartScreen:$DATA C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 728732.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 252871.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 423859.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\ProgramData\Outbyte\Driver Updater\2.x\Distr\Driver Updater-2.3.3.31862.exe\:SmartScreen:$DATA C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 747552.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 637067.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\ServiceHelper.Agent.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\ServiceHelper.Agent.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\ServiceHelper.Agent.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\ServiceHelper.Agent.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Desktop\MBSetup.exe N/A
N/A N/A C:\Users\Admin\Desktop\MBSetup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Desktop\GandCrab.exe N/A
N/A N/A C:\Users\Admin\Desktop\GandCrab.exe N/A
N/A N/A C:\Users\Admin\Desktop\GandCrab.exe N/A
N/A N/A C:\Users\Admin\Desktop\GandCrab.exe N/A
N/A N/A C:\Users\Admin\Desktop\MBSetup.exe N/A
N/A N/A C:\Users\Admin\Desktop\MBSetup.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: 35 N/A C:\Windows\system32\svchost.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Butterfly on Desktop\ButterflyOnDesktop.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1476 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1476 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb533746f8,0x7ffb53374708,0x7ffb53374718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5028 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3d4 0x4fc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2216 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:8

C:\Users\Admin\Desktop\butterflyondesktop.exe

"C:\Users\Admin\Desktop\butterflyondesktop.exe"

C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp

"C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp" /SL5="$40240,2719719,54272,C:\Users\Admin\Desktop\butterflyondesktop.exe"

C:\Users\Admin\Butterfly on Desktop\ButterflyOnDesktop.exe

"C:\Users\Admin\Butterfly on Desktop\ButterflyOnDesktop.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb533746f8,0x7ffb53374708,0x7ffb53374718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6748 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3972 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6504 /prefetch:8

C:\Users\Admin\Desktop\Windows-outbyte-driver-updater.exe

"C:\Users\Admin\Desktop\Windows-outbyte-driver-updater.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6376 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe

"C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe" /spid:1636 /splha:36414272

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\Driver Updater\ServiceHelper.Agent.exe

"C:\Windows\System32\Driver Updater\ServiceHelper.Agent.exe" /install /silent

C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe

"C:\Windows\System32\Driver Updater\DriverUpdater.exe" /Install /AutoStart /CreateOSSnapshot

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\SysWOW64\sc.exe

sc start OutbyteDUHelper

C:\Windows\SysWOW64\Driver Updater\ServiceHelper.Agent.exe

"C:\Windows\SysWOW64\Driver Updater\ServiceHelper.Agent.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6304 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7528 /prefetch:8

C:\Users\Admin\Desktop\7z2406-x64.exe

"C:\Users\Admin\Desktop\7z2406-x64.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:1

C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe

"C:\Windows\System32\Driver Updater\DriverUpdater.exe" /AutoScan /FromInstaller

C:\Users\Admin\Desktop\WinNuke.98.exe

"C:\Users\Admin\Desktop\WinNuke.98.exe"

C:\Users\Admin\Desktop\WinNuke.98.exe

"C:\Users\Admin\Desktop\WinNuke.98.exe"

C:\Users\Admin\Desktop\WinNuke.98.exe

"C:\Users\Admin\Desktop\WinNuke.98.exe"

C:\Users\Admin\Desktop\WinNuke.98.exe

"C:\Users\Admin\Desktop\WinNuke.98.exe"

C:\Users\Admin\Desktop\WinNuke.98.exe

"C:\Users\Admin\Desktop\WinNuke.98.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x120,0x124,0xfc,0x128,0x7ffb533746f8,0x7ffb53374708,0x7ffb53374718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4292 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3d4 0x4fc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6092 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7116 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8

C:\Users\Admin\Desktop\MBSetup.exe

"C:\Users\Admin\Desktop\MBSetup.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5964 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7448 /prefetch:2

C:\Users\Admin\Desktop\GandCrab.exe

"C:\Users\Admin\Desktop\GandCrab.exe"

C:\Users\Admin\Desktop\MBSetup.exe

"C:\Users\Admin\Desktop\MBSetup.exe"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c vssadmin delete shadows /all /quiet

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5464 -ip 5464

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 1420

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "000000000000014C" "Service-0x0-3e7$\Default" "000000000000015C" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status on true /updatesubstatus none /scansubstatus none /settingssubstatus none

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe

"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb533746f8,0x7ffb53374708,0x7ffb53374718

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 polyfill.archive.org udp
US 8.8.8.8:53 web-static.archive.org udp
US 8.8.8.8:53 archive.org udp
US 207.241.239.241:443 polyfill.archive.org tcp
US 207.241.224.2:445 archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 241.239.241.207.in-addr.arpa udp
US 8.8.8.8:53 2.237.241.207.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 archive.org udp
BE 88.221.83.235:443 www.bing.com tcp
US 8.8.8.8:53 235.83.221.88.in-addr.arpa udp
BE 88.221.83.235:443 www.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 104.193.132.51.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
NL 23.62.61.129:443 www.bing.com tcp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 23.62.61.152:443 r.bing.com tcp
NL 23.62.61.152:443 r.bing.com tcp
NL 23.62.61.89:443 th.bing.com tcp
NL 23.62.61.89:443 th.bing.com tcp
US 8.8.8.8:53 152.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 89.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.138:443 login.microsoftonline.com tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
SE 23.201.43.89:443 aefd.nelreports.net tcp
SE 23.201.43.89:443 aefd.nelreports.net udp
US 8.8.8.8:53 89.43.201.23.in-addr.arpa udp
US 8.8.8.8:53 freedesktopsoft.com udp
DE 78.46.117.95:80 freedesktopsoft.com tcp
DE 78.46.117.95:80 freedesktopsoft.com tcp
DE 78.46.117.95:80 freedesktopsoft.com tcp
DE 78.46.117.95:80 freedesktopsoft.com tcp
DE 78.46.117.95:80 freedesktopsoft.com tcp
DE 78.46.117.95:80 freedesktopsoft.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:80 connect.facebook.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 95.117.46.78.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 adclick.g.doubleclick.net udp
US 8.8.8.8:53 download.pcsystemfix.com udp
GB 172.217.169.34:443 adclick.g.doubleclick.net tcp
US 104.18.34.21:443 download.pcsystemfix.com tcp
US 104.18.34.21:443 download.pcsystemfix.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 builder-assets.unbounce.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 216.58.201.106:443 ajax.googleapis.com tcp
FR 52.222.201.86:443 builder-assets.unbounce.com tcp
FR 52.222.201.86:443 builder-assets.unbounce.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 pulse.clickguard.com udp
BR 142.251.132.3:443 csi.gstatic.com tcp
US 104.26.12.152:443 pulse.clickguard.com tcp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 21.34.18.104.in-addr.arpa udp
US 8.8.8.8:53 153.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 86.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 152.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 17.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 api.ipgeolocation.io udp
US 8.8.8.8:53 www.pcsystemfix.com udp
BR 142.251.132.3:443 csi.gstatic.com tcp
US 8.8.8.8:53 d9hhrg4mnvzow.cloudfront.net udp
US 104.20.39.71:443 api.ipgeolocation.io tcp
US 8.8.8.8:53 io.clickguard.com udp
GB 142.250.187.196:443 www.google.com udp
US 142.93.193.216:443 www.pcsystemfix.com tcp
US 142.93.193.216:443 www.pcsystemfix.com tcp
FR 18.164.55.143:443 d9hhrg4mnvzow.cloudfront.net tcp
FR 18.164.55.143:443 d9hhrg4mnvzow.cloudfront.net tcp
FR 18.164.55.143:443 d9hhrg4mnvzow.cloudfront.net tcp
FR 18.164.55.143:443 d9hhrg4mnvzow.cloudfront.net tcp
FR 18.164.55.143:443 d9hhrg4mnvzow.cloudfront.net tcp
FR 18.164.55.143:443 d9hhrg4mnvzow.cloudfront.net tcp
US 104.26.13.152:443 io.clickguard.com tcp
US 8.8.8.8:53 fonts.ub-assets.com udp
FR 13.32.145.119:443 fonts.ub-assets.com tcp
US 8.8.8.8:53 ipgeolocation.io udp
US 104.20.40.71:443 ipgeolocation.io tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 cdn.taboola.com udp
US 8.8.8.8:53 amplify.outbrain.com udp
US 8.8.8.8:53 s.yimg.com udp
US 104.26.12.152:443 io.clickguard.com tcp
US 104.26.12.152:443 io.clickguard.com tcp
US 204.79.197.237:443 bat.bing.com tcp
US 151.101.1.44:443 cdn.taboola.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
SE 104.73.93.80:443 amplify.outbrain.com tcp
US 8.8.8.8:53 analytics.google.com udp
US 216.239.32.181:443 analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
FR 13.32.145.119:443 fonts.ub-assets.com tcp
BE 74.125.71.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 tr.outbrain.com udp
US 8.8.8.8:53 wave.outbrain.com udp
US 8.8.8.8:53 sp.analytics.yahoo.com udp
US 8.8.8.8:53 trc.taboola.com udp
US 64.74.236.127:443 tr.outbrain.com tcp
US 64.74.236.127:443 tr.outbrain.com tcp
SE 104.73.93.80:443 wave.outbrain.com tcp
BE 74.125.71.154:443 stats.g.doubleclick.net udp
IE 3.255.41.64:443 sp.analytics.yahoo.com tcp
US 8.8.8.8:53 3.132.251.142.in-addr.arpa udp
US 8.8.8.8:53 71.39.20.104.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 152.13.26.104.in-addr.arpa udp
US 8.8.8.8:53 216.193.93.142.in-addr.arpa udp
US 8.8.8.8:53 119.145.32.13.in-addr.arpa udp
US 8.8.8.8:53 143.55.164.18.in-addr.arpa udp
US 8.8.8.8:53 71.40.20.104.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 44.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 181.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 80.93.73.104.in-addr.arpa udp
US 8.8.8.8:53 12.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 154.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 64.41.255.3.in-addr.arpa udp
US 8.8.8.8:53 127.236.74.64.in-addr.arpa udp
US 8.8.8.8:53 trc-events.taboola.com udp
NL 141.226.228.48:443 trc-events.taboola.com tcp
GB 216.58.201.106:443 ajax.googleapis.com udp
FR 52.222.201.86:443 builder-assets.unbounce.com tcp
US 8.8.8.8:53 lp.pcsystemfix.com udp
US 104.18.34.21:443 lp.pcsystemfix.com tcp
US 216.239.32.181:443 analytics.google.com udp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.66.137:443 code.jquery.com tcp
US 8.8.8.8:53 807cedb8f0db41849b0c36be8f38d60a.js.ubembed.com udp
US 172.64.148.75:443 807cedb8f0db41849b0c36be8f38d60a.js.ubembed.com tcp
US 8.8.8.8:53 verify.g2afse.com udp
NL 34.90.175.78:443 verify.g2afse.com tcp
NL 34.90.175.78:443 verify.g2afse.com tcp
US 8.8.8.8:53 48.228.226.141.in-addr.arpa udp
US 8.8.8.8:53 137.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 75.148.64.172.in-addr.arpa udp
US 8.8.8.8:53 assets.ubembed.com udp
US 8.8.8.8:53 xoomby.com udp
FR 52.84.174.60:443 assets.ubembed.com tcp
US 104.200.16.65:443 xoomby.com tcp
US 8.8.8.8:53 807cedb8f0db41849b0c36be8f38d60a.pages.ubembed.com udp
US 104.18.34.21:443 807cedb8f0db41849b0c36be8f38d60a.pages.ubembed.com tcp
US 8.8.8.8:53 outbyte.com udp
US 45.33.97.245:443 outbyte.com tcp
US 8.8.8.8:53 807cedb8f0db41849b0c36be8f38d60a.events.ubembed.com udp
US 34.206.251.176:443 807cedb8f0db41849b0c36be8f38d60a.events.ubembed.com tcp
US 8.8.8.8:53 78.175.90.34.in-addr.arpa udp
US 8.8.8.8:53 60.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 65.16.200.104.in-addr.arpa udp
US 8.8.8.8:53 245.97.33.45.in-addr.arpa udp
US 8.8.8.8:53 dynamicdownloads.outbyte.com udp
CA 149.56.19.59:443 dynamicdownloads.outbyte.com tcp
US 8.8.8.8:53 176.251.206.34.in-addr.arpa udp
US 8.8.8.8:53 59.19.56.149.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 outbyte.com udp
US 45.33.97.245:443 outbyte.com tcp
US 45.33.97.245:443 outbyte.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 56.94.73.104.in-addr.arpa udp
US 45.33.97.245:443 outbyte.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 23.62.61.193:443 th.bing.com tcp
NL 23.62.61.192:443 th.bing.com tcp
US 8.8.8.8:53 bing.com udp
US 13.107.21.200:443 bing.com tcp
US 8.8.8.8:53 193.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 192.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 46.34.125.74.in-addr.arpa udp
US 8.8.8.8:53 recaptcha.net udp
GB 142.250.187.227:443 recaptcha.net tcp
GB 142.250.187.227:443 recaptcha.net udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 7zip.com udp
US 172.67.160.13:80 7zip.com tcp
US 172.67.160.13:80 7zip.com tcp
US 8.8.8.8:53 www.7zip.com udp
US 172.67.160.13:443 www.7zip.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.178.2:443 partner.googleadservices.com tcp
US 8.8.8.8:53 13.160.67.172.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.7zip.org udp
DE 49.12.202.237:443 www.7zip.org tcp
DE 49.12.202.237:443 www.7zip.org tcp
US 8.8.8.8:53 237.202.12.49.in-addr.arpa udp
DE 49.12.202.237:443 www.7zip.org tcp
DE 49.12.202.237:443 www.7zip.org tcp
DE 49.12.202.237:443 www.7zip.org tcp
DE 49.12.202.237:443 www.7zip.org tcp
DE 49.12.202.237:443 www.7zip.org tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 outbyte.com udp
US 8.8.8.8:53 du.outbyte.com udp
US 45.33.97.245:443 outbyte.com tcp
US 45.33.97.245:443 outbyte.com tcp
US 51.81.185.149:443 du.outbyte.com tcp
US 8.8.8.8:53 149.185.81.51.in-addr.arpa udp
US 8.8.8.8:53 api.outbyte.com udp
US 192.155.86.205:443 api.outbyte.com tcp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 186.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 205.86.155.192.in-addr.arpa udp
US 8.8.8.8:53 ssl.outbyte.com udp
US 45.33.97.245:443 ssl.outbyte.com tcp
BE 88.221.83.208:443 www.bing.com tcp
BE 88.221.83.208:443 www.bing.com tcp
US 8.8.8.8:53 208.83.221.88.in-addr.arpa udp
BE 88.221.83.208:443 www.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
BE 88.221.83.210:443 th.bing.com tcp
BE 88.221.83.210:443 th.bing.com tcp
BE 88.221.83.211:443 th.bing.com tcp
BE 88.221.83.211:443 th.bing.com tcp
US 8.8.8.8:53 210.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 211.83.221.88.in-addr.arpa udp
BE 88.221.83.210:443 th.bing.com udp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
US 104.18.33.89:443 www2.bing.com udp
US 45.33.97.245:443 ssl.outbyte.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 www.moosoft.com udp
US 172.66.43.10:443 www.moosoft.com tcp
US 172.66.43.10:443 www.moosoft.com tcp
US 172.66.43.10:443 www.moosoft.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 10.43.66.172.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 119.190.114.20.in-addr.arpa udp
US 8.8.8.8:53 c.clarity.ms udp
IE 68.219.88.97:443 c.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
GB 142.250.187.196:443 www.google.com udp
US 204.79.197.237:443 c.bing.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 downloads.malwarebytes.com udp
US 3.165.136.99:443 downloads.malwarebytes.com tcp
US 3.165.136.99:443 downloads.malwarebytes.com tcp
US 8.8.8.8:53 data-cdn.mbamupdates.com udp
US 3.165.136.92:443 data-cdn.mbamupdates.com tcp
US 8.8.8.8:53 92.136.165.3.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 api2.amplitude.com udp
US 44.233.87.214:443 api2.amplitude.com tcp
US 8.8.8.8:53 214.87.233.44.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
BE 88.221.83.203:443 r.bing.com udp
US 8.8.8.8:53 203.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 tse3.mm.bing.net udp
US 8.8.8.8:53 tse4.mm.bing.net udp
US 8.8.8.8:53 tse2.mm.bing.net udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 rr3---sn-5hne6nz6.googlevideo.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
NL 74.125.100.200:443 rr3---sn-5hne6nz6.googlevideo.com tcp
NL 74.125.100.200:443 rr3---sn-5hne6nz6.googlevideo.com tcp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 200.100.125.74.in-addr.arpa udp
NL 74.125.100.200:443 rr3---sn-5hne6nz6.googlevideo.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com udp
GB 142.250.187.246:443 i.ytimg.com udp
US 8.8.8.8:53 github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 74.125.34.46:443 www.virustotal.com tcp
GB 142.250.187.227:443 recaptcha.net udp
GB 142.250.187.227:443 recaptcha.net tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 45.33.97.245:443 ssl.outbyte.com tcp
US 51.81.185.149:443 du.outbyte.com tcp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 api2.amplitude.com udp
US 44.239.227.145:443 api2.amplitude.com tcp
US 8.8.8.8:53 145.227.239.44.in-addr.arpa udp
US 8.8.8.8:53 ark.mwbsys.com udp
US 18.211.79.36:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
FR 99.86.91.87:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 36.79.211.18.in-addr.arpa udp
US 18.211.79.36:443 ark.mwbsys.com tcp
US 8.8.8.8:53 87.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 cdn.mwbsys.com udp
FR 99.86.91.41:443 cdn.mwbsys.com tcp
US 18.211.79.36:443 ark.mwbsys.com tcp
US 8.8.8.8:53 41.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 cdn.mwbsys.com udp
FR 99.86.91.41:443 cdn.mwbsys.com tcp
US 18.211.79.36:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
FR 99.86.91.41:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 www.kakaocorp.link udp
US 18.211.79.36:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
FR 99.86.91.107:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 107.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 ipv4.am.i.mullvad.net udp
SE 45.83.223.233:443 ipv4.am.i.mullvad.net tcp
US 8.8.8.8:53 holocron.mwbsys.com udp
US 3.208.104.188:443 holocron.mwbsys.com tcp
US 3.208.104.188:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 233.223.83.45.in-addr.arpa udp
US 8.8.8.8:53 188.104.208.3.in-addr.arpa udp
US 8.8.8.8:53 cxcs.microsoft.net udp
BE 88.221.83.224:443 www.bing.com tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
US 8.8.8.8:53 224.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 114.66.68.104.in-addr.arpa udp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
BE 88.221.83.211:443 www.bing.com tcp
US 8.8.8.8:53 holocron.mwbsys.com udp
US 54.204.22.55:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 55.22.204.54.in-addr.arpa udp
US 8.8.8.8:53 crl.comodoca.com udp
US 172.64.149.23:80 crl.comodoca.com tcp
US 172.64.149.23:80 crl.comodoca.com tcp
US 172.64.149.23:80 crl.comodoca.com tcp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.21.17.194:80 www.microsoft.com tcp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 iris.mwbsys.com udp
US 44.212.184.140:443 iris.mwbsys.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 35.155.232.192:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 140.184.212.44.in-addr.arpa udp
US 8.8.8.8:53 192.232.155.35.in-addr.arpa udp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 54.85.56.152:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
FR 99.86.91.10:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 152.56.85.54.in-addr.arpa udp
US 8.8.8.8:53 10.91.86.99.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 87f7abeb82600e1e640b843ad50fe0a1
SHA1 045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256 b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512 ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

\??\pipe\LOCAL\crashpad_1476_NHAZYABFRYTECSZE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1 df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 81024ff1b1511d4302a583e4b1af4bc4
SHA1 71e55d03fd686df75236b611b9af7d75d6b4e0dd
SHA256 1895285c07a265a71d1965ff26f22afe3266f019dec58e8a66e4b36e405e19b2
SHA512 e4f1c5c355f28dc18316326428122d3e8c194ceff35b315aeca5af00bdfb18675719358a1d3d7c806f82edeec23ef6eb00b7a1a034ea8e776dba10b34bda848b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 915353615ea6b8e503205bdfa1c04a66
SHA1 35bb3db5ef2af8244ce851d602911a6df1743567
SHA256 9a2997d2c7ff907ce0e6466caef3243006f9588d925e7297c7fec2bace06d52b
SHA512 77c14f4ddbbca9e10b325c55687698d8415fa9705cce63502335bdd4722ec9dc873f60163bf6723cf616cf1c78c22ee92c97b2f6f4a46de93de051bb04c02cc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d3f5d596c75c8c29cf3a0487f334f7d9
SHA1 4a40c92a565cf1a0068d58987f83d4f6fc3cdd69
SHA256 aabe841807b2f7d02a4463ff867fb77918c10dc87fdddb4636e13432d51fd605
SHA512 ccc92c546568b1810de0be95e4074ae777d4ff73e57550fcf718ae3ffdcf8aa602449b4d4d6c2bfecf11048a2eaabb4c69c2f8d7656f623e338b806fde4e0318

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a361424296d5bde510fe8a505f282194
SHA1 5124f1b8926ca33ec8a7f949c98a3c4fabc2649e
SHA256 74a55fecc850ce6bfa327a527fc1e663728c2daff4b62bf4b22075945d77be28
SHA512 f3231a827c2eb1deff8b29054a977ac7f55871aa472caee8332448aa7637998f259c85d4283b372ce4e887163a70c0bc1af96fe5df98e605e533c3d210808003

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 803f8f20578b185257ad6cc7579d0f1f
SHA1 6f6f09e04b06cc0a447c2070c2a81ca16debc7fd
SHA256 5aaebff5b15932c938a558ddce6a42c819ead87a08adefea2d9a9c8e26452991
SHA512 f522038c770f280a57fe1454f2beff8e90f1899a40b67dcc75d41dddbba6d63a34a5157b103fa7e7efc1871210121cf2000ff9f401aedb2f1858f615821e1be9

C:\Users\Admin\Desktop\RegisterInstall.aiff

MD5 6d9f9b87ec90c5c389d340793b07cf0a
SHA1 5f12ac8a6a1088d8750956cf03794f5cf0ece86f
SHA256 15b17d37ddae687f38f4c4a4458de6041cd0ba2695a8b3f716120952547327f9
SHA512 a27ad50b7c9083c38b47af95de412ba03ee140e5e60859ec5ec0b4f4540b697dc15c0d245a2b97fcd67b1ac0e8f835f07acd5ab5341fbe7285ce62ff0a6fbec2

C:\Users\Admin\Desktop\ResolveStop.pdf

MD5 5c7f1f7f3b48b43f1b7f818ef429d456
SHA1 ca65376b3e463ae4827a4ec2bc5045e71adcae2f
SHA256 475a384af397f78e99ee87bb7eeb5560099135ceff5c44f734fc569e6eeadc87
SHA512 752e48c722299c0798540ead2feebaa12c56fdaa2294c936bf8395dc08f1bdde7cb3317177927e255daf703d747a21bb700a0e66a0d3550a93e5268983f19074

C:\Users\Admin\Desktop\ConfirmUpdate.ps1

MD5 2986b1cc8f64c9f67179f0035867711e
SHA1 a150098a77d9e773c196c86bbc1767a0ead7ee24
SHA256 4360a9e2df445387d0e63a28167408a6d40e149ca001a0b92f05b2a7ef552576
SHA512 b55f9019606a82959288ca6c798a8d183af4cd3df941da55d40298b643db2c9b99cb63b013c84e1f0f834afed0d83b97b6b8c8170a6eb04cae6dfeee3e3112a1

C:\Users\Admin\Desktop\DenyGet.ico

MD5 a94c3ba1384b1f8ec9e0b8cbff0671c8
SHA1 d592c4a953951b9292464d6fd3a55c1f2f232eb5
SHA256 26d27a901abe46b30e4ce90c0f17cb8bcbc78b4b38ca55243ba94f785b06f230
SHA512 ff7aa72c54d823fa62c03d6270f42d979b21c6374c735185b81eb1f56b3b50669f23621b6aa0462385e0f851dbdf48fbdcbb31d8aeec0fa69d0ac4b830487f8b

C:\Users\Admin\Desktop\EnterDisconnect.mp4

MD5 8cae8db8a991e16186ba84d5a8b5f8f9
SHA1 f113f131e6e3ab2f1510105469883230529831d5
SHA256 56548d3699157ae0699f9c2597418df7f16a88f950fa39042bcdb912334613a1
SHA512 26699b302c4ea62c760f85ef5b6fe4bb2d6453309a19bd944b64fe67d39db2d0fd34f3630736fce37b6d55b43827049760763b4ff7e5b6c1df9ef14a75252dc8

C:\Users\Admin\Desktop\ExitConnect.css

MD5 51103cf0f757f5a5184a8c664974a3d0
SHA1 c41561460a99e8fa4cf40e98cfcde15218335509
SHA256 b5b0e64ecd4b4153698a322f4d5b67d516e82e823d4b684ba4543175db4412c1
SHA512 44d23732c6f132f39853604fcdec4a72610c1c72a8b165260cbcc106059802110019469b56abfe25b8392058eef595fbf10117250a4a51b2a72b6946e25fa383

C:\Users\Admin\Desktop\GrantDeny.dot

MD5 bd55028203bf26059af1ec2f0b119278
SHA1 208f70ada15a059a2760a58fa36999fb5dcb8207
SHA256 853b15e4baa0f49a1c0304a5ded5d4f68c9913f47b6ab325ca74018bf713b10a
SHA512 28e174ea5556dd3462238991ccfe9d3e45d9d95e8d95485656ea9016025a20a38d8175b84cf961c9d6fe9917b2336a8e0be5b66c5b9914ef4cf57d461ee54636

C:\Users\Admin\Desktop\LimitAdd.php

MD5 c4a855303da0dc922810ef11cb225075
SHA1 73d2e628699222bc494ba615852405d1a730a006
SHA256 db3ddd952f840df9c61250b544a86323c216fe32ec6bc48f05e8797ac8853c67
SHA512 ffa7a86bc7e73bf644a37a8c839d051c4ff0951d0019e5a36a81b18d2b89fbc7371ec4d7f1f0692a7ef85ac58f00e4246ce196ed1d644940841ca8b95087f498

C:\Users\Admin\Desktop\NewUpdate.jpg

MD5 36fc82b931ef1b530ea11dd4736d97f5
SHA1 b3953c514c26e5cfede8f28b1581d0db68575c96
SHA256 8a52475e872437749a37ee4a40e5d26b7595a7a135b336c8b736d06cde7e3e68
SHA512 8806276c97e24a6d68737d456b379c1073b03797cbfed57f111d1933a91e12a2fe962efb3224d8a00e0e175bd9d61e926f8436355f63607fb1bf047356829aac

C:\Users\Admin\Desktop\RedoPop.kix

MD5 1d2b822c8be8677317cb012a79ec4826
SHA1 2e3662c2982744b78dc4292d69ab3d6712953369
SHA256 944d8d698b564e9ee1964fe8f0cde7209a131c410d3af59d956024aadd75a429
SHA512 7fc919d466df5949a96e55e1a616c2420f3442c508ab895370149dfe8d27dfd8409fe6d8342a2f2ee133578b3a8bb4ddb3c28a59c4cd0945feb32021edd4b192

C:\Users\Admin\Desktop\ResizeRead.raw

MD5 0ce1827fba10fd25a0b58e105e1d69f5
SHA1 e4d5703f8a31efabfa0582770992b7963d9c8137
SHA256 a28f79b7bd31618c28e995aebe05e2681af9c5b596e97c4ee831099be3e960fd
SHA512 b577d81201d1bf80ecff570f2b945e93f980e686cfb8acbbb67842ec7ed6ce59f1695be7953c5e82b1c85e956e2dcdd30188451aaeec8d0bfd38b5eeea152a8e

C:\Users\Admin\Desktop\RestartAdd.doc

MD5 e47d272ca8a229dd851d403c3e92b9d5
SHA1 5d0b9feff6c044a34da651a6017cc4d2c1c22a3f
SHA256 a40733f081ef93b274cf94abac4d7ed13082deb58b3a089909a5ebbf1ab357a3
SHA512 ba4005a786a1d607936f604b734fe2575bfa091abb91ca7ba6f33da2949ea917440cf78d9199d85785d98359da26090959fb457f0b6053be79525b859e49003a

C:\Users\Admin\Desktop\StepMeasure.asx

MD5 6ed1bca02bc6f8b4e6aedceb477c856e
SHA1 041f087b2ac12fcd9358b553f46f79af91df9b61
SHA256 ff84d50ffb040834d3e0ee6c2020689a68a832b8bff24e8f0a1224280b75f3f2
SHA512 9a51456eff586f0794ac1ba1310379884337a033e363a8e29b8e55451a510ca8aedf94431a681c8c897f9e49a7593054267cf15517f64b4842983ce477070a29

C:\Users\Admin\Desktop\UnprotectSplit.xlsb

MD5 cb780270396caefb55cc1d81b576c374
SHA1 fd7e19cb3b0f68fdefa353abf59d79d1fd89bce5
SHA256 b0e376c162f55a86f162e02aaebcc97de7e703aac5f93efc71ffbbe72e7f648b
SHA512 8e141e8dd44768baaa3ef2572e5e6cd3000005734d23b4e81eecc8e630ae017ce4f8aea85cef4ed57ffd16f5fc7ec737368e24c9568df55fef0068019679bc81

C:\Users\Admin\Desktop\UnpublishFormat.tmp

MD5 47431f7ea6d7a077288df9da1418c86d
SHA1 f3b593f2b8a5e39f0915c99289c6af4d8c89f396
SHA256 75839b35d964cec36b7bcd65da977f1e092478e6eff01d2c97bcd9cd0ff95cf6
SHA512 2abf6f55a304ad5064c26170b13d511614997c53f5dbf5ef5de2ebaf0573fb8961a1bf0a157d25fe9edfb0a88d9174d3038942dbbdc4983686128c487fdbcc3b

C:\Users\Admin\Desktop\AddOptimize.gif

MD5 9cd1211f9f5bbfb83af129783f1598e3
SHA1 c437aa4b0a051f12ff84f67c55e2450e606eb019
SHA256 a5130bf5ffcde2e3bdf54bf7efc6db134fbce8af71fbab7a6dfde303e5ca020a
SHA512 e512caafbba86af04a8d12a21e41e94d8d7a3beeb341e66de70bb099ab54e38be79c453df62d132930a72abac46651d4e8c2347ce661a02ac184ccaff9da4bc3

C:\Users\Admin\Desktop\ConvertMount.xlt

MD5 a2668a900451a9d9911a1a463bf87771
SHA1 7cb4bab5175961cc4010951ebcb1a5a396a42778
SHA256 046ead41c5ed049a34e6b2022d7bef4d5b087b8a57c792c4ab009d6fc43f5b05
SHA512 3d981c004484e490cb50413186a476f02c59b9d578d8b22882c9b7bcda3bbcbb5ff6b2f0a802da981343927ba7bab21b1ca8779af14f0ab9d30a79e399faf0a6

C:\Users\Admin\Desktop\ImportUnblock.wpl

MD5 f5e787a9d6a1a83a9c52e8f609c59969
SHA1 cc7e4bd302005c0d8d3d7ed039765278064ba885
SHA256 b7030d1f2ea0072395582e8a508373d6f4e4414609c3744204ddbfc524076879
SHA512 9ef27d5c4a64c412be32665968c2e0be2739e2c6da2dc0361ac65923ba1d6f7b5f9865c479909210a961e06b4bb6e1daafb4d6ba95894fd00398d4c7efb22b50

C:\Users\Admin\Desktop\ExitMove.ods

MD5 e268f190c5194ca389848f86494ea6c1
SHA1 227743cd72a17ec045a987befcf06cb69181a70b
SHA256 72b40e8338c48e1dd3ac0a3cc97f3922df5a91127013d168525e0c6289bf398b
SHA512 e8c5a83378c8cc3e0f691b11a33ed458b10c06b3cf43e6a238fcdb3cad0c0aac37d0ecbf65a7c468aff67dec7b2965f7e37fa4a4112cf3b47562ef1a6e216a3d

C:\Users\Admin\Desktop\CopyUndo.mhtml

MD5 0ebbb6ede5542d890abbed57927f265a
SHA1 3e7a66c5a3e3d30307526b605e6e3c2df1339f42
SHA256 5cdd749046c4b49a44b710e48b0bf7da6c98179fdbc7bac0e590773fbbcfb5ab
SHA512 3b7e8e25d98347c848aa0666bfe88a68095bfd4737834041b009b8d403511676e3c5284a06815c30914274d75310ad58d7417ffff253b69a2768566b6ddaa3ee

C:\Users\Admin\Desktop\TestStart.ogg

MD5 def510f1e0a9956e3fd52cf8e1a8fd85
SHA1 af130065b395668c206e88274ac226599fe9288f
SHA256 0c4fb3154761c48b7ba546b6e41af7c0389d0d89a8a99b192ae68be7a270a6e9
SHA512 f378bce852c31706411fa455ca0bf35e87fcf54f0d4f12cfb2190699148d58d1714c7fb8e8abe1a460658a66c2cdc07eaca77c0a68dd83f59119996b4821453c

C:\Users\Admin\Desktop\TestDisconnect.dxf

MD5 777bb30ea3fb06c8d944427f3135343d
SHA1 cd24b40dff9919e209848fb65b245b9f7e3c7be2
SHA256 b54e46d6176b11ca1345d76cb15d9d54fc311bfca97178fd38f86616615cb04e
SHA512 a40666bd95fea6dd373d039da94c65f61395d25a365b86f9417ec3c22cc8083f8ba5aee4e2936120a0af0d49cf710bf91b28bac9832d7f6a7aa25867f05e56e8

C:\Users\Admin\Desktop\ResumeFind.dot

MD5 3d752f6f640f33fec1950de51b191c14
SHA1 5a8e99538be1b03eca13ff1fd10d356d195c7d3d
SHA256 09f62b5f16ffe6fa935a080475bfdbf8e9e0a328f3678cbadf54bd3ed98d08df
SHA512 eeb6967db14baf8d4ab1a668854a4b1848d201bba2c3ee08e142a7cdf032f188814151dee346b2eeb748ab6ae606900e3ccd73cd3f4cfb6a83334cdf6eb6a4fb

C:\Users\Admin\Desktop\ResolveSelect.wm

MD5 d5bfba9fbf5c2fb4832cadc68c37cfef
SHA1 aecc98460f34a934661943abf3f5348fcde067a0
SHA256 5226956c95369a7141da328c625dfef82480ef59148785bb9168ad8409fecbcd
SHA512 ef37d44028846dccb226c2ac7ea89633be530666b41b0943490b9de309625f8a66ed6866a66352cc6924d16da9eb701cb1d782c80796d845e8362c7b23ca753c

C:\Users\Admin\Desktop\NewRename.zip

MD5 8b4f03b1499966b051e60fc3d3bf042d
SHA1 e63897ce8eef9fc9e5531df1cde8bb9314bcaa0e
SHA256 9eb3c6004c44cb54e8879752e0eff3f675c47d98f404a6b75d00690e3fa73c44
SHA512 80828495aeff8bc6394ccfaa68d8488f7b617c117662ed2aec2c410cd20defc2bca7b530092657707044d86970456e89f6e39f2e224eaaa95fd7f30ff676f1e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 39a4fe60a6812410fc23fce2c6f29707
SHA1 cf2a4ae5668999beec9be61cbd27cdfdb082812c
SHA256 254400b6a160257761bb4c38afdd0a1f5606404e3a60af396220cd2132513dbd
SHA512 335b1ffd85dd376e2326040f5d40fe5c5f306f36426cb08595d1aeb5a3923e9fbb5fbe174fdda885d39b511a8f2d11a4fc32ba7dc3e9f0044644f62b6e067b70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 feeb83180ce1abd4d5c71e0cd4193c24
SHA1 aa923c163b4a208b749dd3511266a4efbd3d39c5
SHA256 a2fe2157c2ae07a2ba93408fa094404bba192103643747ed951d351c7fb86dff
SHA512 96f068ffc6b1884043b1cb309b21c990853778896dac583cffb945e44541217fc31dcfa6538f759ab1eec45400fb858523ad91da139fc4cdfee144837f491110

C:\Users\Admin\Desktop\Microsoft Edge.lnk

MD5 f25b494091d81e4d4278c516b8e2a7da
SHA1 6e2c994b940df7864fde1c82036a878df905c490
SHA256 6e0cbb274fc94a9ec91aac9b7874c3d742abe6b4a82346c86454becbaad31db4
SHA512 f0f306b69fccbfba1c62918473eed83dd6479286e823399668e84fea0bd20d0f5595500906e4e1accbd5d8e6535f1b936431f0d8a51c02f7419f11325e7e20e4

C:\Users\Public\Desktop\Acrobat Reader DC.lnk

MD5 24a30fcefcfb00dbc2e5a6f5ab6d48eb
SHA1 fad11515a89426cc7e52d4fc6cab41ff07055640
SHA256 d67a3da81230eaf11d9eefd9e579f98ed1b0e4ab67c0b5391b4b1c41341a4e06
SHA512 45c409c3fa3baea563fce13a58b6bf02142cd917c064e14e5a3ba07bc7980e92bc745b4b26e6bf848aeb30c6df3784a941ff004ebcd9ee62a2ae8925d1294588

C:\Users\Public\Desktop\VLC media player.lnk

MD5 07dcb64be14facea497e66b250d4aab0
SHA1 0a792a6de3ec36cb8fc8abfd58bf9e59de6eb2b6
SHA256 2c1d9259c94acc31551cbee0e1df474b93e35a02c3dc631eb2254a879363e606
SHA512 6284dde6caba6fc1fb37bc63572833463aeef48fb3e5d07ee425867bb91c47ba20f4387e3c5684abdf8bcdf1924ab1c7c02d663791985cd46ef659e2c55ffa7e

C:\Users\Public\Desktop\Firefox.lnk

MD5 0c9010f7083b7d64f00c32dad8b8aa34
SHA1 a4bf4da5a4d600fb32a65517a7a05810ce579946
SHA256 047ae7a33d62474b888abbe5f45f6b18930495cc5cafcb269ae96487dcb8ac90
SHA512 c586369817175a9deb2850c1b840fed7242cc53874ef86c9348fbf0968297e5d405c21b4e02c6a8c63043a493f454c01b610c841cb9117bef3b27bdaa8230d0d

C:\Users\Public\Desktop\Google Chrome.lnk

MD5 3c5d33d2233e005a2a236adf601bb427
SHA1 f31985309932bfe6875f30fe1aed0e45d8062bc7
SHA256 9f2d7ec3c5a207fc74aa97e6bd8b95b4b8402dba782ed6e82f1ccacf10b2b7e2
SHA512 4574149ca9a7f3392932e6ac0aba080bca9cac7582cc21bafc743530a93eb15c440c819d6615d126dd4b82c5a69ae0f27905fa83e584ef0d13e58983e4251942

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a01d74b5bef01819368739a76eb0b51e
SHA1 39cb5adec40e2a5d9babc928ec89dfc536c18c81
SHA256 7df38311c2df419f614a16a0af18f98722203915af9d195ed1a78aeacc3abbda
SHA512 afa6d433dce70bdc37f8cac281648138550d722739aaefd85c27b9f24a9237536daca4cbbc21148c89629703e3058dc7e9c6ebd1343abc6f71c1e688bafb5f9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 afc62eb8c9dd58238ce46e5e927f4046
SHA1 6017c740cde553193161eb7d06a2b2423145c7bc
SHA256 7e4d1e3539fa59deeb7d314a74ff0c47ed48085875600ad8a8f29b987362607b
SHA512 32e56655e37ce5562db9940aae29ba6be845bb8b5c4bd2703e1c63be58d15c2e64828373fa2984502c6d07862e9eec2315deac43d5a0b335943cdc180d725b3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e6a9b950841ea2c172d15c5e035ea184
SHA1 0509a971885727a6aadd60c87da0dade4ac18b8a
SHA256 1f26ede64392295bb0099c664fa3aead6ea1d86259196a09887215e4801ce3ba
SHA512 6a3f5a23520a8052c8e3862c63325c8c6b2575d8f872f8976609b95277978dc6537ead48e4c271852c98a83ae64e71664bc6bfdae113b7cdf516de28d4f93ac2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d7273.TMP

MD5 8bc31d0b731520491f0183ea233f01b7
SHA1 2e1d7d7a296ec62ccc1e68477128aacfe2a70528
SHA256 ceff7981fe3d6d299ed7c7c53d4822bbed1a5867d4421d9284141cab65de6f71
SHA512 256529444c45194ef1d2c701b3120aab5590df70b5c87b20e5726ce0bdf61769be3ed732b345f4f462b5cd2e3ab9f5b8e8fbe3d852b03fe09e5ca5054016e977

C:\Users\Admin\Downloads\Unconfirmed 728732.crdownload

MD5 1535aa21451192109b86be9bcc7c4345
SHA1 1af211c686c4d4bf0239ed6620358a19691cf88c
SHA256 4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6
SHA512 1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da

memory/3988-570-0x0000000000400000-0x0000000000414000-memory.dmp

memory/3988-571-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp

MD5 c765336f0dcf4efdcc2101eed67cd30c
SHA1 fa0279f59738c5aa3b6b20106e109ccd77f895a7
SHA256 c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28
SHA512 06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 90340988e1ff31f7818aaa5acbb906d1
SHA1 2aeeb32a5866d0e9c7c3552c7fe733776f05ca21
SHA256 5de0bd40d847d2278826af6c38c64ba73940c6e4014ca97abfb1ffaf6bc0123e
SHA512 6163b3b888a8c1676df4d1a2f109921d9b34ed63239d5a184efe751e7a75eb62192c6d1a4accfa4c158c8fcfe3636f29ac4f59fe3e4faed7f80c87bae6661ece

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6a283ddd5a9e2fd7402ff30588f38ce1
SHA1 0cc36d360ef8b43e6ad1729e03959fa1eec0f687
SHA256 a9aa270458c44daac6d34ad093324756a04a564dbde98c3670aa91ed2f1ea9de
SHA512 094b05095a3d831c60b195012c7769483217592661c588825ab2d46d10c51e3fa8f9fab603cfe1f63131c972e3b29fb23a999e99493c24f14f2a7591248c2280

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 65f4551a3500b63de7f76cd5f8c38620
SHA1 38fcd1a31fd22fcd3762a4dc5ca0cfa8f77642db
SHA256 e9674861936b11265a49ee3c15a03c685db32246e46d863cdb52c0772f0351b5
SHA512 48066c6f1505a1d5ed6a632b1df3e16bfb2604b17b5cdaad334c2e7e2591eded7a11b838ff2b731583a7d1fe2f4511893733f329ddd3e8347cb849768ae47fb6

memory/3988-616-0x0000000000400000-0x0000000000414000-memory.dmp

memory/3444-617-0x0000000000400000-0x00000000004BC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 62326d5a298a44e2d6590a89650a3210
SHA1 bab6422fdc0bd0205e8a6b50f2fd08a4083b6f0e
SHA256 45ea399c8ef755898e05897e6a3dac15652fb3019ac56cb92702ee92ff0233a1
SHA512 3e86159c021c46565f7e6da8c62dd3d93e184c1ce957b221798e4fa39e8bc07ec188c90e96542ef379434c36a1bd7b5bb32a450316a2cc0e17e158972bc7bec2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 54de1bd2a0a715e2396353bde0f2b736
SHA1 686d8f27354c74b3b33db35e49646cb2b416fc44
SHA256 7d9375a2abf48188bf3e9892e326e4cd7091236615b32ff402aad1b61ed948c6
SHA512 58b725f33b38e98dc276ee41d133533f4c6defe16e886f0a0c086a76df3365fc77cb9ded7d3ab0ac4c2b46d27a86cdb3e0d855e5d1e5def56db43d9d7c48ba59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 50aaad0c75cc7bc0670bd5cd5216b239
SHA1 ed04a3245d3bfedb0c198708dc968a7f9862e6f8
SHA256 f2bf86474658499902d481f8e367237e02b4ed0cbd3f35ac9b39e2386a66450e
SHA512 de5e8fb7d4fe9b779a4c78f259e41cbf18ee9795979c622d471f4a891f374ccc84b058fcd9e562dffa953b2f573905b1e87911da7f96395b6cd27d7d6bb1be11

memory/3444-646-0x0000000000400000-0x00000000004BC000-memory.dmp

C:\Users\Admin\Butterfly on Desktop\ButterflyOnDesktop.exe

MD5 81aab57e0ef37ddff02d0106ced6b91e
SHA1 6e3895b350ef1545902bd23e7162dfce4c64e029
SHA256 a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287
SHA512 a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9a3fbcfa62bf5701bdc66aa5a93dbb98
SHA1 4f563066f98fcf5f12dbb5103168ada021d8ade0
SHA256 c8d83fdb9da75db88b21e9b2deb3e9e5bb22edd646be2a8e11f2dae04eaaa716
SHA512 5b5f34e6dddda41e1ee87137f0a6700ccf0dec5f09b48425a02190463dbd90fc328c991b90a37b27dce2b261ccb664a3eceb6f15903e9b615a298a37c9b4336a

memory/3444-679-0x0000000000400000-0x00000000004BC000-memory.dmp

memory/3444-687-0x0000000000400000-0x00000000004BC000-memory.dmp

memory/3988-689-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 856a3daa268de8801e7cfd5b727b6de2
SHA1 8e099b433518980e657c7541c49b498e6b83430d
SHA256 b870ae3c5216311e1dd7b8662e01d1fa3326edc85a98a58247cd37b8cfca0be5
SHA512 2f191ea906a3551576ab14e607fdde9930fcb15f15ffb40a8c5999ba07224bbb8ea69918db11d1cd719a3d57510edd466ad2b9199c6a45a48463b0020a2e6eba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 615ad65216699377ea3398806eb52268
SHA1 b7a62bed21cd97798384e3d9214a1146968cc1e9
SHA256 62926906a280e7f2586cb859635ce44ad98d12f4990cee11edc13a71da213545
SHA512 e26b4ea0893927b71e351342f79196ddac22bf454e922a77ea8f30f1b0e21ce9c68eac243448ee60cb2d2e6d94fbaf0b1106661a3c124d333e07ed72d080cc30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

MD5 cc24419c482370498f3c227ac73d666b
SHA1 37fc103ace873f47102e0ca88eb4735bc6806750
SHA256 152fa070788f0cf29dc062f03860897c39c7ffa13e6eee2dc3e5dc131ecbc7aa
SHA512 b70a76518fffc215370e5de56122763b54377cb52875c1ce0a87dc7a24aade947d8c412b27e879a172b0de76d9ac654c3d358a45c79ca00f20fe3c4950c6c55c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 77a25f4c224f2cdeb62f621a91daf64b
SHA1 6084b8e66aa777dd9727eee43c82ea1eec0b1fe4
SHA256 d35b293a41bd2cf4ad5496dab6ba673a85cdbc08c0e0acc9d6f4f8d550a720df
SHA512 1bcf3e9765431f9803be9812abab70947f043e7b1f77992458741f0457dd575e5d1d0b7350db86da80a0456df149a1812961597c2f5bc6b13a643894da215c38

memory/4012-941-0x0000000000400000-0x000000000070B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a79c93d7ad61fd35ae87e14583b9b39c
SHA1 c3e08b2277184dce745c6c3f02a18628c6bde122
SHA256 79207898f6cd83f2793d304dc5c4362b9a19f22c3ed9c3051be66f13ca0101f6
SHA512 b4648fd5133dc20e1cb57dc9212c362a936c935066dd2471ced71a87d3119b37d8f3ed8e006cb194cb63a5463785e2aa20f4e2473b2d01d6b65719bc737955f5

memory/4012-972-0x0000000000400000-0x000000000070B000-memory.dmp

C:\Users\Admin\Downloads\Unconfirmed 252871.crdownload

MD5 85c8172bb4cbe1f62952d525c3c855d7
SHA1 a1b45af066894c77c278f6ca4e9cdc24f6c61c08
SHA256 f84552f506989cca3d3b592a9020931715b5a6675dbe44c9d1fdea36646537c6
SHA512 98c0483e667cc316f38ee1a6408cf99fa5178b27fa0cd8b4b8a12e5d5817481983591509679c70b2e2a1aed5036a6ae52ff8f3ae670df1b55ea05b1406f47e7c

memory/4012-997-0x0000000000400000-0x000000000070B000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 d548803341f6fb32c6fe430b749b3459
SHA1 ecac68bf9746d60119a2eeed75779e0e87803d69
SHA256 4287d64e25c225851c04a55b77a12cf077c6401e85e36ae5929f66d1a5a298bb
SHA512 a5ba27b66548d473287cdb6ae838ae2ad73ad023c2b279b8bb793968b0037ad8bd1b5e98ceed0b573f8da7f8e409ba8f8b89437a176c2dec6a7e9dade8e8bb2e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 9b8ecc25edc8b83ee994b051f8e94a48
SHA1 672cbb6051ec2b39cb5019aae39801ae0d1332ae
SHA256 1f547b9616e84a9b1725c6835c42dedd8444a383c59f36b2cb22a9e50aea99eb
SHA512 a39fe9b6803c04cb90d86c12d526d9c0ecb855c14e12c508899c742b0ddd23b60aea215a3cc2fa38c182df81f85c289aa84caca814ebe52d5a3c0378657a92d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 973b678ce376f5f72f6f047075751566
SHA1 ad53a9db4584ccf3837c29eaedaf3e7aee2d442f
SHA256 c5e805233a53cfe673b3b14cb24ac9ed4a1ea3602deb21bde6f09f28f6e7500d
SHA512 bcd72d05a2acbc823d7df971a3f5e59158e732665d2cadd1bee44547d3c1216693afe971d31ebf8e3944c6579fe80bbc395ee2c5bb55609776f58ef94100ba00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6b48d282132f1351f81534991d1ec97f
SHA1 93cffc5fda74c500437be04468701e9abafdcb56
SHA256 ffb4ec4eaf8bd1c8ffa010108ded44fc7c0148348fc1155361bab0dc84fa1ace
SHA512 9e822f08d9a4908feab66ebbd57428c13bf74519d2b3a4af6198168b9887fd8edd5da1e44a75f4110ed8cbe0d19d670739630077445ec9e0aa1d9887d10de529

memory/4012-1049-0x0000000000400000-0x000000000070B000-memory.dmp

C:\Users\Admin\Downloads\Unconfirmed 423859.crdownload

MD5 eb9324121994e5e41f1738b5af8944b1
SHA1 aa63c521b64602fa9c3a73dadd412fdaf181b690
SHA256 2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a
SHA512 7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\SetupHelper.dll

MD5 70cc462bb6933e4ef78626e27cc72f8c
SHA1 056ad34da28ca90bd40e4a1b0080514df9a1d789
SHA256 acf4cd594e472c4dd1fd6ac0e8c6841ec942e0b27e3fc5c52fc345f4ec817fbb
SHA512 a5fc7ae7605e15b70b6b410cbb2ff3acde89746d3a8d10196e42fd99d17b1a5eac0bb7fbf0eb65ce273fc3465e58fc174133bec1a3bc676a8010689ff760ed54

memory/1636-1063-0x0000000002420000-0x0000000002763000-memory.dmp

memory/1636-1068-0x0000000002E70000-0x0000000002F60000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 91c04c99e4380949bfcbf0c5910c4d82
SHA1 889df37a8b608a5e87ed2b710e9c2078de1306b5
SHA256 52cb8dc94edcf8962d485e0bc58e9ee2eccece5d52fd49f9d28297981add88e7
SHA512 8757cde4598b3d11b476abe13c459bd9bcbf9593d5c0f16f76701164dcc20586c1d9bdbf5fb613fb9b24d24ec0ffa54e7bcacf8f2941fdbbe31257dffcc7daf6

memory/400-1110-0x0000000000D90000-0x0000000000DEA000-memory.dmp

memory/400-1109-0x0000000000C50000-0x0000000000D86000-memory.dmp

memory/400-1111-0x0000000000DF0000-0x0000000001816000-memory.dmp

memory/400-1113-0x0000000001820000-0x00000000020FA000-memory.dmp

memory/400-1123-0x0000000006FE0000-0x0000000007000000-memory.dmp

memory/400-1124-0x0000000006FE0000-0x0000000007000000-memory.dmp

memory/400-1133-0x0000000007150000-0x0000000007195000-memory.dmp

memory/400-1134-0x00000000071E0000-0x0000000007212000-memory.dmp

memory/400-1135-0x0000000007660000-0x00000000079A3000-memory.dmp

memory/400-1143-0x00000000080D0000-0x0000000008128000-memory.dmp

memory/400-1145-0x0000000008270000-0x0000000008290000-memory.dmp

memory/400-1144-0x0000000008270000-0x0000000008290000-memory.dmp

memory/4012-1163-0x0000000000400000-0x000000000070B000-memory.dmp

memory/1636-1167-0x0000000000400000-0x0000000000481000-memory.dmp

memory/400-1170-0x0000000050A80000-0x0000000050E72000-memory.dmp

memory/400-1172-0x0000000000D90000-0x0000000000DEA000-memory.dmp

memory/400-1178-0x00000000080D0000-0x0000000008128000-memory.dmp

memory/400-1176-0x00000000071E0000-0x0000000007212000-memory.dmp

memory/400-1175-0x0000000007150000-0x0000000007195000-memory.dmp

memory/400-1173-0x0000000000DF0000-0x0000000001816000-memory.dmp

memory/400-1171-0x0000000000C50000-0x0000000000D86000-memory.dmp

memory/400-1174-0x0000000001820000-0x00000000020FA000-memory.dmp

memory/400-1169-0x0000000050000000-0x0000000050260000-memory.dmp

memory/400-1168-0x0000000000400000-0x0000000000695000-memory.dmp

memory/400-1177-0x0000000007660000-0x00000000079A3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ec4991cde872b8840af69af101fcdcec
SHA1 8e78c222002bc5d48a99aac63872de9d55a80ecb
SHA256 39667222c195cf953c950370dd7210d1722eb3b5aabb4ac286a9cda5a0800dd3
SHA512 7b4fc76e9dd75a049ecb3ca64bb6db54a04e0fe4a5b3dbb9ec45c67b731f83e763d8dcbecc06056c19890230b9204be94ce9618c2ca532c678b6a37db64da680

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a8802c0575c6fabb73d1e4614e46ce36
SHA1 2e7f799a19b9cf024b4eb6a73389f7548bfcf329
SHA256 d6970333df0838c90d09124b82236ae2ebd53d8c4b7eedc3d48bff2b119bc4ac
SHA512 7f4a92d58d1d6a344064b7429347e053519b7526701c4ea06a613c29d348a175f3b8b422b7f5a9c2f12b16456148f5477f33ebd45dfb50eda71f137d69468dd4

memory/4012-1197-0x0000000000400000-0x000000000070B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b76c8a18ab0ba3969fc3335204c316df
SHA1 99c85afb708b0b54e6a7ea8ede809e032120e29b
SHA256 464954d666b6e673ae5e51e5904e7fd0b0ffb580a37b6159aad4ace5c3aaee62
SHA512 9f7a46699b52306eb95a9399bd4e5ecb8ecbca1d955c15d9ef4bac2831bf9ddd0215331ce13121dbecf5d50bf12d403e5143d299b22a362b7c6a12684a6eb05b

memory/400-1209-0x0000000000400000-0x0000000000695000-memory.dmp

memory/4012-1208-0x0000000000400000-0x000000000070B000-memory.dmp

memory/400-1211-0x0000000050A80000-0x0000000050E72000-memory.dmp

C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe

MD5 7f3308a5f175bc30c6532a25b49b829b
SHA1 cda1aa16310157b5141a691bb39f92e7af2dce9a
SHA256 9f6569ac1c2bd5c878583cad1bf0eb67f5cd625099bf803908b3127043581fab
SHA512 6bd47b7ed2a796a47e440b4c99d212304f366c0ced69d3be981bbb10eb7e55fa010a8980a38a2caa7255ba896e7b0a6765cd8d41fdeca97c0cbf38de3a69bfb4

C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\__setup\islzma.dll

MD5 10d16e657af3bc025b925f9b83ed8fb6
SHA1 88a226d8feff248e0a0246e28dcb8db29114a8b4
SHA256 ac12a3faa457ae0bb5c94b75b03717c610b221317e9718f04bbad54e0acd382a
SHA512 f953522760f0dbdc66a5857bcd88895fcf2fed6eb4efcf9b7295fcbdf63b6aedf1af7ec121e820fb45f342078006f03083a2998c21e4aa463d155a9b5b621961

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 3b85f1574c7da1291fb80b613957bc25
SHA1 3e56c2be9eabaf5d1ea3e0cefb1d92c2ae254169
SHA256 3d480c5cba5e8ee33b10c0fbce9b538cd98a415ecd0919a58ecf05bad9e104b1
SHA512 31321969e102f8d10640306e9e3c95793760787596e0091795309469653e54f4c2cdc360968192a964cf93b64c0e87184131ddd4828556a541a06a423b54f31d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 07effee7bbbb0b6436065cc07a397780
SHA1 6c4d63cbc1d82e937e7a8c8b118ef49edd6ed941
SHA256 8b3204abafe6055c053a6a625bb64044f6830057cd46be3ae2d8467d1ed2e6d8
SHA512 746a925a4fd2bca67988011aa9035a141527df7453d3dc27d917e67389ebedce29f67d8b86608dece6898e41e6941fc8ac5cdf891a2523f1586072e92f5a79e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 b14b132b897c73798c66917791717e4d
SHA1 6f3399e17e1cadc0e1cd9272eb20f17741df2948
SHA256 31ec27e6031e6bb365a0408e96d01c603e0ac60e4d69d118177bd63ed463197c
SHA512 803a051eafb972fd61efd79189afb4d954a5f795c504788872045455ea01acca35464acc1b52e705fd503405b1c6b1eb024e10a43943f6bb2cef3aaaff5bb558

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 c0b23ab60efb763d27f9f92b50b6728f
SHA1 259f669d1089469b1485ab4c07942c8f32431267
SHA256 c066161623da6821af1d38fb2fc8b5026e89caf02416be88d9543d1a0d337f1f
SHA512 0a43c9a501a2b462b19abca689815b4a8ddab19b1abef51072f86686fe6c20f555b9d4edc62cc41d3dff6f364269507a75da6d43ec11eec129d28a44857bb717

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 635efe262aec3acfb8be08b7baf97a3d
SHA1 232b8fe0965aea5c65605b78c3ba286cefb2f43f
SHA256 8a4492d1d9ca694d384d89fa61cf1df2b04583c64762783313029ae405cbfa06
SHA512 d4b21b43b67697f1c391147691d8229d429082c389411167386f5c94e3a798f26c2457adf6d06caec446106e0f0aa16d895bfc4e8a1ff9e9c21a51173a923e3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 5d0e354e98734f75eee79829eb7b9039
SHA1 86ffc126d8b7473568a4bb04d49021959a892b3a
SHA256 1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e
SHA512 4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 2923c306256864061a11e426841fc44a
SHA1 d9bb657845d502acd69a15a66f9e667ce9b68351
SHA256 5bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa
SHA512 f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 77e89b1c954303a8aa65ae10e18c1b51
SHA1 e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73
SHA256 069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953
SHA512 5780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 882a1e1f1cd7ce33ccd4c8c0ecf5e2fa
SHA1 3b8a1b5d383c7c86b7e208310e0d9b42871a8f5b
SHA256 52a4429b86802852fa95506e5dd2d27a25f1d9c82792dcc26bc905e04e2a52f2
SHA512 e86edb1f019835dee4d403f355f5fcba8271ca46b900d6f4ed4b4e53cd5084d6a3512468bf11c506baf0fb4b27dbbf1a3f6994051ac59b5dc72c54c37fee6496

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 431e1b9820e5ace6d832a01f0a6c167d
SHA1 71a698488db64540a8bb78a0cfa85a64a608b6a4
SHA256 860a60a79bfe409f63c2559777212f99c85f3f052e46c87e9d0c6fe649dfa8db
SHA512 e9943a2c11796c6f55b4bf7484074d7e2db2a346c338fc62e34b5ef1e17c91dbda416580823531af317c4528bf96bc98256e27acc64313f9682ca1ef98072cc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

MD5 e955953b801c04327c1e96c67dd3c618
SHA1 f9061d3780f153e863478106bf1afd85132bccb0
SHA256 e8965a2d52ef25918ebee58ab6971745d396177a7943acf1ed53a65bb4dddd45
SHA512 6318ff1eb838954dd73dab5ed891d47f4f39089fa5e899d30183c32269c5620bd09d169af4cf8303e3d5c2ebab23cfe9ae5d9fa5c3281023abb009f66a25782a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 6c82f6cefec6e7affbe182d58dcbf411
SHA1 2d74eb47178146e2a7ca8e8bd7e24583a9786ee0
SHA256 fadcecd0d0a75ca1376f9c5c2c24a33da92f0a8fb6ad01ef44532c4083f9dca6
SHA512 1352808ffa2500e730a87bf065248c3a7a00e41503f71aac4d41491b15a5f56de77146374f04fae55774221c6eed9de17a1065535d329cad46ee0c9531199d81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4e8c6fe1fa7a6cbe99eebc15e763969b
SHA1 cd2eb414a70a2cf6ca482834c72669384451e84b
SHA256 2e5a61a1a4aa17d5c518484bee12f959600e0ab4f7ae1d4e79463e9a1690370c
SHA512 289244eafdaaf1f68b4fc36fed4cd3978faa72a52b29352386d76873d4189f0bee63134fe0dc4daf964928d4ce33cc643bfde02b155ad2c32a042d0a78c01db2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 201ad75e3ba36a5d712256d75678f3b7
SHA1 138a477a9ff3f2235808e08ec1ac3271933345ab
SHA256 cdf935708013d672feca748c9be55acb221cb4de184090eab840ca99c3e19fda
SHA512 427276270428d171fa58b075d67bcff4fe3d2b7ee673b14df4749c6b8225aecb7ca907beddfd44002565d0427155867ad722ee6518eb497177b6eb2e30dde2dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fd53601dea9548c1c8a280d6264a4adb
SHA1 796e1753347e55587b4dbb663c9c1000370f99f4
SHA256 878fd0867ba730468e04ebaf85812c1569c63e1c212f3a76fd9e77600cd62b4b
SHA512 670751ed54b19a53e0d54215d0eed61a65f9d366d2efb06f676da8759e7a2c2b473718e04a56d3a4ab180b4d28ceedf3cea80e3edc423d789d75d891be202a7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9d601c95031b27f6a8f9e07892977242
SHA1 8e2787c73e29f03664c6165574f99f8e08e6677f
SHA256 405c57396621ec62f2a1d8add59355b3414d5ab3d888e2fc401de3afb869a1c0
SHA512 3c2608294370296c6a89cf5bc4f64ac872dcd1cba615824e872b59b229018be667b4495ddd2dd3928dbf4bcb4861f8aadb7e8fca4883666d6d2b55a98ed1a816

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 515a2a3fe7b3b636ebd76831c1067a43
SHA1 556ec5306ee44f500e9924b96f547d26bfd025f1
SHA256 49b330364cf6825d84d08ed5f1d1f846064df044981f0e06dc7aab7b317cb3dd
SHA512 95331d1159d84634e35bd3b14550361c1e11c5fa251c1dde575db5998aee01d0ed50e3305f64304e8132b1a81bf144d65e9fa2e2d20ddbcd9447530aeaedca1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 cdf9ad3ea0480452bae21f756a3e9a30
SHA1 1c18ee78a9322093146e1e36aaf259a58c56dac8
SHA256 4305b67a09ceed940801e9eab20007b008cde5cfe246bef5cb23318ac58b797a
SHA512 600f22abc35cb1f14cfd7efbdc65e44b837c6ddff680601b0c7d544c064a0f0e9cccd10345d2677b71e9b744a6bab5521f880dea34ccb6dcc8bae9777fdd2941

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe604c6e.TMP

MD5 f7c1ecd6399f09131b3523d5d2aef411
SHA1 720226bca259f1e3ddbd65bd158229aad73f0d0e
SHA256 371850494421af503c6de4f346a33cdef7028e08b27a7c48201d68443eb250ef
SHA512 a90c423a8d5c506d8d373805fa138ea638682d34e3ec0236d61f645260ada9171908bf2abac217d21ec50bec31160b0388258e956246109ac3dcbd64b43f68c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 f8f78dd4c00a4e8de49542a45ade7737
SHA1 59187e887b52d9e41bcab8ec263547080430847b
SHA256 cc7538d7f15156ff97c85d40748e82bf3f7f6674709c4efe66da1594c4aa1e51
SHA512 eaa78ef8dae881daf710bbdf4cbebdb631b750f79136dddb9fab6b1990db889827f3e67d4000ab077f3c6ba92ae2509ecd0c2f50a1b1f06b0f6d662c9c63da8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c809b7fac5baaba3e8bad29cc5bebc9e
SHA1 948f290f94cf3cbb783c999f2b9988e3f9162a84
SHA256 a55a2dda2a6369f08254807e0323df2b1f2fea42901d1cad6bc6e1b851a10ab4
SHA512 da66254d0b1ffc9e4df39de90eac6260bb233ff0c2c9827d75a4722b28e9b4e613fff99fd8fbc2c9dcd52d52ae0fb2556e77be8ce0ae5d8c0b2e2019f6a7da90

C:\Users\Admin\Downloads\Unconfirmed 747552.crdownload

MD5 d8af785ca5752bae36e8af5a2f912d81
SHA1 54da15671ad8a765f3213912cba8ebd8dac1f254
SHA256 6220bbe6c26d87fc343e0ffa4e20ccfafeca7dab2742e41963c40b56fb884807
SHA512 b635b449f49aac29234f677e662be35f72a059401ea0786d956485d07134f9dd10ed284338503f08ff7aad16833cf034eb955ca34e1faf35a8177ccad1f20c75

C:\Users\Admin\Downloads\Unconfirmed 747552.crdownload:SmartScreen

MD5 4047530ecbc0170039e76fe1657bdb01
SHA1 32db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA256 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA512 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9ab107745fa3c59767b7c24d5a0e3012
SHA1 2d40a03c18cafd14b340aeef06a92a8e37055d6b
SHA256 cf30763ca754998d2a880ba016e18c0477b631faa1902f648c98554db4d44428
SHA512 e4ec4d6e4e152f49f90a2ac74e4f0395808a26645b1d1c2a509b9ff9ea623ee37c7a3ce3ef32e14e8800452df1d02707cb3457e24300f455f00bad33f3df1733

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 7eccb4d08289f1965938887fa8f1f334
SHA1 90234fa0f1bf6b2a4cb6adcba5b91f4df54acdd9
SHA256 cb801f5438cd987f8cb99c3ea5470f74fed1bd4c2167bb038bdc8ca78c55cfcc
SHA512 ba31c7c84b188196a49c613b0d3b8cca9130c223a61d06f252ad323f78e129dbf4dedf2a6d0bcfbcc0b066b009918e155aefe9974c9b40fc0601ea79da29a9aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8afb46819fa2fde1da0a379a02eaff01
SHA1 3f6bd796e3ea6251be6b66ae7336383e98e1f4b0
SHA256 107a0cbcd1b6c93f656de396c0cc431573022190239b46887483927f7c261764
SHA512 7e2c9d5184f344adae535c8c0c182971988de05432c45eef4e2cc8be411f1be305ed230d099a3b3315c27b98e8ecdf16d5b7a4ca098098f962fc09a02aeb603a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 88dc1b6f152feb4876bc78eab2f76096
SHA1 1be90c1f3d34aafb77ad96a61271fe219d268445
SHA256 54ccdc33f789ff676abdbabef9d84c847279632c9e47b866c428835e581ab64e
SHA512 4076a37e5decee172e95e6241f621f99e9ff78560cfc991bb1c92fbc1d657339b96011d8c9c78e883b5225ab6285de4c44c8c4db66fe96d71f9a5bad2f19eab0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8bc239957b3c39595bbf3b12244a26a9
SHA1 3205446492f650f7087ccc2c2795dde9a59a24a7
SHA256 fd17ac88e1a45eab1b0a3149f0177ecd5bcda82261ee33876c8823e3e3e99e76
SHA512 82e1a316204e0c3db9f538d629bc40a156fed8deb4d1872948c4208a51f0e1de41c0315bd7df484e19b39d1f03c7ba1e2e4e2d6056b146d8a845b298066c9bd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 26918c048ad00f0dacd4e26c1fb96fb6
SHA1 b7f47b0267ca0d95eba4d58a3b9fb6f4bbabe4c1
SHA256 9bf9d0c44baf4e6a7eafd8c9155ec8d501d7b69a224fa79dd29e6e00024b456a
SHA512 df2b4a5c99218d6b8f0bf77dc225f5170a521a1a2654e2a9534bf8c0392fe11b940bfe12f1c3653e5f68e556ed172dc26bea4e5d57ce95872cfac028831ed499

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

MD5 6b5c5bc3ac6e12eaa80c654e675f72df
SHA1 9e7124ce24650bc44dc734b5dc4356a245763845
SHA256 d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81
SHA512 66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bd06bcca61deba4ce1ecfd502ad3e95c
SHA1 e79beb8c8ec9e42a837befa5f24d671c6ab22775
SHA256 6fe3ab12410d0c6834c2aa6a57cf6416915c973ad65fdd321cb75a9a7772cf49
SHA512 964797428b9ea088c5f1c20130232043272d0ae3ddd04a66e52dd83b350898089d0b429375ce63d8847cdc439ecb3b30679fa600b806e183def64900f893aa86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9da6042c48d997b3a4532d82db6da9b1
SHA1 c8c9fb4a132a6a927a15613e0362cca47af25dac
SHA256 834a25e252e690feb785ec9bf419c477e15e039c9464f116fd0341f56dce053c
SHA512 55e512bd375771f48b28ea3187441f6c59b782be4e891286188073b82f19aa1c26b2a623e3ef0c78bedb1f6ad124e3046d5d73adb98e167a10ccbf1519ec6a10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 62cf744e02d7d7ae8d52b154d8dfc7dc
SHA1 988e392f27eeb08882afb73efb4ea1cbb335c4f1
SHA256 45759131bb7a916f8bb80cd704c8a77e0795f0d1f6efb05d329280ee5409e48a
SHA512 f05d046b362e6fdab7dd96b04aaad2668ce9149614468ac542a73b19d874ec9c2fe77652256556e03d27c8109053986a0c05c8336412ea25356433df7275f497

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 30e35644a4a776e017f2b803af57fcdb
SHA1 df0becb63fc183b39408ddd0407f52d5f4fafadd
SHA256 bf41589609cc1c97e17569482db595db596a357699fb0991318c96a9fde80c1d
SHA512 0c047a6e8fbb0f93ce49c2cf6f50a262dff34186cac28ebb4c700bca36f5d0ebe7cfdb3c2c4bf46a65cd2d924bc65e598264d732ce6a6b5e889b0e2910459ede

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b341a396f91222947a056401fa226006
SHA1 0fc422f34ec3fe69726b20ebfb2870da97caf6eb
SHA256 3442e82331cd8424a19e79c89708930f43e9f329fac66ec1520ea6b9da314cb1
SHA512 a117312fdf01b4127d13fca13e5aa6f88155c3d654867afce7e852687ec5e1fd7f2ba5161bf8400151612970bf560d2b388a1aff62b10d6ffb975d091f42bb3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0126c8724c70105440c19585086257c5
SHA1 9f2bb4dd287e21ef9ecdb578a981dac2928a465d
SHA256 f55fb86330bd55fc5b259c6afcec6b2b1031d647fbfc2f9bffe47d2f1739432a
SHA512 3a8dfaff1d987c416cf0f7366dc142f4450e76723d4112d5fdecb0abd1ae064af23ac26091602fd7d9b9fe179b32e7b205eb3a33a88d92ed3e97d5cc2d7e2bb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008a

MD5 d2d55f8057f8b03c94a81f3839b348b9
SHA1 37c399584539734ff679e3c66309498c8b2dd4d9
SHA256 6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c
SHA512 7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008d

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008b

MD5 6c8413dbb2b54b0d8d2c44902da2488b
SHA1 d798aaff61a4dcf553c40705a2029497dda61d1a
SHA256 fe8ffa9f7682f10f96899685ecb9bac43717904b88b54fd49dc0107f77f0096f
SHA512 f5ed56a26aaae0093ed55deba827d02df775c1673cf3270a1ec6d5feef3a3c556523d1ef5535da4488f284b8a9ddf67682309748a769f0b39c96f06409030fdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008c

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008e

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008f

MD5 3c6402ca667d5be25d0cf118502f6f41
SHA1 c57737bb7409d91579569d7cb1f21c8c5925c430
SHA256 065c1d1d5d643ada11492f0b69c18d437cdef4bd9cc604af593cddbbc7dfbae4
SHA512 ac2fcbc9165343b6046b880623ccfc3ef50e43609f5432e41f477d8ab4142ae76eb82bbb27144f89053ec6196f87249085d7a31df25564c75be9a14ac58db464

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 485ae54e7cd83ed06eff6330c62834bd
SHA1 f9c78c0d64c141faf1388e527029d4d275f92ffd
SHA256 e966bee1903411828f5315328dc1beb0e26f86d4c905f093a0013fc09716d1a3
SHA512 fe80505e9c7fe22884692388be755ad5dab4466cdeb7f60b4f4f90a9eac330f72159aadf99db8a689ea483bd00a510b08bc52227652649a3727dc34cab364883

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0f5714364a4dd86c709590f01f6946a3
SHA1 feb8574fe76e411dadd7d0c4107b7f040051442a
SHA256 271e3ae06aa844c4fea4b9dfed1e2bdcca95e681f32e54cbcce1ef516ed16c53
SHA512 8890ef212e1d088a2049e20d9dd73c719d4b28cc09fcf6fc76e3633220420be0d4b5e5f5ab00499f2330d7b6afe50d9c19670b75bf9963ac0dc529b5c7ebdd23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091

MD5 bc9faa8bb6aae687766b2db2e055a494
SHA1 34b2395d1b6908afcd60f92cdd8e7153939191e4
SHA256 4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed
SHA512 621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

MD5 3cd0f2f60ab620c7be0c2c3dbf2cda97
SHA1 47fad82bfa9a32d578c0c84aed2840c55bd27bfb
SHA256 29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b
SHA512 ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6d13fb283cdd1742aada4fd986a5ecfa
SHA1 2aae847bee5ea49b91ae771715a9ec62abd168fa
SHA256 b587e847ea7d4938095f934c390f4f67adcd6ed464f9c3da3d724f79ef68e388
SHA512 1fe2fecd3c114d02e1359ac9bfcdeb692520e898990b8cee230f4686aab312c00263df31d5109a83f7c892321ee15321f63f931ff5edf679004b35596ae6ae43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ac

MD5 69ef77257c7fa3a494a232f90b05d55c
SHA1 19dc83dc05f718e9693de231d48bf0307d8d29a2
SHA256 d1ec04bcd468208a30012d660d1e857bd9d4d937957d45bb10cc7483de435421
SHA512 1b95ee10d622e1468e04691dc47fcb59da6349ba8cdc0814ac8d27a0ebcb9c09692ef1b86533ebd59f2bca87f3340cbe032a011223afe4e7db018af47bab38ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a9

MD5 9a8ceef2725801e17be5c55b0a7b6887
SHA1 567f8cc2c9704f0f9186e50bb7ed9582bc3ac924
SHA256 c34f0544214631ecebb3d75ea3e9876f8096703b293266fdcb6426952fc98027
SHA512 57c534210f5905ae7d74e3adb6c39ad3d387797786b9a9b8def51508f83b83e97dbca9a48dd0bf38dadb6ea81dc5769d704c8ad58471baf727866eb06c2c4dcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6b4aa7ab0128407fb5e666d29a53e20a
SHA1 87131885750a8c22317dc56d8da6e029531fd5bf
SHA256 1fcf07da736c8e4f711aed790f7cf210d204249fc2425df847de0766a1c2ef79
SHA512 6dceda938e0fe499a5130dfeee6c9ce40f5a8a503b8bd869dd256cff8d224f99657b4b74cbb201d1ce2e62e8269cd7c27e57aceb402be43df88802a110638daa

C:\Users\Admin\Downloads\Unconfirmed 637067.crdownload

MD5 4e19e70399076ab58d1160d0fa2664ec
SHA1 e7ca7e0f1895c6bf60a14d6fbb0ccd4fb10a3134
SHA256 b9ee60f31be0b7dc3f814c8abbc7caacb6a3e1dc7eb1504b8e831dd42277f8d8
SHA512 f6338b52cb5a80d960e6b1ec72a28538614782a75d0270cb89e911160c0a0e8e3a4d0f93fb902c70c37cc5f4da0529043776e2c0b59287096f976addb7e584d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c70c05a064cc8dc0dd2eefae3e9f3647
SHA1 91fae7514539516ab53151787f538b06cf32fe69
SHA256 0c1388945dcb9bb36779202fe3124f85fe04d0ec80420210dbe5e66318d66d46
SHA512 56a332c73c54263eeab1c72147a00821835621cf144bc1b93fbf3bd7a8d6f47926dedfdc92571967e9f48f007bd399b1009b4a28df15ea46dfd8ca3255610de4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 0e4f29c6572aaaae6b61508f819bb27d
SHA1 5facbf0f6d11c5bfafd7f5dfdf06dd60bdf5bf50
SHA256 8c27c68ba3893ec798ace65516c695b820aaa709e98c4bd646fe8ad2a194ffe1
SHA512 89247f94f095db92ef79b8b7181aeef0e0b37b21bc2126325d106a49a7d2f9b7c5478dc0fcc0ef44ae274226e86bc59fbe85d68668685b4c268e5552aa9f1c6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3ffce290fb0efce2a33b444b066d7689
SHA1 f8d7e4637621934d8636d28c069d833fea3ad3ea
SHA256 69b398b7fda7b3b3dbaef819585b6439efeb1f601507f2cd31193ccd2ef845a5
SHA512 90d84b19c651f037fa8fa1d18a08ddf04d1df5e28f9814d94c597c5c06a8fc11595dc1326825f7bb7ea760daebcaa4b8d6929d12c06bdf85af61d4ce7adc2b52

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 7e23cd40cacf099af04de2e312ae1512
SHA1 238502032436a8af363088f853a0d4bccd8b61f5
SHA256 2b2a57e9466f21f5432c11a5138c984421d5c9228ec660926b24a5e75b30168f
SHA512 3e1e8299aab8a8ac9d9ac782c6def078ca6e1c2d024a8d00dd7762a4355c78829e831f6fd20e48b797487f212b0fc46cc5f8764e0ed5ee4a03d037501fb66dfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 18ae209b0e7871f0f909a4349a9ae566
SHA1 6749e11d4535881e04b18d654f6a17606d7a8e44
SHA256 0b290895eb4354dec76c6e657407bbbaf159a12e7c3c3f0b4c5036e97e2e1734
SHA512 84057fa428074c89626c251634685fa5031f43902e6a53d462f6e0d66a8be1b1a18acd9bfc6b79a14627751d3b4b27455b32e6e5c27cd59135055b3f28abd5c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c8

MD5 3d45c1dac333992c8f38ef2c309291ac
SHA1 e94c99df0999bf80e47ad0732a629ee89b35532d
SHA256 515c04c4bfdceeb1b8799e26efa765376166e22a826cefcc11a0a703f6876a0f
SHA512 68729df01791dfe621c8f0e0d27d34065a8799670d6e08391d64c0a183e04e647a3957902554bb60f4c364575c96267adc8fe75a521cc50f6d56b5b0c856b6c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 42d5b1aef1624610bd6550d89ee95de0
SHA1 a4ea5254f2ec52802c44456a8c992a45f5d08f0f
SHA256 dafb95fecd3c0b8b00ee227951aea907d73cb1b1210af769bf839a4f75e76aa3
SHA512 c5c0d1172ab0e4b865b4b769cad9c3f70debb6b03ee445e38682dbdea5da1ebf058a63506f3d55ae6495217e837647dd3d4c6a408bf194584def4502593e91fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7aa18b1c8414f8913d0cc1de0a24bb75
SHA1 818e85d5b9260aa796e1493736026b17cec802bf
SHA256 9f9074f389792050657387eaf76f80a15225fb0016a013750253083d59992dea
SHA512 5b0ab311d3cd0f3b676b8ddac87b8ba9b522607a7efc8b0c6a97b14a77d75644e62ef82c572435b73dd94154c69fa774bdcade21ac27daa0fcb244e8f33f0419

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9ffd7f6fc5da30036c48426e1a80e955
SHA1 d6643d0ac6790ae8e1718a69caebd85ffbebc67c
SHA256 1053c77facd64356cc860f7d2b068fe9ddeb52edd222399e64949d5759337bf8
SHA512 dbda6c9eec538d7c70856b34895d55ece6a6c7e5cd150f5e3b82907bdfeb9064e404e981df6001553e9d0ccd6cfaab497c14e5f27d3a9719b452cbd725942d21

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 39c7eb9fba9cac2848ff0e6b56704de1
SHA1 3ab8a2162ce006d6cea7a7844c3fe941303188d3
SHA256 026da37909514d79e734cec72af0f37d297e1bd2a273ff3f04b7244f8bdb5d71
SHA512 51d18b27da8959642ba9a14f007bb00fc398b9bf2ac1f8e8bfd19559b3bb3fe432761cddbfc5580e7571bacdfb98deb55c17a2f50254eb281fad9ce7ab20b506

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ec05ec825c0c927194ac4bcdcea3bfe8
SHA1 26ce943328e8ee2caf644cd0507463e395a64559
SHA256 e2c2e6878b6a45a808e9c07bb55d92dcf53b64e6c4ff98104f0844d5c34499fd
SHA512 bc22f0e7666431d7227c0120da7ccb87de3885f78588226e4ac6fc0aaf4ded9ff50fdb0c44af38d31ed681b748507368753bb1adbae86966596551f2319f7d5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3d892be3938f05519a8cf6496965744a
SHA1 e8bad9562cd33827fc3026c8732c48131e1d5556
SHA256 9a6ea7db2efceeab0eaddb33d0bf9b8537cdf968c372094cff5cc0d82b8099f9
SHA512 f08a1be5265aaff323c4ec37a97c182b791503f83307a6bbc13e44cf07f41cc8fec218f57e9d164fa5e98f19da43e543cd7319c3590f880a718115cdcc2e3e93

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 6b4ba7235c3c0f7f9725d3f1c1007e99
SHA1 ed78330aff162a4774c7d024e6e735ee04edc059
SHA256 425763d154ae8f62d84d00af7e94607b911c8d91db33bf5c442a65d5c819e84a
SHA512 cc26907ca3cbab71667dd9cdc5bb2ffc72b987e85e4b69ace69798b834435bd0f6171a0a5532e2c3f97c87cca76fb59032c11514499b5114ceffa44ee86420ba

C:\ProgramData\Outbyte\Driver Updater\2.x\Data\odu_sign.dat

MD5 2aceffd693e8f66f30e86ab6d097ecc6
SHA1 04340c4738b56ae34b86a9003281d8dd9c7b172b
SHA256 f4a8bd89f9f8e4c8a2d0d0f6b7629a9b014e6d3bc84be20bcab07af121cf96f2
SHA512 21881d6de668d39e09596464fbcac538dadeb14d21a105c335f887c115e7f1a23bee07ddfaed4082a9ec71333e1d2e995f113d76213e89abbde4452723397a5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f05b0c1cdd909eb116e7be3e31587960
SHA1 32c5d7b44b1d48d8bee25caaa2f0df18f77e532b
SHA256 4722eb2339fcbb4cce713b4cf9b060a31674e4559b22a7577fd15593477434bb
SHA512 7418c69fd5e8cbf36df2820639119210c9e0a1488f5a2fdccec505b41f421f4b5e87b70ef280b9a12f2e77f224b52b1150fbe2c677ff7354e4ca70a6d9c14dbe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\e78339d4-ec23-4af3-8e25-ad73d679620d\index-dir\the-real-index~RFe636fb7.TMP

MD5 7717a5762e48dba600524e8ee8dab1b7
SHA1 df76eb051bcff7584d9b22d4a2cb3d1d64374591
SHA256 9255778c4828c88ca7bf7d9ddc2e69935f85b97aeba4511c119a2ab7ed030d72
SHA512 b6a41eebdfd8c097a61858cb28b7262716f0da7586172021b00d3409dfa56e9e546e1d3f2486a38916fd85900370406c91ad78aff101144dbb166555fb1aa934

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\e78339d4-ec23-4af3-8e25-ad73d679620d\index-dir\the-real-index

MD5 aaa69eb6e55baecbbab2307bd9a951ec
SHA1 c901409bd56d2e4f9af80e5b559332c7313a4d79
SHA256 e401405a257c24e7363da52ae0340ef51168ef00471775d6d79cb90bdd65e20a
SHA512 a4529d69deb478b0d5a6cdd37da6dfb51bdd42f48a321e7bcb7417c853c718dad5c1148d8d12ef42612ee1b9b7395b1153c950e549b6e367d24fed7e0b915626

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

MD5 64db538bca1b8b033d9e130dfabafe0e
SHA1 d47e9039538f020c7e455da3c1436812eaaaf159
SHA256 242af964989caa9da63eafd90a256fbf95f94907963416ed8e715a3ab08babbd
SHA512 45a5f790fa22b03477c46eae872b38798b33b5352ce4fc303e69b1f64bbecbae18fd862ceb8a0b39ac1323801c050f5bd151f75409d27a40743421486e8cbd47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

MD5 9ebe02b8aef1bc11d222762614b03033
SHA1 f960d8d206f5229703f0580386844941b6b72182
SHA256 fb756b521c18c58ff56d7244a8830de5ce8c15dd3b22cbf4c52ca88d8ffd2e94
SHA512 d23a388cb78e292c09c13b4911ee20a95e93bc1f0692c3e576f612d8aeaf004ef704cd1f5f4fe86e571c20e872956eb1c7f5954e243eb79f587a82f770abe072

C:\Users\Admin\Downloads\Unconfirmed 474051.crdownload

MD5 e6b43b1028b6000009253344632e69c4
SHA1 e536b70e3ffe309f7ae59918da471d7bf4cadd1c
SHA256 bfb9db791b8250ffa8ebc48295c5dbbca757a5ed3bbb01de12a871b5cd9afd5a
SHA512 07da214314673407a7d3978ee6e1d20bf1e02f135bf557e86b50489ecc146014f2534515c1b613dba96e65489d8c82caaa8ed2e647684d61e5e86bd3e8251adf

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 a467ee6a6c6f057a5437a2b4feb38482
SHA1 e22fb2b0499b522fa12f3a04b4685f99f52e0164
SHA256 7b35385e0026c3f71bde80cf8eac6462094d8dbad1abaafbb36b527438e0c908
SHA512 b39ca6b1faa17a56c86c4ece9dd5af846c9540ec2b2b9af43d6899c82ae0fd3a705764ce5cf25b6666a08db1450b41a460d00e494aaf38ca39504fb6bd5efe7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ef602caa9f4053ef32e3e712a6335576
SHA1 cdfb3cb2654d7520c493649ca04b1efa8ef7645b
SHA256 a9aac6d1ef2c5b4b21382c03e036ec765080293c563076cf117010ade0dfc653
SHA512 a126c77751596fb111259fae5f4bdb568c9c60dc4d48f293a33adaf094871ef4ab6d402b14b5b8c6d7fdb95883a487b698830ea3725db0685330931038b4dd54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4b4eb9884767561b7303c77e9e878b81
SHA1 4617a1c387739f21a89affb660d0148487f11097
SHA256 0699f1f75c83deba39570114d3da386f857681fa2b1962cd7a1be6cbc6a0da96
SHA512 b5c8f14c54a607009874782d4bfc06619788aa6d3249495dad7bbeefcd4f6c289fbe096d8174b75134097f6e00f0f7b10fedaab1691404ac4fcaf60795f42c50

F:\$RECYCLE.BIN\S-1-5-21-3558294865-3673844354-2255444939-1000\ETKOG-MANUAL.txt

MD5 b230b797a1375165c6bc934692b9fd03
SHA1 25d801165d4a1ddb8d85e556bcc34a2a9ae70243
SHA256 d61d7e9317c9438746627a8cc31157cd21b354435e338ab13dc088c981619401
SHA512 06cc4c1afb38911bfe1e87df946d9168271738642bc1dc92a90d4e6ba42484f89ca22ea357c21809df52bb7f3fcbf9182ca0fa48956a7a2ffc5e321b01c0d365

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bb9cf4239a449e57c9438c357b5deae6
SHA1 0e74a73549244a7c6dab361d9894f8d81b346b34
SHA256 08a38259f21e22439378dfa73edc9fa92597b011f14fca9ebbbb441fb52def0a
SHA512 aeedb9743bd3cc24745316a1ba3a0cde1854f35e06d2da05cf523d2948aeccbaaa4856b152ba15d4bfa8249f13c7f12952f69082a68ec61888d2cd3a47778801

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9a53d69e123a3801bd30edcd31035bd1
SHA1 b28051040ac617f6a738a1d0ad9be432d1b22c1b
SHA256 db75e847443208a78bb0979938aa688a0b32eb5659f52865712cec31a95ff746
SHA512 811ca02306ca4c04d78a6b552110a7a769455d5127e8ca71a16c2fab1d11c8f988388b9ed6194c71da6b61d47f118a59ab4ae6c2650019d6550912ef8f8efea1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5dbbf09dbd6f39344001a806075d4851
SHA1 d0287119577449db8b0c5a47aeacf58fb58b6c60
SHA256 8f0fe00fe5cd817a4d90fd26caf1b4ea6d6bf716f7294dc948a5f4753b1b9457
SHA512 665e3209ac6810f46f84154de0f9e89367b65941fa1987c158032a23413400dc1f5f7dddc4fa6ca44a19c99cc7dfd9b102ebbeb9f5af185cc77e49d418cf4a3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 a11769b79e33c1a25f0a2fe5d0f9c291
SHA1 7ab50d6eaf02efb78f41694d30b6dd2d940ebe58
SHA256 a44ec007f1291d3ba348a837393caffcbd35cbe976ae351ec5bd732bf4aa0c05
SHA512 a30a523bbd5b90dbc85e451d3f7d835841cb4f9323be2f87c32aa0a81797f34fa05a5755c2459d3eebd708355394c7c8d64317475854e0e65948e5eb5101cf88

C:\Program Files (x86)\mbamtestfile.dat

MD5 9f06243abcb89c70e0c331c61d871fa7
SHA1 fde773a18bb29f5ed65e6f0a7aa717fd1fa485d4
SHA256 837ccb607e312b170fac7383d7ccfd61fa5072793f19a25e75fbacb56539b86b
SHA512 b947b99d1baddd347550c9032e9ab60b6be56551cf92c076b38e4e11f436051a4af51c47e54f8641316a720b043641a3b3c1e1b01ba50445ea1ba60bfd1b7a86

C:\Windows\Temp\MBInstallTemp6de568a622a011ef8cfe4a7c5f4b2f01\7z.dll

MD5 a144e24209683e3cba6e29dab5764162
SHA1 ab2112cce717bec8f5667721a072d790484095ec
SHA256 b2ff9dbf90cbd0c45cd7d95ce4892377ec7e92970e05f2e56b0ce93861190348
SHA512 2c823981b53b7eb7c1b726468d3b28c234c7e555aab35e759e88d38658566d267a20867f1cb18d96c830e7d53643629a9fa313eecee8b553703086fbb64cc984

C:\Windows\Temp\MBInstallTemp6de568a622a011ef8cfe4a7c5f4b2f01\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll

MD5 3143ffcfcc9818e0cd47cb9a980d2169
SHA1 72f1932fda377d3d71cb10f314fd946fab2ea77a
SHA256 b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7
SHA512 904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b

C:\Windows\Temp\MBInstallTemp6de568a622a011ef8cfe4a7c5f4b2f01\servicepkg\MBAMService.exe

MD5 31804b530a429b25e5763de3e7e5238b
SHA1 4d8eb7342a2bad8318ac51a02b7b55f978178422
SHA256 1541c57f87f24610dff7a77af7e932992ef574d16ef3c5e7007255776951ee3a
SHA512 efb6d78ad79c6edd8378640d2e6082320936b20462279ace63b127602009b06cc7097c822706cdbdbf9603e33372bfb5c8492c0319030a687589def37ba3c416

C:\Windows\Temp\MBInstallTemp6de568a622a011ef8cfe4a7c5f4b2f01\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json

MD5 d94cf983fba9ab1bb8a6cb3ad4a48f50
SHA1 04855d8b7a76b7ec74633043ef9986d4500ca63c
SHA256 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a
SHA512 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

C:\Windows\Temp\MBInstallTemp6de568a622a011ef8cfe4a7c5f4b2f01\dbclspkg\MBAMCoreV5.dll

MD5 9bbcbee54b8adda7eb979322ee9c803a
SHA1 82d1c65ae32210b6ec3df6c2dc5a395ea6b7a9ac
SHA256 fe5c67c1e19c1137a4d4b3928d8b37db1845ac6d4b3f13d7b4d4bf4b325e331a
SHA512 fc0637f2f55698775840720480bc65fd40911913a509f0fe70cd2653aa2bdfb0605e4db24283da56a83ed7d74eb5837d2eab876c3025a94606bdfa6715ce19d9

C:\Windows\Temp\MBInstallTemp6de568a622a011ef8cfe4a7c5f4b2f01\servicepkg\mbamelam.inf

MD5 c481ad4dd1d91860335787aa61177932
SHA1 81633414c5bf5832a8584fb0740bc09596b9b66d
SHA256 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3
SHA512 d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

C:\Windows\Temp\MBInstallTemp6de568a622a011ef8cfe4a7c5f4b2f01\servicepkg\mbamelam.cat

MD5 60608328775d6acf03eaab38407e5b7c
SHA1 9f63644893517286753f63ad6d01bc8bfacf79b1
SHA256 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59
SHA512 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

C:\Windows\Temp\MBInstallTemp6de568a622a011ef8cfe4a7c5f4b2f01\servicepkg\mbamelam.sys

MD5 9e77c51e14fa9a323ee1635dc74ecc07
SHA1 a78bde0bd73260ce7af9cdc441af9db54d1637c2
SHA256 b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0
SHA512 a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat

MD5 5e0e2d584de048ec8e1d96a8402b9074
SHA1 bc939970e17845f19b5487ebc0f1962aa4f5a756
SHA256 2b7b5bc2a6db622fd284281cd712081dc0a8c2650ac55133a96d2a719306f41a
SHA512 8481bc8a5a7188e3d242f426d9daee162ed372101327ef6c452bdabb64cc3b5c38814715705d8341303a3ae1b377e6a0c77b8e0d7258376f563af8f9d21131f9

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

MD5 23f1360ae0e948d300f0f62b53200093
SHA1 e44fd6f0248e0a02525ee67664d83b535d9cb7d3
SHA256 40dfe0689b744e0812ce857f7221ff85431ca37315d9b4f75ca40892af5870da
SHA512 6e34d2546626736aa26b369a86745bdb9816138244fba3d5b5e29de4585cf4e66d52c35b5c5a577f252b62a137e340dd9de36c08a06f5395baec5a726ffb5222

C:\Program Files\Malwarebytes\Anti-Malware\version.dat

MD5 ff27edf43a94586ccffd93e92ac7f651
SHA1 157ff45609104f383fd81447cbe434d97db334f1
SHA256 8fb5c96d8634c8324cc1f3ed93160417c0b46029c15c5451e2d5c6ed28ae878f
SHA512 80175f2a2d1875151e1a832bcd33da49303701c3564f6d5ac6511a1035b350e9acc2087d60b05ab646618d71ca8f51fa02de8692a3085a2f320a37971cc02ca3

C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

MD5 dbee8e7bbcba63adfa242c00f228afb0
SHA1 6aae8d9e4053cb52a2f1b6847e65ec6335dbc0fc
SHA256 c01415842abaa4bb6ada941a44c132a4a41c55097fb7e931decd04e8b5d6d380
SHA512 1e82896df024fe6a2390e415bcf8dd92f71125639daebed99e115bd9ac219b5667201d29c6b2390a2fcd505c3780ba112ddfca128137b665da0cfdbd4d63f038

C:\Windows\Temp\MBInstallTemp6de568a622a011ef8cfe4a7c5f4b2f01\ctlrpkg\mbae64.sys

MD5 95515708f41a7e283d6725506f56f6f2
SHA1 9afc20a19db3d2a75b6915d8d9af602c5218735e
SHA256 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6
SHA512 d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 28002e156b9e3725bb386c8bd7a550e3
SHA1 8a87974368d44826eb268cdf2862d48312f60151
SHA256 254012c165e0a4a4dd3b609dcb2a9ca16dd8a7075d03d45c504695fa6d73e108
SHA512 9bfe6d9d4d659e8b94e24da41b7762a1b743a137825a68cdaaf01dda9a095cfc70c9eeba697e6bcadc8f3dc1d76bd47d429dc6d79c30623f2b2c66d845e509c1

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

MD5 46f875f1fe3d6063b390e3a170c90e50
SHA1 62b901749a6e3964040f9af5ddb9a684936f6c30
SHA256 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec
SHA512 fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557

C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf

MD5 5d1917024b228efbeab3c696e663873e
SHA1 cec5e88c2481d323ec366c18024d61a117f01b21
SHA256 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8
SHA512 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a

C:\Windows\System32\DriverStore\Temp\{df246f33-a880-d744-b8f5-3f552995995a}\mbtun.cat

MD5 8abff1fbf08d70c1681a9b20384dbbf9
SHA1 c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6
SHA256 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658
SHA512 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f

C:\Windows\System32\DriverStore\Temp\{df246f33-a880-d744-b8f5-3f552995995a}\mbtun.sys

MD5 83d4fba999eb8b34047c38fabef60243
SHA1 25731b57e9968282610f337bc6d769aa26af4938
SHA256 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c
SHA512 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 54456530f3ec68365b724e163a88394b
SHA1 0c912a1ecaf7557f00cd019e9b0f227d72b91975
SHA256 1cf3334db24a521d098167d83068458bd39850d289b6d5f1e99cec86274949a9
SHA512 8536c7ed9c1c0e54cdf036946437215f78595fe71fc04b4693ff1bdce6f8fc614262ba7abe355de86eb0534e08d13b9a310dd0b6cf2b7699b6cf7bf5a95a0242

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 be10fe68785e686e8d8b639b82be9ab3
SHA1 d9c72df51bf3fe2a2c60193ff5fb7af7b4f99908
SHA256 115c333f2d424898c93488dbf0dbad437d4748f81164a98c507b79be6639b734
SHA512 8fd6a6868a2bd895e994016f5e7e066dd57475de958789acda23d46e99f1de8c7cec3398d63a27e36c634f9c6048dd0bdd38ea3bc78c4ed6962a6e9533068bed

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 f06373deef565e6227ab69bd2c3e3b53
SHA1 aabfc694df879ea4986eccc76ca53cde65f6e70d
SHA256 5dbb5771febcea8d2f4f642b18155c92ea58ab5d788692300474fc79ac1cbbb9
SHA512 a2d36de3b6e3bc35c6cd0cb707bf33a045c1b500738d8a46aa02c106da947f0b2c81e8b7edb2ebbf884de1de44b1e341fea49dc2477bbe056532bc2f465a1da5

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 5c8307c87e43c21c8b70e2bd18a9441c
SHA1 8960e68c5b7e101f6ecfee697675bb94423b600d
SHA256 571ca5a9b1114977fb5e2b234af87300913314b579ccb4b0dee2864d35be7eec
SHA512 246c37bdf5b25438dd5fac291b85d3d1d249fdd2d788728fee408d508f9640a0b338bc02ddef46a61bfc89bcd77288d74d212afdbd11a32c85d4f4adba682456

C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat

MD5 949ff399975858a24ddc8fa7b581cf4f
SHA1 7e61230de8e871003fdd1fe72648a5938f1dc2c4
SHA256 329187515e2de7e6410e2c61b60e45b8e25aeebdac0803d319bdd92e7fe9a49c
SHA512 4a775f65924d15afe7c5b13d83210505b7a0c09396ab5f40801cf6051f99408eaca50e5fee8b403ae51de7344169fd252013423c31b29ac38e38f73f8e5480d1

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

MD5 70f4290fa3f056b3bb2eaeab1863b05d
SHA1 6e75089a623f067fadb5ecfc354cfffe24cf50d1
SHA256 4805e7344f06456ef5d38078171e740858271da1a5249b0396c83c4dec2d6a9e
SHA512 8d367268ea250025dc1873a24b08aec5d694568009e07711747928464b7ee339c2ac8598a1d14bb616bfb89e1e5f1f5f9b2fffadb1365a4df2db33c9b8180ac8

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 ce23338afd7593c0b1269c42b9c7ccf3
SHA1 617118644ef5c10c6969e16c0f6b739798de03d5
SHA256 64f3c296bf4f2f23b12233a2707676b789d6e1124058995551be28ff4c2d674e
SHA512 e73342296de481fda2423591e05111d458a35eb9ad7f2f64a2c9e6e8278bd27e1cd517477786b83de0aab5655538c424d87d2c5cb3ef8fbd2ff716e5b19f9640

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 48b21a1b6dcc73a63fd8edab52401c28
SHA1 c9af7941e41625f6ccfe396fd5bd7b02ad75c781
SHA256 e78fdc71741197daa54665113dbf3c0aca80314e15c3da424133c83fcfb20c59
SHA512 12b994fb4ff30bbb35e5efcf2574f7712ccd2a3ef829e36df45dfc465d559db37586deda65aed55aba23c4d6556d7abbf4c8b6bb63e0f761e21240a3cc39c8c3

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb

MD5 2f7423ca7c6a0f1339980f3c8c7de9f8
SHA1 102c77faa28885354cfe6725d987bc23bc7108ba
SHA256 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55
SHA512 e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

MD5 7833a17879c4740520a0d7dd9f9a584e
SHA1 5997af59d31b57ec8b06e87ae0d59ea3b5689f19
SHA256 3b929c57ee70f5400ec10781856a9d0167b05ca6e15a3f3138c9bdbc0e8a653e
SHA512 9569d382fdfa2a2aeda629d38355e3e8ae75a8e86fcf8773886a2a2e1c8f36789d822ef08f9054e73cefcd5f0d54bfe4b4372d6884feac20fc96d6e483b4b333

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

MD5 a9341141dc8a9f27fa46758ed69980e6
SHA1 220ecb05f5456b3d2b0b05f5cb6fda6197207563
SHA256 bfd1e593eec056049ac2e52daddb635ae9e4047e6d81aa61df0496f6f634cb73
SHA512 528cab8c240154fde3c0a728fd4d0250648a105ca95355e5c674d37ee620ab74fa499c85cb7781ae676b93117560c3c1f4d4b9f6f341af958de3073c447f442b

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

MD5 5f4f4838ed0a41b4ae61b16cbdb7c41c
SHA1 c9e300e9f5245d736d6fcc42dfb990b2639aac52
SHA256 cd1e8db650a73bfbc124467737b96fe2080f27f27e031e1043ddc76a9844fb06
SHA512 9bb1ac32b62fb1398616081574b03c0eac37377b4102641299202601f4881fe64c98111334f783d013b509f7eb36ec9b79a7b71bf07436632c280c1ae3142755

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

MD5 a3fe79081a59d493c01b5c1139babdc9
SHA1 1505cb4053bcd9b55c40227ad6b62a2457cebbdf
SHA256 60c8c024ff020f04fcccec10ee78872bb1e6985463d6370c6af095761d88b860
SHA512 22310a585edb36050ff20356cd9eb5129cdae3ffea2ccd7a54d9652dbd336d7f402ed119dc59ae3250b93bad40e75983184256c0bb239cff049bbb983f487bdc

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

MD5 20d70c6e04dbf14c01ab2d756e97854f
SHA1 f172c8b8c0e87d2a9ab064513dce004d16d03e0d
SHA256 c4002339b58bc493ae3540bafe1b2ca0a70bba0f853e29f60e0f6a1680fa9a24
SHA512 13e073cd4b3d53c6d9fdda671a55962266b5c0a18abcb5774092c35f0d0bf2c5d0d9802d8955d32cceb166821634bfc067dac7809c9ade143cf3a3b497743b36

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat

MD5 10f23e7c8c791b91c86cd966d67b7bc7
SHA1 3f596093b2bc33f7a2554818f8e41adbbd101961
SHA256 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc
SHA512 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt

MD5 aef4eca7ee01bb1a146751c4d0510d2d
SHA1 5cf2273da41147126e5e1eabd3182f19304eea25
SHA256 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f
SHA512 d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat

MD5 e9fe462db697153dcff5ef330f375566
SHA1 3bfb14fba799ed6a85f3281193309cd5171d1cf2
SHA256 95ee30d6bf4b0665f326e9aa2cb1e8ed6f8b3dd3fb02c1ea796cbc2fe3ce4d71
SHA512 b52c2ffe6d54af0b5507dab824f6c2743fc3f6a5b5fb217a2d446418ddb9297f450fbcfad95bc891e5cf6c9f050c0ab8e36982fa0cd45b98546af8c073c3ff09

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat

MD5 051087d42e2be5109d8cb7b5e78ef4a6
SHA1 cdb48bc02e29b2f1a67f23f6e26d7d84dd9b9ca8
SHA256 235b1a085e53d047eb09e67f97a6f98c736d256ec2748b209bd063ef0d47690e
SHA512 1300201a750bb938c8339ffb0fad8538c090daf09f3a230de1447e0bd4e6c4d86bfb48f60294014f4b84231bc0faf208ebaad370bdeaecfd72dce7c697e20f96

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin

MD5 634c582955715ab32ddfe83406564b05
SHA1 79c0a481c1ff351c2e622e440bf7e6795ca6efff
SHA256 4783d65126b8c83fd9aa8ee0e8428d10c20adb3daee6b6c92dab9aaa26964a67
SHA512 38af39912704bed274cbea2c8cc0d136b94e328433cc02bfa7f04fdd9313473e11f6e6cd34a7b4614de55de0d8746ade1040a9eca4f37fff178a07d3e8f5b1d6

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm

MD5 9ba2a9a4eacad00bc6a048242b8ffbe4
SHA1 1429e28ff2d1a9e3a3bf308a0393b65f443817f7
SHA256 fa92f84bc5a2ab9f8a3ceb09f1b593b6be9d29136f5c7cce4e0afe9c80433e4e
SHA512 ef3c7f28ea84dee670116a5eae7a766f9d55ac30e25198af223b51777a7349f58bc0aa81d309e376f28914f462933eca9760cb03e321f775f795276be3439413

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

MD5 090bf69ee38c2e8faacf40bcc895f0ea
SHA1 ffd2e64e3eb1dc01ef024cead1e6ae65f7996a93
SHA256 6b5a0c8f1285eedbe1746b1a94fb81f864a6fa524f50a94e7123a26baa25df63
SHA512 dd747186eac440680e4209e8314a27b7db5deda99a8509c187dad8ccb02d646eefbc13422e8ad5eb296d7b4b16b7d5161c40d891a313e77b52ff4adc3142cfdb

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb

MD5 1a6cb54aa16c7a795fc6c8003bf75de4
SHA1 6f9dd6fba29e3140727f27182f6f3798a5d3a15e
SHA256 2cda302704d21fc0bb1c9b68cca1205594af5d8f09b6c0ddb5b3e146eaf63af4
SHA512 6a0fabbb19e3f626d2ee58ceb560c8352076d6b8ec9ac4b2f06876e0971ebace2b87b8528d8f69dd020f7fece780ea2dec7e862a1c1357632cb3b0096a060788

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb

MD5 ed6e91030855c2b3c76f45dad4d80563
SHA1 2ff9c379c281ea0b6ecf5e1acf18ef756a058f0c
SHA256 4738ff9f7c89cc53f97946daf3e9bbfde33fc10ebb826ef8f56a7f70c967d6a8
SHA512 270af937121b17b382ab42cdda18d0ff47390553d6887c6711fbdfb75c16acad7a2aa27a573abce46b37ff0330ea0c5dc6a0b17975ef33181c582c7e991c5ddc

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb

MD5 7cde73dc19af25788ed7e0c6488ec10e
SHA1 6d4dba59613d611f361c4edbd2ab252657711da4
SHA256 376c327c96c1ebb4abebac74854f66090cd4d4a964e36c3e4fcc5cf3310035bc
SHA512 1ceeaba9b07241d01afca7327b2ed6720efaedc38403a66ef1caea8e806d0068bef3a1b4b6a4fdf327d92298efb027020f346a1274119e130899800c9b877801

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb

MD5 546d9e30eadad8b22f5b3ffa875144bf
SHA1 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d
SHA256 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f
SHA512 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

MD5 25be5a55eaf0976feed2b3a75b0505d1
SHA1 395076c02889d3e0db17b1e49d2caa1d43eea7bc
SHA256 fedd7c2e27400b3fd02294fd293907a34961934fc4e9a0587f28aa01117c0c73
SHA512 f190b641319da454a7b11fd5cb31acbc341a1ad0b40093bb12618a2e5da99f3ddb4de6ff2e404b1104e28ec4876b5503ad819685c3f543198f4e5d173f9ff206

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 f4496efef684eb40a59dc6f1c1f30cf4
SHA1 5ddcce40299e5d9aac357d4fb0987593c2fa9d66
SHA256 d551a024ef18f3ac2c64b3f85739f2f6ed61d9606c89c096bb7db4cd2c8c12bc
SHA512 d5d0310f58dfb2173e629307038b018de91caabfc8f1cf20215173cd7a44bd79e81498f8d8e9a91ec20df6331199cd2c888a7dae6d3d5766843c2054dbba75ac

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 7843d5537113b48e68ad38850fcdb6c9
SHA1 90df93bdabc92467ba8c148fb2e6a69c3be7a295
SHA256 803ace6537910ab3fd8573b52ea58501bba3184711728852f72bd62d1fb2807d
SHA512 ceb324630219b2e20ff28ee608ec8799f6ce28a82f893b99e1add93f060ce8221399bec4ae013b6c21df0392518f293909ebb9ffcaf7c1e1fa2426b9d2e1b07a

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 53fc9fa2985aff8926491b4842dfbd75
SHA1 b94bff80c9e08d3123009be9e7145b2865b509e8
SHA256 b5ecfb3ed1878c69b2f003ef93ef087ef472faf0a105d8a317080f46a763b2f9
SHA512 bc0e2cf425a92762b7505a6d8454fc7a869a888be96b0350c8a142bd5ff04de4ed84b9dbd444bf11530f205c5312dc54373f816ce300211b4e1987b776c52b23

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 c9cf71cb8ea9147b1c6218b434883eaa
SHA1 fcb3ee24b061f49f72dc4bae0626131aae0ca073
SHA256 a7163d874714b5eb77d3374170f57bf3c56516823f0d9f38e5b054ea3673608a
SHA512 c6715ce515d963fb682c304e2e43499b609ebadeac20225124a0e5891275cfe39caf13c93ca614177cb7a6aff360e257d2f537610513c44e2027e22e07f6193c

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 fd4248ffdefd812d6768768a24479d5c
SHA1 50d7039853bc848e9afdea73d49b8c29eb3ec89c
SHA256 f4dd809cc7491f6672211c5531235977e527ec5a8830a1bd0795cf0776bbe42e
SHA512 3a1aa5f17b984b1813100053ca14aac3d795199739f5d290d4f2d9f7020e17ef14d4b922c55c18033d9dab6d1c63a3adae2d7c709ec6bcb295b4aec527818454

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 a22b8b8f84b0f6268f18be4394c51461
SHA1 cc9ad536d0bddfbe04dd6e011fa2b4a7ab593f85
SHA256 2ac923e16675b723c61f1ed5cefa13aac659b3258741f4d09c60a5d87591e2d7
SHA512 588bdd2aecbca966c6fa2652c4cc15b22d4eca47cb61ac5c2f5373ff1252569546d10fe26f49dcb6c05faa0d880a9802f82b6a6a5db4a266f0d6e072eaf65139

C:\Windows\System32\drivers\mbamswissarmy.sys

MD5 4b2cc2d3ebf42659ea5e6e63584e1b76
SHA1 0042da8151f2e10a31ecceb60795eb428316e820
SHA256 3db4366ccb9d94062388000926c060e2524c7d3ee4b6b7c7cf06f909f747fc6c
SHA512 804d64d346b3dbb1ce3095a5d0fa7acc5da0bf832c458e557dac486559fe53144f15f08c444fea84a01471fd5981e68801a809b143c56b5b63e3e16de9db0d98

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 3576c72dea22b34ceeabe7b6940ac019
SHA1 23331b69fb12bdd99142dbf2bca57183558540c4
SHA256 d3ea8db84c31e78b11761b51fe208925f54ab8276ebb35111fcde9c19083870f
SHA512 60db5eb7db2a1ddf8bdd773c1be6e89685b22d40c64adfa12c1b0d2b736f2c705430a97cb3405d6b79372f1fa772cc82624413d0c93a52fdc176218a6316c80e

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 fd48475c80fd82cb2062600621ac9745
SHA1 3a18011bf0ded831c954c133d35910d4b2c8b1dc
SHA256 293e522693bf837ec22110c1efa68b8b1f14df23b6c5a9295a9b12ecf3439add
SHA512 f8b58c17299cf8d6d52ba65aa13a9d02df4d392a21dfbe145dedcb0e47b0aaf1dd6159a4247db7e6b6e63de3475b16ee9ca2a89bade46737020eec059aaddbae

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 2cd0b0c995d072788d10048dbd72a765
SHA1 53b5cf8a500956b1e02dfb7f210eff72e00ab268
SHA256 7c671ac16e5696fdd02a5b52a58a349a654ad1074d1cd0ed4504d2edb8700ec8
SHA512 356adbc08edabcadb6bd3580bfc212fdad3f15df6bab75b55407f50378406d044bc608366b04414c5a4daa68f4515844f6eaf88b7a9793ac82a6e4752f8edca3

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 dd62d7f3aff288bc06a572e2be6f3c5a
SHA1 7a2b68f395c8254b5b067816050b44d2063e52b7
SHA256 6b83ce4e31d061ce41a7706bafc67224c4f821295a79b64d919b2c36f55f069e
SHA512 e1f3735e1f3ebc789219a6f0939250f818bed6b4b4fe51722d62b57044802090c35b652199e4e8cfadb2cb62c9e6d4bae3b648a892fd605560f6f768585da118

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 190626869c3d0d6293fdb0850fd2d8df
SHA1 86a564638b75638e7535ae883df88bb0f2008799
SHA256 40042e3acfa05e736d9656d364e2ae45ac894090deab9ef09825be7a142a5bfa
SHA512 3f0663e2b5e65b211bd4c7b9efc520e1c4d05dce683ce722e257d4fdab5fc62ae5c560aa464939932a589544a6b62d09972cba33673fb5e33e3f3f3fc7fe9c48

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json.bak

MD5 db5c80d9ac15649d4a4dfab0c129dbaa
SHA1 bd14074fa8fe304a3cf60867712f8539af0e6208
SHA256 92d10bca08d5919e7ef6153ca9aa6e55baa5842484dfd096f678bd37e03010c4
SHA512 fb41a6c721ce1351739f71044dd00339439b79f35905c9775b5725537a5409263eec4c960aead1a6b3b4e46fd261a6016d075f221950f11c78da994465e88432

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 037f7098b3c5af9d3c6ab1d9ffc72e47
SHA1 d7992c976c9065be1b604bb3a93cb8777fe71024
SHA256 9ce9d077d24047f06dea3035fb02262fdb92de57d351167586e291c790e614b6
SHA512 8b3295464392ebfd40bb71931043442d957f7e1b42478170473e4e12161ba7b28dcdd85921bce80a32641cf8667db7d364e6c85865307831b14e6a581b5a45c4

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 e882dff6df9519523212323268b1bf05
SHA1 9bb7b5a81f8147ab949694a0bfacc860f74b6c03
SHA256 e7b10c5a993b7f8817580ecb94d3a3c4ec2006773c9f3087ea186b72fbc37b06
SHA512 b9df294eccc103fd98f67338d5d44d605991b14e5dcba620cf8af4b5144825c7c48682789cad81265d79691e3e2e02679c4c012a494203a9c47998ae71f00086

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 eb31f8d66e5e3251c18a9cf5c64d2a60
SHA1 7126d10e533b55b0a136589943a8c321ca6d6b44
SHA256 3689cb48a512d62daeeccc9cebb9004acd67bc7935d17d8f3adf8c3c420473ca
SHA512 408c996ddac4aa6d9f9e636edcd2b5ea8bc81b80377533571e4e2c7aa087907a1f49124ec6b75dbe0069e2d8d30215611e8439150cd217c25fe16741ebd4bc68

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 6ffe9c49802d113828f34d354cfbfcf9
SHA1 fa564cf685a513cece793dabbd7f588b3daeb3bb
SHA256 c0b863a924d7fd14dfe9733c27d0c1ea08bf663aebc5e84b6a1be3c88acbe06e
SHA512 040d821d2e6328692fd3b63ac095906fb00797657d1c8e9fb42e77ce474cc4cba8926ac91691f9972a6df781362d511dc2a67ea09740756ae14798768d2d2b92

C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json

MD5 05189d3797a93193c6c5bad22dfb39a7
SHA1 c4820798e18e9abf6bdc4c9301751b0a689f623a
SHA256 fb7a8a30abae2d5764553d06d12df58c686ece4916eeb38bc35dbc00e8a15c49
SHA512 00be5e1c4bb08de9739c27076e618c9efb227d13920892f9b1f74c7eed2c7c0443b3e66c952922fa593fb248b906846c19a9b31a42d5fb2ccb998d81375911d1

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 c3c56ca17c49a9945a667c6a07a58bc7
SHA1 641abc4d2e19b83f2a393b76020bba73a07dd132
SHA256 a2e2d2d62533a92acfe6ce55dbc3652efcf25238d212754c126a749e93655b66
SHA512 f5619c9c95761a25d2d7b729203a0d2859179980e59841ed70a042a6ebe8757474ee48217f453b11f752edf26d17566e99595567629ac89771b9309138727ea0

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 b0faacf4a54f1b829bac8dc990f5e0e5
SHA1 5199ff59f35a3f167559656b3cde8bf2f6371232
SHA256 ddd169a2cd79c04f2f811b39344559f54570f8b0f10791899fe84d2fef8254e9
SHA512 7b0ead26332d533cb9736c5772655cbb938b2dd459795a4219a0ecceb889e9f002c09b3d418eb3f319067ee2a79af37a478c5a5da5e7b4b2804c314f949b7be8

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 623dab4d807bd196570a2bd5bbb414d1
SHA1 93c06167e4402783d25f87b6de11d0499304abc1
SHA256 35b2356444b7e3a10190e39b7d7598ff54415146c84004376f10fdd5553a6803
SHA512 ed79bf599f8d584d545ae4c9497acd4c5886441300f1df3eff467d39126dd28391effca3a24b7d8ebb5818862c5c36ac7c7804b6764c02cbca46f9e0125bad77

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys

MD5 2a0bea88ce233b8d841d56df26195e06
SHA1 889af4a1f2b77423d5557c8ba7980e5d25e74647
SHA256 6116b30ab6f4bf5f0e8eca78bc67890e7aacc6c74fbb4a15a93af44bb34f2636
SHA512 c3d2620e3e1c19b63bacd578cbe55d52242dd01fc3ba5a90d0d001f8cab105a123959f0b18a8e6e71b4dc97d7995e832c8cd2d3693d808c8a81c98499cc63fd2

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf

MD5 5a9717e1385703e8f06b27aa10a69e87
SHA1 84ee67a9167b5eb6560711b9871de98898ad07a5
SHA256 47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4
SHA512 dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 ad9ffd8ad5c6bab14bcfff549eae34a8
SHA1 9475049919ff5ca15565df3ae767d0a1dd77dc16
SHA256 10e5351a6a138030f36e1eb35c00a81cdc78d5e3f41a77dcd4f2de7faeb6cb24
SHA512 05ceed6e15095b4b0cafd03b387fda6564cb2782c8ba1f7c7582fcd1c76edc6547d28e5c3a8c08f34a6cc27d3808f1e574652e557965012ac21d50cff4ab9663

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 2020e577ca5a8e150a0418923d7b6ee2
SHA1 5277fe255777574e0476b016d20a04da0cb4f7af
SHA256 b9c4e90d9e73869114bb2560350624e931c4c8ca461e4b09596f3e689c554e24
SHA512 6db6ce78574964e566bc9550cfb66b2083e16d17064041457f601868bc8ff91d158f113628067e1408b7e474c69b249b73b442bd1f8d68d6cd0bc63f01272e60

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 9f91e860481807fb8ba835e638b9a3cc
SHA1 873596dcbf278536b3e02ac3655cd637fe0024ed
SHA256 3e0bd05f8e749324809c8d0dedd33570d8b5c69d0020dcf8931c4f60be90d7a0
SHA512 26df9eedd25862f197ab39d7aeb085298b7b6d06ca1a5efd8fac64a02909dcd0e20a24272bbdcd7f6da17830e93b1d6c097177fc1f9e7a967b6d49b155248805

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 24a006dec6510c4793daa000e17a8217
SHA1 3327c4c502c14ff8f50abfab00422eef91975972
SHA256 69a5d3c87f8b372ae49db27cef75d40fbe654b50a0f666df60c9a869dc4faf94
SHA512 a937a0ee36eb0136a5dc7046e14db38a74ca7449d57cf48705c991fa8105a5e6977f1e31116ba8e903416c1153b9aa438f715c79ad43a54335a33e013552b3ac

C:\Windows\System32\catroot2\dberr.txt

MD5 8970e2b993f70b4d771b5a50bbdbfd13
SHA1 592cd6f0d6e8e28293e263dcc00b409da547ab9e
SHA256 25b5520fc8e8ab1649af77e0d91cb9b3cbb01deeb21835d1ea81fcad4b148a23
SHA512 2657a030dd07f3adcc3cd2fb9402f763b6ffc52911d84ecafd8305c9b4518150eb8dba3e240a654ec6bf0b28f69d02306fbcf0f88b56c733fae0c607e43e6519

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 98fe62dbe43b9b52ec59f600e94225c0
SHA1 c123f6402a395cce70f89a0e502d5b38ed6dcb8d
SHA256 74fa8d565f497b2bc0091a5a9e7051e724033090e333e30f799118885f62e471
SHA512 42db64a297bc087bee60bef3566ac0b67c614f6cb1b1bff2c28579bf77aab4a765ad7edd38aecac801108182d028828af0b83a6ff9c9d3d5acb63d8e33210039

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 b1e0349add866692cdd7fcd3e7ac8d5f
SHA1 d1ea84d606c510f2b5c9650d43c572f498dc43a3
SHA256 1d479093bdfa3c969d1a8d7ab3eb01c0f5134d627f8965c95b3b3cc46c96cbc3
SHA512 8a4fc3f4293d6c9b65faaaee47624b74604060b407a8cab81e1147ee87fe4f950aefa62744c69ffb63562d7fbb5c31c2072c04638b974e1f092a9369da46f13c

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 9a38223158f12a7561972ebbaedfcd8d
SHA1 2f171ed08ae065a752576cd85be6c22386531592
SHA256 a966e569f5e95663de107165339f4c08ed23dc32d898ce1e8314e262d33a8fa6
SHA512 7c4c6421ed95c4c78602d05f31ae71d69f680a3605dd06f861f65ac1f01499aee6db11f8364686a71225256b7cd28fb49fb0ec0340373ee8030aaa4e141793aa

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 14479b6a862f72cd7914102292fe0049
SHA1 a3316a9afc702d9e548846835725800fb2abf3fa
SHA256 c7a344957d501a7173eb94e265e311d6aeb5b9a07045c752715bd5b1d170dcbc
SHA512 5a7f9143f878340cbacb3d0e820d63299c37949b93d9fec8049bc1419d7a091680c308cbbe709890fc1c67bb91032645d5845665b25f0228c73cc65cb231b30c

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 b122520c458b49eeb3be6e0250ab6beb
SHA1 18b0dbfc83ad3664ec738b22dbdd30d7a1adc338
SHA256 a8c6281a84efbb01c94a3e5a2b856d1bb8cc53af7690f4bcaaa25f5302dd9d8e
SHA512 77016a2d9dcdb5b2c4c06d6489875853c0a2a33d0f0a294b5bc222fc347e6eef1110801906c57a4f042fa1248cb30d3c368613027961a2f16563e5bfaf512552

C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe

MD5 d289d84c0406750cef937bdcdbd32740
SHA1 89a8a040a62bc0d2c2809177773f6a10bb83fae9
SHA256 e21d1060a4a2ad8d0cc781d0ec252b497d96915b648fbc9d1ab46ab750c8d00d
SHA512 c8abdac9756ba299ecd3285a134219ccc222acc9f005a71eae85fd815a93b17b8857ac1e446a8122755e8702a39b76c13df962ba79f45855c752e3347311e09b

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys

MD5 9c4bec17ba2add58348045dbc762ab67
SHA1 b00ed0ca3634a93a23f70e79bda67c945dc915b6
SHA256 9c3b11ba1d4e462d9470fa0b50a61fde9f00cf4adfafd8e8b19f1e8af369cdd6
SHA512 6aab0e3d3c189c18ea6540d1736b64a518958c62e1cb0a2874826f6cfd76e3a06fdbd28ae0b81e2fc8fc20601d00d804d86fe9887ab6919dd8090a696fb52b31

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.inf

MD5 358bb9bf66f2e514310dc22e4e3a4dc5
SHA1 87bfc1398e6756273eee909a0dfb4ef18b38d17c
SHA256 ff51780a5a854b2c18f71ae426cb066a13723ef6155e24f4910137c9e8dfdc17
SHA512 301ec5ec5c0813951843011f2204924240235494999136ea30a557cbf58146fc6043a8866b344fa7deb927d7c83d44e2aaf45adca7d221aba5d36715b9a63e09

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.cat

MD5 cffd7ecf8765733aa7a2c36ca5f1eac0
SHA1 549b0974cf92676a7589466a3ee29e1dd45afa6d
SHA256 89c561a58d649d5f29fe1c576ca46245780369845df32045a64739b4056d8bb3
SHA512 47006f07c3270f358ce67c235739ebaa17b8fbd9a05da9f05a079322a003f8e6d704d3c5353e1a186df74b1bd6438526f6701a0c173563d676846c0f0f230be6

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 0b40f994fb6f26aa4059bfde879c0dda
SHA1 83e04598bbd83efd5903320ec791e87a655266d7
SHA256 22886a4e6cfb3bc950e9756af4617e3074e94fa0d3d7d58f0f84d553fd942446
SHA512 e22bbf58bfa11eab67ba67ee539d85feb0e55c3cdd081d0bf1662103eefd5e52efe32fac459cc6c3e4efe6e81e4469d332a1155228c3cd4c406a0fd2bac69b27

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 7766c19bcf09d6b4dda88200b0f3419d
SHA1 39bda571c9a9efb0bbac50f7e3cbb1e063739166
SHA256 23207d2992fe0e4c5c9c0f8df7d7ffa98312e1266e8eedc6466b3bf46a86e5ac
SHA512 e5d35cdd949f989d760845ff815e853368caf3f80995f3f600b5e0ce6ab504afa05875ca8be08ca5d8dbe6d57ee766007a828e243ffeb17fa920114338196ba2

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 f1996b00bd1bd58868c0b24de004e324
SHA1 5e02b060a2a0ae687b91cc6bd12f1355f8c70aa3
SHA256 4639874379faf2f66dda4a7c8c09ecded45e9988589069b37ff3e8eb2d0f5cd5
SHA512 8e455ca8832bc043a64c5d62d03851cc27fce629252184027f38bed33c626ccaadef5f12bd83f37a8f2fe9366384272f87f89a24b756aea9f172336a0ac98072

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 9444bdf7494b80b52ecfa4db1e97bf23
SHA1 834bad1e511f2658acc1d4465627983d365ca2d0
SHA256 b34f87ef97ba20708d0f06901e979806aa90570e9acf6df5486301cfa144eb9a
SHA512 e7270e9b484451d566ebf1468cf30f5c0c84142905e1a52a2970218c22db024f588137b18b156564df2fcefc6ece6bc4b8e882694fb8fbc76d8a1fe8ea653f0b

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat

MD5 7ec33c052afd81a7eb453f3a4a581c15
SHA1 b1589c853cc11e3842e89bab21b3b6c746ecae29
SHA256 d2ff36638e2efbebf663186bbc59bb128ddfc1023bed2c20d4803495b410c6a8
SHA512 7b68f05947ee9b899b82283fc3bed115e2ac2ea1fd2ccc39c87dab2687321d247d25c4a2cf396063d7871957727ec85b40c45d373ac5a9edb181530fa4761526

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 583e422fa68564d77284d8faffc3c875
SHA1 be39e72766930af6e0c6768b74c536946d32e6a9
SHA256 8d971552a3f61ddc000cba5fd11d9a1548a8ef2accd4a03c3ae1c4c347083744
SHA512 57ab11e637539624c0b8be5310ccf9fe94ac70a75531588333c0da2c126363b188fc943b0d61d5d097c5cbf9dca90991dbd6a98517c8dc598b922d6004e56cb9

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 213b5593f5cd29dd2609f7f7f29a011f
SHA1 db6cff0d7757968225d7cf2e583de9a0a7b671f4
SHA256 25dfe1cfbbf57e8c2ab6f53ea31a230ccdfb7b19a6f067977440a26662f612af
SHA512 88871ffa6fed641ba7edfadbcc7d8f82ba1e73d03a84be669e10da1ca095a45a5b069542894b19638ed0c75c3c0853066850f1484e7e0b1c6625b13273b1cfb3

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll

MD5 5c4b6998682070ad73cd246eae251ccb
SHA1 d4e3eef6332a6598e5d63741f3407574c7de5f5b
SHA256 54e0e90cc5cfef91ceab363c6cad54c7190cfbbecf6353181779938a3f8de8a1
SHA512 e1f844ecb631b628ff37068ef474b070e22c5be6453c77acde53e886b7e9109f22d09748a7902e64237f5cc9d05818080c0bb5697918235ea2d4ceefb68b8524

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 eba5b424039585662997f8cfb4457b93
SHA1 16cc993cf78230cbfaf4a268063e13889c29fa3b
SHA256 70509bcd7d85b5c0b4e0263a3e18194ff1d46fe681d070e8df81f08dbb6a4252
SHA512 d585a297e2241046224b680f7cf5814253c5d21bd4c17e2493666f5d480c94b43710116dbb01e76d0cd1d4bacfc1cc0cc7e45fd11eb5c2b9830215570b276c90

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe

MD5 ab258c2dec1945b65cd09b302652e8d5
SHA1 90e660cd3502d9bde40227ec0c0c2820958bab3c
SHA256 c488c36827fc5505fc797e4d7f9bc56c2c2ab9d8c432ff9eb55657179bbe5e36
SHA512 de9e9d01f7cfe40fb64ff4e9ca83ae8f7a87b2e460d89b1fd6717f007afbaffb8cd4dd34e13352c46bbc00372c3ff7f9d9027f54df44f2fba16bd0dda4cfe7fc

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 2601ab49046f804d75589e482beb0ad3
SHA1 5fd378f0f0d6e08e48d03ff1b5fff11474a53efb
SHA256 78568f0e98619bc4b521c7d9241ea1896db7e961c49b197f9a034cb6684adbde
SHA512 fe501a4c3953becf81feab7b933af51e6d7177126741fb81c483a6029cd6717e9c4e18052fc75e24663712f738bda153470c7fb07d13df829e451ea438550e2b

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 380b12e230c179e109f77e4d1bb49822
SHA1 381d4b2f34f3f8f9589ad15c6557fabd005091c2
SHA256 369142d36248b65c62e201f8b7faea6f25e7ce046cbbfeea556150681498ad86
SHA512 7b56312a35f4728d09893dc1fb6ad4f65d3e8548f422b72df875c113b0ae24c4334e35d7022059b4ec882cd796e4829f0a151cedcb4045a3fd248999251c1382

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 3e7e5d74b646e3b814cc6bfa2791d5e0
SHA1 2a6d1b0795dee66b3f45690106f5440703c127e4
SHA256 9ae58e665f656888d7021bcbe65dc345655e0d0252f96dbb4cd0449d0c8921b4
SHA512 4f410ae59ba4e00713dda5d128c8a8513e2f153865f360d9d0bc336bc89338e301ca9da01a7aab0b73186958243d329ebc895916f8553dd2b8867164acd49f28

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 123b961b86b4e9952a2c0054d8637e39
SHA1 a961195d44c83a3230627a02b3d9a4d412d01436
SHA256 5dcf12d31441587d4d3cf2fdcfecea1805528e1d0321dcee2e5e9e02277207e4
SHA512 52a36721af825ceff6b0bee9c6ea5512f4f6a9c136004d5bb1ee3ed6e2fd7be961806f754329571f3c6b5ea31055b75ae4b52d35fcf5c0c0be842cb8960cb2e8