Analysis Overview
SHA256
e8a4ba10ad14247a21d441c7fb1f9f23d376f70e87a0a97e3fb3c62852de8e90
Threat Level: Known bad
The file . was found to be: Known bad.
Malicious Activity Summary
Gandcrab
Suspicious use of NtCreateUserProcessOtherParentProcess
Renames multiple (223) files with added filename extension
Downloads MZ/PE file
Modifies RDP port number used by Windows
Sets service image path in registry
Drops file in Drivers directory
Checks computer location settings
Reads user/profile data of web browsers
Executes dropped EXE
Drops startup file
Checks BIOS information in registry
Loads dropped DLL
Registers COM server for autorun
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
Looks up external IP address via web service
Adds Run key to start application
Writes to the Master Boot Record (MBR)
Checks installed software on the system
Sets desktop wallpaper using registry
Drops file in System32 directory
Drops file in Windows directory
Launches sc.exe
Drops file in Program Files directory
Program crash
Enumerates physical storage devices
Script User-Agent
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious behavior: LoadsDriver
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
Modifies system certificate store
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Volume Shadow Copy service COM API
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-04 18:11
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 18:11
Reported
2024-06-04 18:31
Platform
win10v2004-20240508-en
Max time kernel
896s
Max time network
899s
Command Line
Signatures
Gandcrab
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 5688 created 3476 | N/A | C:\Users\Admin\Desktop\MBSetup.exe | C:\Windows\Explorer.EXE |
Renames multiple (223) files with added filename extension
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbamswissarmy.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamChameleon.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\mbamtestfile.dat | C:\Users\Admin\Desktop\MBSetup.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\mbamtestfile.dat | C:\Users\Admin\Desktop\MBSetup.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\drivers\mbae64.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mwac.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\farflt.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies RDP port number used by Windows
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\Desktop\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\Desktop\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\ETKOG-MANUAL.txt | C:\Users\Admin\Desktop\GandCrab.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\6760a1b06760a65d5c.lock | C:\Users\Admin\Desktop\GandCrab.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{05098CD5-9914-48C2-A453-DB782F55A65F}\InProcServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Desktop\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Desktop\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05098CD5-9914-48C2-A453-DB782F55A65F}\InProcServer32\ThreadingModel = "Both" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05098CD5-9914-48C2-A453-DB782F55A65F}\InProcServer32\ = "C:\\PROGRAM FILES\\MALWAREBYTES\\ANTI-MALWARE\\mbamsi64.dll" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbshlext.dll" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop | C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp | N/A |
Checks installed software on the system
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipgeolocation.io | N/A | N/A |
| N/A | api.ipgeolocation.io | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\netefe3e.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\pnpxinternetgatewaydevices.inf_amd64_82b90e51473d48ea\pnpxinternetgatewaydevices.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\SysWOW64\Driver Updater\is-F661M.tmp | C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\bcmfn2.inf_amd64_5ebadf201c5b5845\bcmfn2.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\c_smartcardfilter.inf_amd64_3573afe136371e51\c_smartcardfilter.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\netmlx4eth63.inf_amd64_3809a4a3e7e07703\netmlx4eth63.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\iastorav.inf_amd64_87f761c07c99d5e7\iastorav.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\wstorvsc.inf_amd64_50cb8ebb1c9584af\wstorvsc.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\c_cashdrawer.inf_amd64_a648ee708660440c\c_cashdrawer.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\volsnap.inf_amd64_ce438b6e0c5b1af2\volsnap.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\usbncm.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\netwtw08.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\c_fscontentscreener.inf_amd64_bd1517e25f3e419f\c_fscontentscreener.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\c_processor.inf_amd64_4431cc603de6e020\c_processor.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\SysWOW64\Driver Updater\Lang\is-RHMQP.tmp | C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_5b64b65052c3a32a\digitalmediadevice.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmgl009.inf_amd64_3bab34655afeb7e4\mdmgl009.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmhayes.inf_amd64_055d85baabbda8f6\mdmhayes.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmnis2u.inf_amd64_0c5757ecd1574b3d\mdmnis2u.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\c_mouse.inf_amd64_822333b41326bc2f\c_mouse.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmadc.inf_amd64_7b6fc0e15997ce81\mdmadc.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmarn.inf_amd64_947cdd3822225c16\mdmarn.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmdp2.inf_amd64_6550f790ed88c7ba\mdmdp2.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\netvchannel.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\wdmvsc.inf_amd64_8666ee4da6ad6325\wdmvsc.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\netwtw02.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\msux64w10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\acpipmi.inf_amd64_310dc613a7e31ec8\acpipmi.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\netvf63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\c_linedisplay.inf_amd64_a720ddb820f10790\c_linedisplay.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\wvmbus.inf_amd64_a192dbf28b4634a7\wvmbus.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\percsas2i.inf_amd64_a7f5d94e6751c911\percsas2i.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\wvmgid.inf_amd64_3a0240393de08f95\wvmgid.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmcpv.inf_amd64_906547002cc7c58e\mdmcpv.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\c_battery.inf_amd64_5637e58e54fb24bb\c_battery.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmbtmdm.inf_amd64_9e5602638617558e\mdmbtmdm.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmzyxel.inf_amd64_1edcf626fd489056\mdmzyxel.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{df246f33-a880-d744-b8f5-3f552995995a}\mbtun.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\SysWOW64\Driver Updater\is-BONHT.tmp | C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\c_diskdrive.inf_amd64_1debcd2bd95e9c0c\c_diskdrive.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\c_monitor.inf_amd64_f02375bf47a4adb2\c_monitor.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\c_system.inf_amd64_184528953a6fb673\c_system.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\c_volsnap.inf_amd64_47e3741bbf4d6b06\c_volsnap.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\stornvme.inf_amd64_1218fad01506b7af\stornvme.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\wmbclass_wmc_union.inf_amd64_a02e4111c770770d\wmbclass_wmc_union.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\battery.inf_amd64_a239bc596073092a\battery.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmiodat.inf_amd64_95e01117eb9c1bd2\mdmiodat.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\wvmbushid.inf_amd64_fd2fe159a9daf508\wvmbushid.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\kscaptur.inf_amd64_b95d9f4691816045\kscaptur.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\lltdio.inf_amd64_4faf5a37ebdbec2b\lltdio.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\tpm.inf_amd64_154e6da862a6dc30\tpm.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmbug3.inf_amd64_aef240978776cd0b\mdmbug3.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmzyp.inf_amd64_19eb30e94285f2a6\mdmzyp.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\net9500-x64-n650f.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\netathrx.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\percsas3i.inf_amd64_c17a63dada1eaa02\percsas3i.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\wave.inf_amd64_8e8496aa33c0a7f6\wave.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_a084e687a06b255f\wudfusbcciddriver.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\hidir.inf_amd64_7bf4a320e4ec8b3d\hidir.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{df246f33-a880-d744-b8f5-3f552995995a}\SET3442.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\netsstpa.PNF | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\\\bxmeoengtf.bmp" | C:\Users\Admin\Desktop\GandCrab.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\System.Windows.Controls.Ribbon.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Windows.Forms.Design.Editors.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Xaml.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.DependencyInjection.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\be.txt | C:\Users\Admin\Desktop\7z2406-x64.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\c18ee09a-ff71-485f-a9c9-72eca98b5161 | C:\Users\Admin\Desktop\MBSetup.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ReachFramework.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Csp.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kaa.txt | C:\Users\Admin\Desktop\7z2406-x64.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\VPNControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\SelfProtectionShim.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\UIAutomationClient.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tr.txt | C:\Users\Admin\Desktop\7z2406-x64.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l2-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.HttpListener.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework.Classic.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\PresentationUI.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sa.txt | C:\Users\Admin\Desktop\7z2406-x64.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Reader.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.WindowsDesktop.App.runtimeconfig.json | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\ArwControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Expressions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.IO.Packaging.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.inf | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ro.txt | C:\Users\Admin\Desktop\7z2406-x64.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsBase.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\BrowserSDKDLLShim.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\7-Zip\7-zip.dll.tmp | C:\Users\Admin\Desktop\7z2406-x64.exe | N/A |
| File created | C:\Program Files\ETKOG-MANUAL.txt | C:\Users\Admin\Desktop\GandCrab.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\UIAutomationClientSideProviders.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordbi.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Sockets.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.Design.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnel_wireguard.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Swissarmy.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\yo.txt | C:\Users\Admin\Desktop\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\WriteRename.rtf | C:\Users\Admin\Desktop\GandCrab.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Registry.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClient.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.dll.tmp | C:\Users\Admin\Desktop\7z2406-x64.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-sysinfo-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\an.txt | C:\Users\Admin\Desktop\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\eu.txt | C:\Users\Admin\Desktop\7z2406-x64.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\UIAutomationProvider.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\PresentationUI.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\ApproveConvertTo.inf | C:\Users\Admin\Desktop\GandCrab.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hant\UIAutomationTypes.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\WindowsFormsIntegration.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\UIAutomationProvider.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\assistant.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\ReachFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\LicenseControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbam.firefox.manifest.json | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ba.txt | C:\Users\Admin\Desktop\7z2406-x64.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Primitives.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hant\WindowsFormsIntegration.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\GandCrab.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000005b1010511f65dd1c0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800005b1010510000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809005b101051000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d5b101051000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000005b10105100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006\ | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\ | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\ | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\ | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\ | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\ | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006 | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006 | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\ | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006\ | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\ | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E\ | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\ | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006 | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\ | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004 | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E\ | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc | C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Desktop\GandCrab.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Desktop\GandCrab.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\Desktop\GandCrab.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EAD7766B-F8F3-4944-AFE6-5D667E535709}\TypeLib\ = "{783B187E-360F-419C-B6DA-592892764A01}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E3F70EF-D9BE-485F-A6F5-816DD0EDC757}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D8258E71-3A7A-4D9D-85BB-C7999F95B7E4}\ = "IAEControllerV4" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31A02CB9-6064-4A3B-BCB4-A329528D4648}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7BCC13C-47B9-4DC0-8FC6-B2A489EF60EF}\ = "IScanControllerV4" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FC60FEE4-E373-4962-B548-BA2E06119D54}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BADF77CD-ECCE-4B36-88FF-6A2804FFE307}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D57ACF19-30E3-4B7E-BCDD-6EEB8E57AF27}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BAFDF38F-72A8-4791-AACC-72EB8E09E460}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4163399F-AB08-4E5E-BE28-6B9440393AD3}\ = "IMWACControllerV13" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49207D05-5DFE-4F52-9286-1856A92A5BFE} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49207D05-5DFE-4F52-9286-1856A92A5BFE}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6EC225D5-FD37-4F9B-B80F-09FAE36103AE}\ = "IMWACControllerV2" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{767D2042-D2F6-4BAA-B30E-00E0CD4015BD}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DC97FF29-5CE2-4897-8175-94672057E02D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{560EB17C-4365-4DFC-A855-F99B223F02AF}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B38EDC4F-A2CD-4F76-8607-F123FE4031D5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAD5232C-6E05-4458-9709-0B4DCB22EA09}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E32ABD9A-1CBD-44A5-8A62-55D347D3C4F0} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{09FAE0FE-2897-496A-9FD2-39C86556F1D2}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E3D4AC2-A9AE-478A-91EE-79C35D3CA8C7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00A73BC0-754E-44E1-B190-D59E187A5EA1}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E03FDF96-969E-4700-844D-7F754F1657EF}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9B34A461-332D-479F-B8C4-7D168D650EBD}\TypeLib\ = "{2446F405-83F0-460F-B837-F04540BB330C}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{118F4330-CAF5-4A54-ABB0-DC936669ED2F}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{503084FD-0743-46C7-833F-D0057E8AC505}\ = "_ICleanControllerEventsV5" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A7FB145-B72D-466E-A3AC-21599BBE9E8C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2D56B7B-4B87-45A1-A6D3-5C77035141A6}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BD221458-5E85-4235-B1EF-4658F6751519}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE35F2CA-6335-49BA-8E86-F6E246CFCEA6}\ = "ILogControllerEvents" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A82D6A8-59F8-4B47-BBD0-8F5E5DBB3C7D} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0F2D6C4F-0B95-4A53-BA9D-55526737DC34} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A2D4A69C-14CA-4825-9376-5B4215AF5C5E} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.TelemetryController | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E41AC038-1688-417F-BE23-52D898B93903}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49F6AC60-2104-42C6-8F71-B3916D5AA732}\1.0\0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5083B4CA-BBA6-43DD-B36E-DEA787CA0CAD}\ = "IMWACControllerV8" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FFBD938D-3ABA-4895-97EF-5A0BDF7AC07D}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49207D05-5DFE-4F52-9286-1856A92A5BFE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{78E69E6F-EC12-4B84-8431-1D68572C7A61}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BADF77CD-ECCE-4B36-88FF-6A2804FFE307}\ = "_IScanControllerEventsV11" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F418F2F6-5173-4E4F-80EF-AF21E516C461}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B1BDE8B0-F598-4334-9991-ECC7442EEAA6} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E3F70EF-D9BE-485F-A6F5-816DD0EDC757} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ABC1D1AF-23ED-4483-BDA4-90BCC21DFBDB}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0B14402F-4F35-443E-A34E-0F511098C644} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2DFD7E94-47E6-483A-B4FD-DC586A52CE5D} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B1F1EB48-7803-4D84-B07F-255FE87083F4}\ = "IMWACControllerV3" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{77AD284A-4686-413D-AA76-BDFC1DF52A19}\TypeLib\ = "{59DBD1B8-A7BD-4322-998F-41B0D2516FA0}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D81C2A20-D03D-40D4-A371-A499633A2AD3}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B3FCAA7C-EA26-43E6-A312-CDB85491DDD8}\ = "IRTPControllerV18" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\DefaultIcon | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{960F2BB5-E954-45C5-97DF-A770D9D8C24B}\ = "IScanParametersV9" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B8E2CB10-C8DE-4225-ABBB-6CE77FF04FFA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B3DFEA6-6514-42CF-A091-C4DFFD9C2158}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{25321640-5EF1-4095-A0DA-30DE19699441} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C85F3EB8-B099-4598-89C3-E33BAC2CE53D}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49F6AC60-2104-42C6-8F71-B3916D5AA732} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{090D2E82-C71B-414E-AF6A-6681A92FF2B3}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAB53395-8218-47FF-91B7-144994C0AD83}\ = "IAEController" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\VersionIndependentProgID | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 474051.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:SmartScreen:$DATA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 728732.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 252871.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 423859.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\ProgramData\Outbyte\Driver Updater\2.x\Distr\Driver Updater-2.3.3.31862.exe\:SmartScreen:$DATA | C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 747552.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 637067.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb533746f8,0x7ffb53374708,0x7ffb53374718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5028 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d4 0x4fc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6224 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:8
C:\Users\Admin\Desktop\butterflyondesktop.exe
"C:\Users\Admin\Desktop\butterflyondesktop.exe"
C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp
"C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp" /SL5="$40240,2719719,54272,C:\Users\Admin\Desktop\butterflyondesktop.exe"
C:\Users\Admin\Butterfly on Desktop\ButterflyOnDesktop.exe
"C:\Users\Admin\Butterfly on Desktop\ButterflyOnDesktop.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb533746f8,0x7ffb53374708,0x7ffb53374718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6504 /prefetch:8
C:\Users\Admin\Desktop\Windows-outbyte-driver-updater.exe
"C:\Users\Admin\Desktop\Windows-outbyte-driver-updater.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6376 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe
"C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\Installer.exe" /spid:1636 /splha:36414272
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\SysWOW64\Driver Updater\ServiceHelper.Agent.exe
"C:\Windows\System32\Driver Updater\ServiceHelper.Agent.exe" /install /silent
C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe
"C:\Windows\System32\Driver Updater\DriverUpdater.exe" /Install /AutoStart /CreateOSSnapshot
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\SysWOW64\sc.exe
sc start OutbyteDUHelper
C:\Windows\SysWOW64\Driver Updater\ServiceHelper.Agent.exe
"C:\Windows\SysWOW64\Driver Updater\ServiceHelper.Agent.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7528 /prefetch:8
C:\Users\Admin\Desktop\7z2406-x64.exe
"C:\Users\Admin\Desktop\7z2406-x64.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,5782679885723288624,12439682576659649714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:1
C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe
"C:\Windows\System32\Driver Updater\DriverUpdater.exe" /AutoScan /FromInstaller
C:\Users\Admin\Desktop\WinNuke.98.exe
"C:\Users\Admin\Desktop\WinNuke.98.exe"
C:\Users\Admin\Desktop\WinNuke.98.exe
"C:\Users\Admin\Desktop\WinNuke.98.exe"
C:\Users\Admin\Desktop\WinNuke.98.exe
"C:\Users\Admin\Desktop\WinNuke.98.exe"
C:\Users\Admin\Desktop\WinNuke.98.exe
"C:\Users\Admin\Desktop\WinNuke.98.exe"
C:\Users\Admin\Desktop\WinNuke.98.exe
"C:\Users\Admin\Desktop\WinNuke.98.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x120,0x124,0xfc,0x128,0x7ffb533746f8,0x7ffb53374708,0x7ffb53374718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5168 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d4 0x4fc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6092 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
C:\Users\Admin\Desktop\MBSetup.exe
"C:\Users\Admin\Desktop\MBSetup.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,4985112128203007608,5390336062036832015,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7448 /prefetch:2
C:\Users\Admin\Desktop\GandCrab.exe
"C:\Users\Admin\Desktop\GandCrab.exe"
C:\Users\Admin\Desktop\MBSetup.exe
"C:\Users\Admin\Desktop\MBSetup.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c vssadmin delete shadows /all /quiet
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5464 -ip 5464
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 1420
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "000000000000014C" "Service-0x0-3e7$\Default" "000000000000015C" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status on true /updatesubstatus none /scansubstatus none /settingssubstatus none
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe
"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb533746f8,0x7ffb53374708,0x7ffb53374718
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | polyfill.archive.org | udp |
| US | 8.8.8.8:53 | web-static.archive.org | udp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 207.241.239.241:443 | polyfill.archive.org | tcp |
| US | 207.241.224.2:445 | archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.239.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.237.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | archive.org | udp |
| BE | 88.221.83.235:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 235.83.221.88.in-addr.arpa | udp |
| BE | 88.221.83.235:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.193.132.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.152:443 | r.bing.com | tcp |
| NL | 23.62.61.152:443 | r.bing.com | tcp |
| NL | 23.62.61.89:443 | th.bing.com | tcp |
| NL | 23.62.61.89:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 152.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.138:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| SE | 23.201.43.89:443 | aefd.nelreports.net | tcp |
| SE | 23.201.43.89:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 89.43.201.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | freedesktopsoft.com | udp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 95.117.46.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | adclick.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | download.pcsystemfix.com | udp |
| GB | 172.217.169.34:443 | adclick.g.doubleclick.net | tcp |
| US | 104.18.34.21:443 | download.pcsystemfix.com | tcp |
| US | 104.18.34.21:443 | download.pcsystemfix.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | builder-assets.unbounce.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 216.58.201.106:443 | ajax.googleapis.com | tcp |
| FR | 52.222.201.86:443 | builder-assets.unbounce.com | tcp |
| FR | 52.222.201.86:443 | builder-assets.unbounce.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | pulse.clickguard.com | udp |
| BR | 142.251.132.3:443 | csi.gstatic.com | tcp |
| US | 104.26.12.152:443 | pulse.clickguard.com | tcp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.12.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.ipgeolocation.io | udp |
| US | 8.8.8.8:53 | www.pcsystemfix.com | udp |
| BR | 142.251.132.3:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | d9hhrg4mnvzow.cloudfront.net | udp |
| US | 104.20.39.71:443 | api.ipgeolocation.io | tcp |
| US | 8.8.8.8:53 | io.clickguard.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 142.93.193.216:443 | www.pcsystemfix.com | tcp |
| US | 142.93.193.216:443 | www.pcsystemfix.com | tcp |
| FR | 18.164.55.143:443 | d9hhrg4mnvzow.cloudfront.net | tcp |
| FR | 18.164.55.143:443 | d9hhrg4mnvzow.cloudfront.net | tcp |
| FR | 18.164.55.143:443 | d9hhrg4mnvzow.cloudfront.net | tcp |
| FR | 18.164.55.143:443 | d9hhrg4mnvzow.cloudfront.net | tcp |
| FR | 18.164.55.143:443 | d9hhrg4mnvzow.cloudfront.net | tcp |
| FR | 18.164.55.143:443 | d9hhrg4mnvzow.cloudfront.net | tcp |
| US | 104.26.13.152:443 | io.clickguard.com | tcp |
| US | 8.8.8.8:53 | fonts.ub-assets.com | udp |
| FR | 13.32.145.119:443 | fonts.ub-assets.com | tcp |
| US | 8.8.8.8:53 | ipgeolocation.io | udp |
| US | 104.20.40.71:443 | ipgeolocation.io | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | cdn.taboola.com | udp |
| US | 8.8.8.8:53 | amplify.outbrain.com | udp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| US | 104.26.12.152:443 | io.clickguard.com | tcp |
| US | 104.26.12.152:443 | io.clickguard.com | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 151.101.1.44:443 | cdn.taboola.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| SE | 104.73.93.80:443 | amplify.outbrain.com | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 216.239.32.181:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| FR | 13.32.145.119:443 | fonts.ub-assets.com | tcp |
| BE | 74.125.71.154:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | tr.outbrain.com | udp |
| US | 8.8.8.8:53 | wave.outbrain.com | udp |
| US | 8.8.8.8:53 | sp.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 64.74.236.127:443 | tr.outbrain.com | tcp |
| US | 64.74.236.127:443 | tr.outbrain.com | tcp |
| SE | 104.73.93.80:443 | wave.outbrain.com | tcp |
| BE | 74.125.71.154:443 | stats.g.doubleclick.net | udp |
| IE | 3.255.41.64:443 | sp.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | 3.132.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.39.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.13.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.193.93.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.145.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.55.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.40.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.93.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.41.255.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.236.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trc-events.taboola.com | udp |
| NL | 141.226.228.48:443 | trc-events.taboola.com | tcp |
| GB | 216.58.201.106:443 | ajax.googleapis.com | udp |
| FR | 52.222.201.86:443 | builder-assets.unbounce.com | tcp |
| US | 8.8.8.8:53 | lp.pcsystemfix.com | udp |
| US | 104.18.34.21:443 | lp.pcsystemfix.com | tcp |
| US | 216.239.32.181:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | 807cedb8f0db41849b0c36be8f38d60a.js.ubembed.com | udp |
| US | 172.64.148.75:443 | 807cedb8f0db41849b0c36be8f38d60a.js.ubembed.com | tcp |
| US | 8.8.8.8:53 | verify.g2afse.com | udp |
| NL | 34.90.175.78:443 | verify.g2afse.com | tcp |
| NL | 34.90.175.78:443 | verify.g2afse.com | tcp |
| US | 8.8.8.8:53 | 48.228.226.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.148.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.ubembed.com | udp |
| US | 8.8.8.8:53 | xoomby.com | udp |
| FR | 52.84.174.60:443 | assets.ubembed.com | tcp |
| US | 104.200.16.65:443 | xoomby.com | tcp |
| US | 8.8.8.8:53 | 807cedb8f0db41849b0c36be8f38d60a.pages.ubembed.com | udp |
| US | 104.18.34.21:443 | 807cedb8f0db41849b0c36be8f38d60a.pages.ubembed.com | tcp |
| US | 8.8.8.8:53 | outbyte.com | udp |
| US | 45.33.97.245:443 | outbyte.com | tcp |
| US | 8.8.8.8:53 | 807cedb8f0db41849b0c36be8f38d60a.events.ubembed.com | udp |
| US | 34.206.251.176:443 | 807cedb8f0db41849b0c36be8f38d60a.events.ubembed.com | tcp |
| US | 8.8.8.8:53 | 78.175.90.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.16.200.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.97.33.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dynamicdownloads.outbyte.com | udp |
| CA | 149.56.19.59:443 | dynamicdownloads.outbyte.com | tcp |
| US | 8.8.8.8:53 | 176.251.206.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.19.56.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | outbyte.com | udp |
| US | 45.33.97.245:443 | outbyte.com | tcp |
| US | 45.33.97.245:443 | outbyte.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 56.94.73.104.in-addr.arpa | udp |
| US | 45.33.97.245:443 | outbyte.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.193:443 | th.bing.com | tcp |
| NL | 23.62.61.192:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 13.107.21.200:443 | bing.com | tcp |
| US | 8.8.8.8:53 | 193.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| GB | 142.250.187.227:443 | recaptcha.net | tcp |
| GB | 142.250.187.227:443 | recaptcha.net | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | 7zip.com | udp |
| US | 172.67.160.13:80 | 7zip.com | tcp |
| US | 172.67.160.13:80 | 7zip.com | tcp |
| US | 8.8.8.8:53 | www.7zip.com | udp |
| US | 172.67.160.13:443 | www.7zip.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | 13.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.7zip.org | udp |
| DE | 49.12.202.237:443 | www.7zip.org | tcp |
| DE | 49.12.202.237:443 | www.7zip.org | tcp |
| US | 8.8.8.8:53 | 237.202.12.49.in-addr.arpa | udp |
| DE | 49.12.202.237:443 | www.7zip.org | tcp |
| DE | 49.12.202.237:443 | www.7zip.org | tcp |
| DE | 49.12.202.237:443 | www.7zip.org | tcp |
| DE | 49.12.202.237:443 | www.7zip.org | tcp |
| DE | 49.12.202.237:443 | www.7zip.org | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | outbyte.com | udp |
| US | 8.8.8.8:53 | du.outbyte.com | udp |
| US | 45.33.97.245:443 | outbyte.com | tcp |
| US | 45.33.97.245:443 | outbyte.com | tcp |
| US | 51.81.185.149:443 | du.outbyte.com | tcp |
| US | 8.8.8.8:53 | 149.185.81.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.outbyte.com | udp |
| US | 192.155.86.205:443 | api.outbyte.com | tcp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.86.155.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.outbyte.com | udp |
| US | 45.33.97.245:443 | ssl.outbyte.com | tcp |
| BE | 88.221.83.208:443 | www.bing.com | tcp |
| BE | 88.221.83.208:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 208.83.221.88.in-addr.arpa | udp |
| BE | 88.221.83.208:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| BE | 88.221.83.210:443 | th.bing.com | tcp |
| BE | 88.221.83.210:443 | th.bing.com | tcp |
| BE | 88.221.83.211:443 | th.bing.com | tcp |
| BE | 88.221.83.211:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 210.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.83.221.88.in-addr.arpa | udp |
| BE | 88.221.83.210:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | udp |
| US | 45.33.97.245:443 | ssl.outbyte.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | www.moosoft.com | udp |
| US | 172.66.43.10:443 | www.moosoft.com | tcp |
| US | 172.66.43.10:443 | www.moosoft.com | tcp |
| US | 172.66.43.10:443 | www.moosoft.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | 10.43.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 119.190.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | downloads.malwarebytes.com | udp |
| US | 3.165.136.99:443 | downloads.malwarebytes.com | tcp |
| US | 3.165.136.99:443 | downloads.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | data-cdn.mbamupdates.com | udp |
| US | 3.165.136.92:443 | data-cdn.mbamupdates.com | tcp |
| US | 8.8.8.8:53 | 92.136.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 44.233.87.214:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 214.87.233.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| BE | 88.221.83.203:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | 203.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse3.mm.bing.net | udp |
| US | 8.8.8.8:53 | tse4.mm.bing.net | udp |
| US | 8.8.8.8:53 | tse2.mm.bing.net | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | rr3---sn-5hne6nz6.googlevideo.com | udp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | udp |
| NL | 74.125.100.200:443 | rr3---sn-5hne6nz6.googlevideo.com | tcp |
| NL | 74.125.100.200:443 | rr3---sn-5hne6nz6.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.100.125.74.in-addr.arpa | udp |
| NL | 74.125.100.200:443 | rr3---sn-5hne6nz6.googlevideo.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| GB | 142.250.187.227:443 | recaptcha.net | udp |
| GB | 142.250.187.227:443 | recaptcha.net | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 45.33.97.245:443 | ssl.outbyte.com | tcp |
| US | 51.81.185.149:443 | du.outbyte.com | tcp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 44.239.227.145:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 145.227.239.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ark.mwbsys.com | udp |
| US | 18.211.79.36:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| FR | 99.86.91.87:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 36.79.211.18.in-addr.arpa | udp |
| US | 18.211.79.36:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 87.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| FR | 99.86.91.41:443 | cdn.mwbsys.com | tcp |
| US | 18.211.79.36:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 41.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| FR | 99.86.91.41:443 | cdn.mwbsys.com | tcp |
| US | 18.211.79.36:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| FR | 99.86.91.41:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | www.kakaocorp.link | udp |
| US | 18.211.79.36:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| FR | 99.86.91.107:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 107.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipv4.am.i.mullvad.net | udp |
| SE | 45.83.223.233:443 | ipv4.am.i.mullvad.net | tcp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| US | 3.208.104.188:443 | holocron.mwbsys.com | tcp |
| US | 3.208.104.188:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 233.223.83.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.104.208.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| BE | 88.221.83.224:443 | www.bing.com | tcp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| US | 8.8.8.8:53 | 224.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.66.68.104.in-addr.arpa | udp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| BE | 88.221.83.211:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| US | 54.204.22.55:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 55.22.204.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.comodoca.com | udp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 2.21.17.194:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iris.mwbsys.com | udp |
| US | 44.212.184.140:443 | iris.mwbsys.com | tcp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 35.155.232.192:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 140.184.212.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.232.155.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 54.85.56.152:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| FR | 99.86.91.10:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 152.56.85.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.91.86.99.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_1476_NHAZYABFRYTECSZE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 81024ff1b1511d4302a583e4b1af4bc4 |
| SHA1 | 71e55d03fd686df75236b611b9af7d75d6b4e0dd |
| SHA256 | 1895285c07a265a71d1965ff26f22afe3266f019dec58e8a66e4b36e405e19b2 |
| SHA512 | e4f1c5c355f28dc18316326428122d3e8c194ceff35b315aeca5af00bdfb18675719358a1d3d7c806f82edeec23ef6eb00b7a1a034ea8e776dba10b34bda848b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 915353615ea6b8e503205bdfa1c04a66 |
| SHA1 | 35bb3db5ef2af8244ce851d602911a6df1743567 |
| SHA256 | 9a2997d2c7ff907ce0e6466caef3243006f9588d925e7297c7fec2bace06d52b |
| SHA512 | 77c14f4ddbbca9e10b325c55687698d8415fa9705cce63502335bdd4722ec9dc873f60163bf6723cf616cf1c78c22ee92c97b2f6f4a46de93de051bb04c02cc2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d3f5d596c75c8c29cf3a0487f334f7d9 |
| SHA1 | 4a40c92a565cf1a0068d58987f83d4f6fc3cdd69 |
| SHA256 | aabe841807b2f7d02a4463ff867fb77918c10dc87fdddb4636e13432d51fd605 |
| SHA512 | ccc92c546568b1810de0be95e4074ae777d4ff73e57550fcf718ae3ffdcf8aa602449b4d4d6c2bfecf11048a2eaabb4c69c2f8d7656f623e338b806fde4e0318 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a361424296d5bde510fe8a505f282194 |
| SHA1 | 5124f1b8926ca33ec8a7f949c98a3c4fabc2649e |
| SHA256 | 74a55fecc850ce6bfa327a527fc1e663728c2daff4b62bf4b22075945d77be28 |
| SHA512 | f3231a827c2eb1deff8b29054a977ac7f55871aa472caee8332448aa7637998f259c85d4283b372ce4e887163a70c0bc1af96fe5df98e605e533c3d210808003 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 803f8f20578b185257ad6cc7579d0f1f |
| SHA1 | 6f6f09e04b06cc0a447c2070c2a81ca16debc7fd |
| SHA256 | 5aaebff5b15932c938a558ddce6a42c819ead87a08adefea2d9a9c8e26452991 |
| SHA512 | f522038c770f280a57fe1454f2beff8e90f1899a40b67dcc75d41dddbba6d63a34a5157b103fa7e7efc1871210121cf2000ff9f401aedb2f1858f615821e1be9 |
C:\Users\Admin\Desktop\RegisterInstall.aiff
| MD5 | 6d9f9b87ec90c5c389d340793b07cf0a |
| SHA1 | 5f12ac8a6a1088d8750956cf03794f5cf0ece86f |
| SHA256 | 15b17d37ddae687f38f4c4a4458de6041cd0ba2695a8b3f716120952547327f9 |
| SHA512 | a27ad50b7c9083c38b47af95de412ba03ee140e5e60859ec5ec0b4f4540b697dc15c0d245a2b97fcd67b1ac0e8f835f07acd5ab5341fbe7285ce62ff0a6fbec2 |
C:\Users\Admin\Desktop\ResolveStop.pdf
| MD5 | 5c7f1f7f3b48b43f1b7f818ef429d456 |
| SHA1 | ca65376b3e463ae4827a4ec2bc5045e71adcae2f |
| SHA256 | 475a384af397f78e99ee87bb7eeb5560099135ceff5c44f734fc569e6eeadc87 |
| SHA512 | 752e48c722299c0798540ead2feebaa12c56fdaa2294c936bf8395dc08f1bdde7cb3317177927e255daf703d747a21bb700a0e66a0d3550a93e5268983f19074 |
C:\Users\Admin\Desktop\ConfirmUpdate.ps1
| MD5 | 2986b1cc8f64c9f67179f0035867711e |
| SHA1 | a150098a77d9e773c196c86bbc1767a0ead7ee24 |
| SHA256 | 4360a9e2df445387d0e63a28167408a6d40e149ca001a0b92f05b2a7ef552576 |
| SHA512 | b55f9019606a82959288ca6c798a8d183af4cd3df941da55d40298b643db2c9b99cb63b013c84e1f0f834afed0d83b97b6b8c8170a6eb04cae6dfeee3e3112a1 |
C:\Users\Admin\Desktop\DenyGet.ico
| MD5 | a94c3ba1384b1f8ec9e0b8cbff0671c8 |
| SHA1 | d592c4a953951b9292464d6fd3a55c1f2f232eb5 |
| SHA256 | 26d27a901abe46b30e4ce90c0f17cb8bcbc78b4b38ca55243ba94f785b06f230 |
| SHA512 | ff7aa72c54d823fa62c03d6270f42d979b21c6374c735185b81eb1f56b3b50669f23621b6aa0462385e0f851dbdf48fbdcbb31d8aeec0fa69d0ac4b830487f8b |
C:\Users\Admin\Desktop\EnterDisconnect.mp4
| MD5 | 8cae8db8a991e16186ba84d5a8b5f8f9 |
| SHA1 | f113f131e6e3ab2f1510105469883230529831d5 |
| SHA256 | 56548d3699157ae0699f9c2597418df7f16a88f950fa39042bcdb912334613a1 |
| SHA512 | 26699b302c4ea62c760f85ef5b6fe4bb2d6453309a19bd944b64fe67d39db2d0fd34f3630736fce37b6d55b43827049760763b4ff7e5b6c1df9ef14a75252dc8 |
C:\Users\Admin\Desktop\ExitConnect.css
| MD5 | 51103cf0f757f5a5184a8c664974a3d0 |
| SHA1 | c41561460a99e8fa4cf40e98cfcde15218335509 |
| SHA256 | b5b0e64ecd4b4153698a322f4d5b67d516e82e823d4b684ba4543175db4412c1 |
| SHA512 | 44d23732c6f132f39853604fcdec4a72610c1c72a8b165260cbcc106059802110019469b56abfe25b8392058eef595fbf10117250a4a51b2a72b6946e25fa383 |
C:\Users\Admin\Desktop\GrantDeny.dot
| MD5 | bd55028203bf26059af1ec2f0b119278 |
| SHA1 | 208f70ada15a059a2760a58fa36999fb5dcb8207 |
| SHA256 | 853b15e4baa0f49a1c0304a5ded5d4f68c9913f47b6ab325ca74018bf713b10a |
| SHA512 | 28e174ea5556dd3462238991ccfe9d3e45d9d95e8d95485656ea9016025a20a38d8175b84cf961c9d6fe9917b2336a8e0be5b66c5b9914ef4cf57d461ee54636 |
C:\Users\Admin\Desktop\LimitAdd.php
| MD5 | c4a855303da0dc922810ef11cb225075 |
| SHA1 | 73d2e628699222bc494ba615852405d1a730a006 |
| SHA256 | db3ddd952f840df9c61250b544a86323c216fe32ec6bc48f05e8797ac8853c67 |
| SHA512 | ffa7a86bc7e73bf644a37a8c839d051c4ff0951d0019e5a36a81b18d2b89fbc7371ec4d7f1f0692a7ef85ac58f00e4246ce196ed1d644940841ca8b95087f498 |
C:\Users\Admin\Desktop\NewUpdate.jpg
| MD5 | 36fc82b931ef1b530ea11dd4736d97f5 |
| SHA1 | b3953c514c26e5cfede8f28b1581d0db68575c96 |
| SHA256 | 8a52475e872437749a37ee4a40e5d26b7595a7a135b336c8b736d06cde7e3e68 |
| SHA512 | 8806276c97e24a6d68737d456b379c1073b03797cbfed57f111d1933a91e12a2fe962efb3224d8a00e0e175bd9d61e926f8436355f63607fb1bf047356829aac |
C:\Users\Admin\Desktop\RedoPop.kix
| MD5 | 1d2b822c8be8677317cb012a79ec4826 |
| SHA1 | 2e3662c2982744b78dc4292d69ab3d6712953369 |
| SHA256 | 944d8d698b564e9ee1964fe8f0cde7209a131c410d3af59d956024aadd75a429 |
| SHA512 | 7fc919d466df5949a96e55e1a616c2420f3442c508ab895370149dfe8d27dfd8409fe6d8342a2f2ee133578b3a8bb4ddb3c28a59c4cd0945feb32021edd4b192 |
C:\Users\Admin\Desktop\ResizeRead.raw
| MD5 | 0ce1827fba10fd25a0b58e105e1d69f5 |
| SHA1 | e4d5703f8a31efabfa0582770992b7963d9c8137 |
| SHA256 | a28f79b7bd31618c28e995aebe05e2681af9c5b596e97c4ee831099be3e960fd |
| SHA512 | b577d81201d1bf80ecff570f2b945e93f980e686cfb8acbbb67842ec7ed6ce59f1695be7953c5e82b1c85e956e2dcdd30188451aaeec8d0bfd38b5eeea152a8e |
C:\Users\Admin\Desktop\RestartAdd.doc
| MD5 | e47d272ca8a229dd851d403c3e92b9d5 |
| SHA1 | 5d0b9feff6c044a34da651a6017cc4d2c1c22a3f |
| SHA256 | a40733f081ef93b274cf94abac4d7ed13082deb58b3a089909a5ebbf1ab357a3 |
| SHA512 | ba4005a786a1d607936f604b734fe2575bfa091abb91ca7ba6f33da2949ea917440cf78d9199d85785d98359da26090959fb457f0b6053be79525b859e49003a |
C:\Users\Admin\Desktop\StepMeasure.asx
| MD5 | 6ed1bca02bc6f8b4e6aedceb477c856e |
| SHA1 | 041f087b2ac12fcd9358b553f46f79af91df9b61 |
| SHA256 | ff84d50ffb040834d3e0ee6c2020689a68a832b8bff24e8f0a1224280b75f3f2 |
| SHA512 | 9a51456eff586f0794ac1ba1310379884337a033e363a8e29b8e55451a510ca8aedf94431a681c8c897f9e49a7593054267cf15517f64b4842983ce477070a29 |
C:\Users\Admin\Desktop\UnprotectSplit.xlsb
| MD5 | cb780270396caefb55cc1d81b576c374 |
| SHA1 | fd7e19cb3b0f68fdefa353abf59d79d1fd89bce5 |
| SHA256 | b0e376c162f55a86f162e02aaebcc97de7e703aac5f93efc71ffbbe72e7f648b |
| SHA512 | 8e141e8dd44768baaa3ef2572e5e6cd3000005734d23b4e81eecc8e630ae017ce4f8aea85cef4ed57ffd16f5fc7ec737368e24c9568df55fef0068019679bc81 |
C:\Users\Admin\Desktop\UnpublishFormat.tmp
| MD5 | 47431f7ea6d7a077288df9da1418c86d |
| SHA1 | f3b593f2b8a5e39f0915c99289c6af4d8c89f396 |
| SHA256 | 75839b35d964cec36b7bcd65da977f1e092478e6eff01d2c97bcd9cd0ff95cf6 |
| SHA512 | 2abf6f55a304ad5064c26170b13d511614997c53f5dbf5ef5de2ebaf0573fb8961a1bf0a157d25fe9edfb0a88d9174d3038942dbbdc4983686128c487fdbcc3b |
C:\Users\Admin\Desktop\AddOptimize.gif
| MD5 | 9cd1211f9f5bbfb83af129783f1598e3 |
| SHA1 | c437aa4b0a051f12ff84f67c55e2450e606eb019 |
| SHA256 | a5130bf5ffcde2e3bdf54bf7efc6db134fbce8af71fbab7a6dfde303e5ca020a |
| SHA512 | e512caafbba86af04a8d12a21e41e94d8d7a3beeb341e66de70bb099ab54e38be79c453df62d132930a72abac46651d4e8c2347ce661a02ac184ccaff9da4bc3 |
C:\Users\Admin\Desktop\ConvertMount.xlt
| MD5 | a2668a900451a9d9911a1a463bf87771 |
| SHA1 | 7cb4bab5175961cc4010951ebcb1a5a396a42778 |
| SHA256 | 046ead41c5ed049a34e6b2022d7bef4d5b087b8a57c792c4ab009d6fc43f5b05 |
| SHA512 | 3d981c004484e490cb50413186a476f02c59b9d578d8b22882c9b7bcda3bbcbb5ff6b2f0a802da981343927ba7bab21b1ca8779af14f0ab9d30a79e399faf0a6 |
C:\Users\Admin\Desktop\ImportUnblock.wpl
| MD5 | f5e787a9d6a1a83a9c52e8f609c59969 |
| SHA1 | cc7e4bd302005c0d8d3d7ed039765278064ba885 |
| SHA256 | b7030d1f2ea0072395582e8a508373d6f4e4414609c3744204ddbfc524076879 |
| SHA512 | 9ef27d5c4a64c412be32665968c2e0be2739e2c6da2dc0361ac65923ba1d6f7b5f9865c479909210a961e06b4bb6e1daafb4d6ba95894fd00398d4c7efb22b50 |
C:\Users\Admin\Desktop\ExitMove.ods
| MD5 | e268f190c5194ca389848f86494ea6c1 |
| SHA1 | 227743cd72a17ec045a987befcf06cb69181a70b |
| SHA256 | 72b40e8338c48e1dd3ac0a3cc97f3922df5a91127013d168525e0c6289bf398b |
| SHA512 | e8c5a83378c8cc3e0f691b11a33ed458b10c06b3cf43e6a238fcdb3cad0c0aac37d0ecbf65a7c468aff67dec7b2965f7e37fa4a4112cf3b47562ef1a6e216a3d |
C:\Users\Admin\Desktop\CopyUndo.mhtml
| MD5 | 0ebbb6ede5542d890abbed57927f265a |
| SHA1 | 3e7a66c5a3e3d30307526b605e6e3c2df1339f42 |
| SHA256 | 5cdd749046c4b49a44b710e48b0bf7da6c98179fdbc7bac0e590773fbbcfb5ab |
| SHA512 | 3b7e8e25d98347c848aa0666bfe88a68095bfd4737834041b009b8d403511676e3c5284a06815c30914274d75310ad58d7417ffff253b69a2768566b6ddaa3ee |
C:\Users\Admin\Desktop\TestStart.ogg
| MD5 | def510f1e0a9956e3fd52cf8e1a8fd85 |
| SHA1 | af130065b395668c206e88274ac226599fe9288f |
| SHA256 | 0c4fb3154761c48b7ba546b6e41af7c0389d0d89a8a99b192ae68be7a270a6e9 |
| SHA512 | f378bce852c31706411fa455ca0bf35e87fcf54f0d4f12cfb2190699148d58d1714c7fb8e8abe1a460658a66c2cdc07eaca77c0a68dd83f59119996b4821453c |
C:\Users\Admin\Desktop\TestDisconnect.dxf
| MD5 | 777bb30ea3fb06c8d944427f3135343d |
| SHA1 | cd24b40dff9919e209848fb65b245b9f7e3c7be2 |
| SHA256 | b54e46d6176b11ca1345d76cb15d9d54fc311bfca97178fd38f86616615cb04e |
| SHA512 | a40666bd95fea6dd373d039da94c65f61395d25a365b86f9417ec3c22cc8083f8ba5aee4e2936120a0af0d49cf710bf91b28bac9832d7f6a7aa25867f05e56e8 |
C:\Users\Admin\Desktop\ResumeFind.dot
| MD5 | 3d752f6f640f33fec1950de51b191c14 |
| SHA1 | 5a8e99538be1b03eca13ff1fd10d356d195c7d3d |
| SHA256 | 09f62b5f16ffe6fa935a080475bfdbf8e9e0a328f3678cbadf54bd3ed98d08df |
| SHA512 | eeb6967db14baf8d4ab1a668854a4b1848d201bba2c3ee08e142a7cdf032f188814151dee346b2eeb748ab6ae606900e3ccd73cd3f4cfb6a83334cdf6eb6a4fb |
C:\Users\Admin\Desktop\ResolveSelect.wm
| MD5 | d5bfba9fbf5c2fb4832cadc68c37cfef |
| SHA1 | aecc98460f34a934661943abf3f5348fcde067a0 |
| SHA256 | 5226956c95369a7141da328c625dfef82480ef59148785bb9168ad8409fecbcd |
| SHA512 | ef37d44028846dccb226c2ac7ea89633be530666b41b0943490b9de309625f8a66ed6866a66352cc6924d16da9eb701cb1d782c80796d845e8362c7b23ca753c |
C:\Users\Admin\Desktop\NewRename.zip
| MD5 | 8b4f03b1499966b051e60fc3d3bf042d |
| SHA1 | e63897ce8eef9fc9e5531df1cde8bb9314bcaa0e |
| SHA256 | 9eb3c6004c44cb54e8879752e0eff3f675c47d98f404a6b75d00690e3fa73c44 |
| SHA512 | 80828495aeff8bc6394ccfaa68d8488f7b617c117662ed2aec2c410cd20defc2bca7b530092657707044d86970456e89f6e39f2e224eaaa95fd7f30ff676f1e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 39a4fe60a6812410fc23fce2c6f29707 |
| SHA1 | cf2a4ae5668999beec9be61cbd27cdfdb082812c |
| SHA256 | 254400b6a160257761bb4c38afdd0a1f5606404e3a60af396220cd2132513dbd |
| SHA512 | 335b1ffd85dd376e2326040f5d40fe5c5f306f36426cb08595d1aeb5a3923e9fbb5fbe174fdda885d39b511a8f2d11a4fc32ba7dc3e9f0044644f62b6e067b70 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | feeb83180ce1abd4d5c71e0cd4193c24 |
| SHA1 | aa923c163b4a208b749dd3511266a4efbd3d39c5 |
| SHA256 | a2fe2157c2ae07a2ba93408fa094404bba192103643747ed951d351c7fb86dff |
| SHA512 | 96f068ffc6b1884043b1cb309b21c990853778896dac583cffb945e44541217fc31dcfa6538f759ab1eec45400fb858523ad91da139fc4cdfee144837f491110 |
C:\Users\Admin\Desktop\Microsoft Edge.lnk
| MD5 | f25b494091d81e4d4278c516b8e2a7da |
| SHA1 | 6e2c994b940df7864fde1c82036a878df905c490 |
| SHA256 | 6e0cbb274fc94a9ec91aac9b7874c3d742abe6b4a82346c86454becbaad31db4 |
| SHA512 | f0f306b69fccbfba1c62918473eed83dd6479286e823399668e84fea0bd20d0f5595500906e4e1accbd5d8e6535f1b936431f0d8a51c02f7419f11325e7e20e4 |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | 24a30fcefcfb00dbc2e5a6f5ab6d48eb |
| SHA1 | fad11515a89426cc7e52d4fc6cab41ff07055640 |
| SHA256 | d67a3da81230eaf11d9eefd9e579f98ed1b0e4ab67c0b5391b4b1c41341a4e06 |
| SHA512 | 45c409c3fa3baea563fce13a58b6bf02142cd917c064e14e5a3ba07bc7980e92bc745b4b26e6bf848aeb30c6df3784a941ff004ebcd9ee62a2ae8925d1294588 |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | 07dcb64be14facea497e66b250d4aab0 |
| SHA1 | 0a792a6de3ec36cb8fc8abfd58bf9e59de6eb2b6 |
| SHA256 | 2c1d9259c94acc31551cbee0e1df474b93e35a02c3dc631eb2254a879363e606 |
| SHA512 | 6284dde6caba6fc1fb37bc63572833463aeef48fb3e5d07ee425867bb91c47ba20f4387e3c5684abdf8bcdf1924ab1c7c02d663791985cd46ef659e2c55ffa7e |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | 0c9010f7083b7d64f00c32dad8b8aa34 |
| SHA1 | a4bf4da5a4d600fb32a65517a7a05810ce579946 |
| SHA256 | 047ae7a33d62474b888abbe5f45f6b18930495cc5cafcb269ae96487dcb8ac90 |
| SHA512 | c586369817175a9deb2850c1b840fed7242cc53874ef86c9348fbf0968297e5d405c21b4e02c6a8c63043a493f454c01b610c841cb9117bef3b27bdaa8230d0d |
C:\Users\Public\Desktop\Google Chrome.lnk
| MD5 | 3c5d33d2233e005a2a236adf601bb427 |
| SHA1 | f31985309932bfe6875f30fe1aed0e45d8062bc7 |
| SHA256 | 9f2d7ec3c5a207fc74aa97e6bd8b95b4b8402dba782ed6e82f1ccacf10b2b7e2 |
| SHA512 | 4574149ca9a7f3392932e6ac0aba080bca9cac7582cc21bafc743530a93eb15c440c819d6615d126dd4b82c5a69ae0f27905fa83e584ef0d13e58983e4251942 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a01d74b5bef01819368739a76eb0b51e |
| SHA1 | 39cb5adec40e2a5d9babc928ec89dfc536c18c81 |
| SHA256 | 7df38311c2df419f614a16a0af18f98722203915af9d195ed1a78aeacc3abbda |
| SHA512 | afa6d433dce70bdc37f8cac281648138550d722739aaefd85c27b9f24a9237536daca4cbbc21148c89629703e3058dc7e9c6ebd1343abc6f71c1e688bafb5f9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | afc62eb8c9dd58238ce46e5e927f4046 |
| SHA1 | 6017c740cde553193161eb7d06a2b2423145c7bc |
| SHA256 | 7e4d1e3539fa59deeb7d314a74ff0c47ed48085875600ad8a8f29b987362607b |
| SHA512 | 32e56655e37ce5562db9940aae29ba6be845bb8b5c4bd2703e1c63be58d15c2e64828373fa2984502c6d07862e9eec2315deac43d5a0b335943cdc180d725b3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e6a9b950841ea2c172d15c5e035ea184 |
| SHA1 | 0509a971885727a6aadd60c87da0dade4ac18b8a |
| SHA256 | 1f26ede64392295bb0099c664fa3aead6ea1d86259196a09887215e4801ce3ba |
| SHA512 | 6a3f5a23520a8052c8e3862c63325c8c6b2575d8f872f8976609b95277978dc6537ead48e4c271852c98a83ae64e71664bc6bfdae113b7cdf516de28d4f93ac2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d7273.TMP
| MD5 | 8bc31d0b731520491f0183ea233f01b7 |
| SHA1 | 2e1d7d7a296ec62ccc1e68477128aacfe2a70528 |
| SHA256 | ceff7981fe3d6d299ed7c7c53d4822bbed1a5867d4421d9284141cab65de6f71 |
| SHA512 | 256529444c45194ef1d2c701b3120aab5590df70b5c87b20e5726ce0bdf61769be3ed732b345f4f462b5cd2e3ab9f5b8e8fbe3d852b03fe09e5ca5054016e977 |
C:\Users\Admin\Downloads\Unconfirmed 728732.crdownload
| MD5 | 1535aa21451192109b86be9bcc7c4345 |
| SHA1 | 1af211c686c4d4bf0239ed6620358a19691cf88c |
| SHA256 | 4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6 |
| SHA512 | 1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da |
memory/3988-570-0x0000000000400000-0x0000000000414000-memory.dmp
memory/3988-571-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-FMLSE.tmp\butterflyondesktop.tmp
| MD5 | c765336f0dcf4efdcc2101eed67cd30c |
| SHA1 | fa0279f59738c5aa3b6b20106e109ccd77f895a7 |
| SHA256 | c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28 |
| SHA512 | 06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 90340988e1ff31f7818aaa5acbb906d1 |
| SHA1 | 2aeeb32a5866d0e9c7c3552c7fe733776f05ca21 |
| SHA256 | 5de0bd40d847d2278826af6c38c64ba73940c6e4014ca97abfb1ffaf6bc0123e |
| SHA512 | 6163b3b888a8c1676df4d1a2f109921d9b34ed63239d5a184efe751e7a75eb62192c6d1a4accfa4c158c8fcfe3636f29ac4f59fe3e4faed7f80c87bae6661ece |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6a283ddd5a9e2fd7402ff30588f38ce1 |
| SHA1 | 0cc36d360ef8b43e6ad1729e03959fa1eec0f687 |
| SHA256 | a9aa270458c44daac6d34ad093324756a04a564dbde98c3670aa91ed2f1ea9de |
| SHA512 | 094b05095a3d831c60b195012c7769483217592661c588825ab2d46d10c51e3fa8f9fab603cfe1f63131c972e3b29fb23a999e99493c24f14f2a7591248c2280 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 65f4551a3500b63de7f76cd5f8c38620 |
| SHA1 | 38fcd1a31fd22fcd3762a4dc5ca0cfa8f77642db |
| SHA256 | e9674861936b11265a49ee3c15a03c685db32246e46d863cdb52c0772f0351b5 |
| SHA512 | 48066c6f1505a1d5ed6a632b1df3e16bfb2604b17b5cdaad334c2e7e2591eded7a11b838ff2b731583a7d1fe2f4511893733f329ddd3e8347cb849768ae47fb6 |
memory/3988-616-0x0000000000400000-0x0000000000414000-memory.dmp
memory/3444-617-0x0000000000400000-0x00000000004BC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 62326d5a298a44e2d6590a89650a3210 |
| SHA1 | bab6422fdc0bd0205e8a6b50f2fd08a4083b6f0e |
| SHA256 | 45ea399c8ef755898e05897e6a3dac15652fb3019ac56cb92702ee92ff0233a1 |
| SHA512 | 3e86159c021c46565f7e6da8c62dd3d93e184c1ce957b221798e4fa39e8bc07ec188c90e96542ef379434c36a1bd7b5bb32a450316a2cc0e17e158972bc7bec2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 54de1bd2a0a715e2396353bde0f2b736 |
| SHA1 | 686d8f27354c74b3b33db35e49646cb2b416fc44 |
| SHA256 | 7d9375a2abf48188bf3e9892e326e4cd7091236615b32ff402aad1b61ed948c6 |
| SHA512 | 58b725f33b38e98dc276ee41d133533f4c6defe16e886f0a0c086a76df3365fc77cb9ded7d3ab0ac4c2b46d27a86cdb3e0d855e5d1e5def56db43d9d7c48ba59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 50aaad0c75cc7bc0670bd5cd5216b239 |
| SHA1 | ed04a3245d3bfedb0c198708dc968a7f9862e6f8 |
| SHA256 | f2bf86474658499902d481f8e367237e02b4ed0cbd3f35ac9b39e2386a66450e |
| SHA512 | de5e8fb7d4fe9b779a4c78f259e41cbf18ee9795979c622d471f4a891f374ccc84b058fcd9e562dffa953b2f573905b1e87911da7f96395b6cd27d7d6bb1be11 |
memory/3444-646-0x0000000000400000-0x00000000004BC000-memory.dmp
C:\Users\Admin\Butterfly on Desktop\ButterflyOnDesktop.exe
| MD5 | 81aab57e0ef37ddff02d0106ced6b91e |
| SHA1 | 6e3895b350ef1545902bd23e7162dfce4c64e029 |
| SHA256 | a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287 |
| SHA512 | a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9a3fbcfa62bf5701bdc66aa5a93dbb98 |
| SHA1 | 4f563066f98fcf5f12dbb5103168ada021d8ade0 |
| SHA256 | c8d83fdb9da75db88b21e9b2deb3e9e5bb22edd646be2a8e11f2dae04eaaa716 |
| SHA512 | 5b5f34e6dddda41e1ee87137f0a6700ccf0dec5f09b48425a02190463dbd90fc328c991b90a37b27dce2b261ccb664a3eceb6f15903e9b615a298a37c9b4336a |
memory/3444-679-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/3444-687-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/3988-689-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | 856a3daa268de8801e7cfd5b727b6de2 |
| SHA1 | 8e099b433518980e657c7541c49b498e6b83430d |
| SHA256 | b870ae3c5216311e1dd7b8662e01d1fa3326edc85a98a58247cd37b8cfca0be5 |
| SHA512 | 2f191ea906a3551576ab14e607fdde9930fcb15f15ffb40a8c5999ba07224bbb8ea69918db11d1cd719a3d57510edd466ad2b9199c6a45a48463b0020a2e6eba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 615ad65216699377ea3398806eb52268 |
| SHA1 | b7a62bed21cd97798384e3d9214a1146968cc1e9 |
| SHA256 | 62926906a280e7f2586cb859635ce44ad98d12f4990cee11edc13a71da213545 |
| SHA512 | e26b4ea0893927b71e351342f79196ddac22bf454e922a77ea8f30f1b0e21ce9c68eac243448ee60cb2d2e6d94fbaf0b1106661a3c124d333e07ed72d080cc30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043
| MD5 | cc24419c482370498f3c227ac73d666b |
| SHA1 | 37fc103ace873f47102e0ca88eb4735bc6806750 |
| SHA256 | 152fa070788f0cf29dc062f03860897c39c7ffa13e6eee2dc3e5dc131ecbc7aa |
| SHA512 | b70a76518fffc215370e5de56122763b54377cb52875c1ce0a87dc7a24aade947d8c412b27e879a172b0de76d9ac654c3d358a45c79ca00f20fe3c4950c6c55c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 77a25f4c224f2cdeb62f621a91daf64b |
| SHA1 | 6084b8e66aa777dd9727eee43c82ea1eec0b1fe4 |
| SHA256 | d35b293a41bd2cf4ad5496dab6ba673a85cdbc08c0e0acc9d6f4f8d550a720df |
| SHA512 | 1bcf3e9765431f9803be9812abab70947f043e7b1f77992458741f0457dd575e5d1d0b7350db86da80a0456df149a1812961597c2f5bc6b13a643894da215c38 |
memory/4012-941-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a79c93d7ad61fd35ae87e14583b9b39c |
| SHA1 | c3e08b2277184dce745c6c3f02a18628c6bde122 |
| SHA256 | 79207898f6cd83f2793d304dc5c4362b9a19f22c3ed9c3051be66f13ca0101f6 |
| SHA512 | b4648fd5133dc20e1cb57dc9212c362a936c935066dd2471ced71a87d3119b37d8f3ed8e006cb194cb63a5463785e2aa20f4e2473b2d01d6b65719bc737955f5 |
memory/4012-972-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\Downloads\Unconfirmed 252871.crdownload
| MD5 | 85c8172bb4cbe1f62952d525c3c855d7 |
| SHA1 | a1b45af066894c77c278f6ca4e9cdc24f6c61c08 |
| SHA256 | f84552f506989cca3d3b592a9020931715b5a6675dbe44c9d1fdea36646537c6 |
| SHA512 | 98c0483e667cc316f38ee1a6408cf99fa5178b27fa0cd8b4b8a12e5d5817481983591509679c70b2e2a1aed5036a6ae52ff8f3ae670df1b55ea05b1406f47e7c |
memory/4012-997-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | d548803341f6fb32c6fe430b749b3459 |
| SHA1 | ecac68bf9746d60119a2eeed75779e0e87803d69 |
| SHA256 | 4287d64e25c225851c04a55b77a12cf077c6401e85e36ae5929f66d1a5a298bb |
| SHA512 | a5ba27b66548d473287cdb6ae838ae2ad73ad023c2b279b8bb793968b0037ad8bd1b5e98ceed0b573f8da7f8e409ba8f8b89437a176c2dec6a7e9dade8e8bb2e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 9b8ecc25edc8b83ee994b051f8e94a48 |
| SHA1 | 672cbb6051ec2b39cb5019aae39801ae0d1332ae |
| SHA256 | 1f547b9616e84a9b1725c6835c42dedd8444a383c59f36b2cb22a9e50aea99eb |
| SHA512 | a39fe9b6803c04cb90d86c12d526d9c0ecb855c14e12c508899c742b0ddd23b60aea215a3cc2fa38c182df81f85c289aa84caca814ebe52d5a3c0378657a92d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 973b678ce376f5f72f6f047075751566 |
| SHA1 | ad53a9db4584ccf3837c29eaedaf3e7aee2d442f |
| SHA256 | c5e805233a53cfe673b3b14cb24ac9ed4a1ea3602deb21bde6f09f28f6e7500d |
| SHA512 | bcd72d05a2acbc823d7df971a3f5e59158e732665d2cadd1bee44547d3c1216693afe971d31ebf8e3944c6579fe80bbc395ee2c5bb55609776f58ef94100ba00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6b48d282132f1351f81534991d1ec97f |
| SHA1 | 93cffc5fda74c500437be04468701e9abafdcb56 |
| SHA256 | ffb4ec4eaf8bd1c8ffa010108ded44fc7c0148348fc1155361bab0dc84fa1ace |
| SHA512 | 9e822f08d9a4908feab66ebbd57428c13bf74519d2b3a4af6198168b9887fd8edd5da1e44a75f4110ed8cbe0d19d670739630077445ec9e0aa1d9887d10de529 |
memory/4012-1049-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\Downloads\Unconfirmed 423859.crdownload
| MD5 | eb9324121994e5e41f1738b5af8944b1 |
| SHA1 | aa63c521b64602fa9c3a73dadd412fdaf181b690 |
| SHA256 | 2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a |
| SHA512 | 7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2 |
C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\SetupHelper.dll
| MD5 | 70cc462bb6933e4ef78626e27cc72f8c |
| SHA1 | 056ad34da28ca90bd40e4a1b0080514df9a1d789 |
| SHA256 | acf4cd594e472c4dd1fd6ac0e8c6841ec942e0b27e3fc5c52fc345f4ec817fbb |
| SHA512 | a5fc7ae7605e15b70b6b410cbb2ff3acde89746d3a8d10196e42fd99d17b1a5eac0bb7fbf0eb65ce273fc3465e58fc174133bec1a3bc676a8010689ff760ed54 |
memory/1636-1063-0x0000000002420000-0x0000000002763000-memory.dmp
memory/1636-1068-0x0000000002E70000-0x0000000002F60000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 91c04c99e4380949bfcbf0c5910c4d82 |
| SHA1 | 889df37a8b608a5e87ed2b710e9c2078de1306b5 |
| SHA256 | 52cb8dc94edcf8962d485e0bc58e9ee2eccece5d52fd49f9d28297981add88e7 |
| SHA512 | 8757cde4598b3d11b476abe13c459bd9bcbf9593d5c0f16f76701164dcc20586c1d9bdbf5fb613fb9b24d24ec0ffa54e7bcacf8f2941fdbbe31257dffcc7daf6 |
memory/400-1110-0x0000000000D90000-0x0000000000DEA000-memory.dmp
memory/400-1109-0x0000000000C50000-0x0000000000D86000-memory.dmp
memory/400-1111-0x0000000000DF0000-0x0000000001816000-memory.dmp
memory/400-1113-0x0000000001820000-0x00000000020FA000-memory.dmp
memory/400-1123-0x0000000006FE0000-0x0000000007000000-memory.dmp
memory/400-1124-0x0000000006FE0000-0x0000000007000000-memory.dmp
memory/400-1133-0x0000000007150000-0x0000000007195000-memory.dmp
memory/400-1134-0x00000000071E0000-0x0000000007212000-memory.dmp
memory/400-1135-0x0000000007660000-0x00000000079A3000-memory.dmp
memory/400-1143-0x00000000080D0000-0x0000000008128000-memory.dmp
memory/400-1145-0x0000000008270000-0x0000000008290000-memory.dmp
memory/400-1144-0x0000000008270000-0x0000000008290000-memory.dmp
memory/4012-1163-0x0000000000400000-0x000000000070B000-memory.dmp
memory/1636-1167-0x0000000000400000-0x0000000000481000-memory.dmp
memory/400-1170-0x0000000050A80000-0x0000000050E72000-memory.dmp
memory/400-1172-0x0000000000D90000-0x0000000000DEA000-memory.dmp
memory/400-1178-0x00000000080D0000-0x0000000008128000-memory.dmp
memory/400-1176-0x00000000071E0000-0x0000000007212000-memory.dmp
memory/400-1175-0x0000000007150000-0x0000000007195000-memory.dmp
memory/400-1173-0x0000000000DF0000-0x0000000001816000-memory.dmp
memory/400-1171-0x0000000000C50000-0x0000000000D86000-memory.dmp
memory/400-1174-0x0000000001820000-0x00000000020FA000-memory.dmp
memory/400-1169-0x0000000050000000-0x0000000050260000-memory.dmp
memory/400-1168-0x0000000000400000-0x0000000000695000-memory.dmp
memory/400-1177-0x0000000007660000-0x00000000079A3000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ec4991cde872b8840af69af101fcdcec |
| SHA1 | 8e78c222002bc5d48a99aac63872de9d55a80ecb |
| SHA256 | 39667222c195cf953c950370dd7210d1722eb3b5aabb4ac286a9cda5a0800dd3 |
| SHA512 | 7b4fc76e9dd75a049ecb3ca64bb6db54a04e0fe4a5b3dbb9ec45c67b731f83e763d8dcbecc06056c19890230b9204be94ce9618c2ca532c678b6a37db64da680 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a8802c0575c6fabb73d1e4614e46ce36 |
| SHA1 | 2e7f799a19b9cf024b4eb6a73389f7548bfcf329 |
| SHA256 | d6970333df0838c90d09124b82236ae2ebd53d8c4b7eedc3d48bff2b119bc4ac |
| SHA512 | 7f4a92d58d1d6a344064b7429347e053519b7526701c4ea06a613c29d348a175f3b8b422b7f5a9c2f12b16456148f5477f33ebd45dfb50eda71f137d69468dd4 |
memory/4012-1197-0x0000000000400000-0x000000000070B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b76c8a18ab0ba3969fc3335204c316df |
| SHA1 | 99c85afb708b0b54e6a7ea8ede809e032120e29b |
| SHA256 | 464954d666b6e673ae5e51e5904e7fd0b0ffb580a37b6159aad4ace5c3aaee62 |
| SHA512 | 9f7a46699b52306eb95a9399bd4e5ecb8ecbca1d955c15d9ef4bac2831bf9ddd0215331ce13121dbecf5d50bf12d403e5143d299b22a362b7c6a12684a6eb05b |
memory/400-1209-0x0000000000400000-0x0000000000695000-memory.dmp
memory/4012-1208-0x0000000000400000-0x000000000070B000-memory.dmp
memory/400-1211-0x0000000050A80000-0x0000000050E72000-memory.dmp
C:\Windows\SysWOW64\Driver Updater\DriverUpdater.exe
| MD5 | 7f3308a5f175bc30c6532a25b49b829b |
| SHA1 | cda1aa16310157b5141a691bb39f92e7af2dce9a |
| SHA256 | 9f6569ac1c2bd5c878583cad1bf0eb67f5cd625099bf803908b3127043581fab |
| SHA512 | 6bd47b7ed2a796a47e440b4c99d212304f366c0ced69d3be981bbb10eb7e55fa010a8980a38a2caa7255ba896e7b0a6765cd8d41fdeca97c0cbf38de3a69bfb4 |
C:\Users\Admin\AppData\Local\Temp\is-8300870.tmp\__setup\islzma.dll
| MD5 | 10d16e657af3bc025b925f9b83ed8fb6 |
| SHA1 | 88a226d8feff248e0a0246e28dcb8db29114a8b4 |
| SHA256 | ac12a3faa457ae0bb5c94b75b03717c610b221317e9718f04bbad54e0acd382a |
| SHA512 | f953522760f0dbdc66a5857bcd88895fcf2fed6eb4efcf9b7295fcbdf63b6aedf1af7ec121e820fb45f342078006f03083a2998c21e4aa463d155a9b5b621961 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 3b85f1574c7da1291fb80b613957bc25 |
| SHA1 | 3e56c2be9eabaf5d1ea3e0cefb1d92c2ae254169 |
| SHA256 | 3d480c5cba5e8ee33b10c0fbce9b538cd98a415ecd0919a58ecf05bad9e104b1 |
| SHA512 | 31321969e102f8d10640306e9e3c95793760787596e0091795309469653e54f4c2cdc360968192a964cf93b64c0e87184131ddd4828556a541a06a423b54f31d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 07effee7bbbb0b6436065cc07a397780 |
| SHA1 | 6c4d63cbc1d82e937e7a8c8b118ef49edd6ed941 |
| SHA256 | 8b3204abafe6055c053a6a625bb64044f6830057cd46be3ae2d8467d1ed2e6d8 |
| SHA512 | 746a925a4fd2bca67988011aa9035a141527df7453d3dc27d917e67389ebedce29f67d8b86608dece6898e41e6941fc8ac5cdf891a2523f1586072e92f5a79e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | b14b132b897c73798c66917791717e4d |
| SHA1 | 6f3399e17e1cadc0e1cd9272eb20f17741df2948 |
| SHA256 | 31ec27e6031e6bb365a0408e96d01c603e0ac60e4d69d118177bd63ed463197c |
| SHA512 | 803a051eafb972fd61efd79189afb4d954a5f795c504788872045455ea01acca35464acc1b52e705fd503405b1c6b1eb024e10a43943f6bb2cef3aaaff5bb558 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | c0b23ab60efb763d27f9f92b50b6728f |
| SHA1 | 259f669d1089469b1485ab4c07942c8f32431267 |
| SHA256 | c066161623da6821af1d38fb2fc8b5026e89caf02416be88d9543d1a0d337f1f |
| SHA512 | 0a43c9a501a2b462b19abca689815b4a8ddab19b1abef51072f86686fe6c20f555b9d4edc62cc41d3dff6f364269507a75da6d43ec11eec129d28a44857bb717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 635efe262aec3acfb8be08b7baf97a3d |
| SHA1 | 232b8fe0965aea5c65605b78c3ba286cefb2f43f |
| SHA256 | 8a4492d1d9ca694d384d89fa61cf1df2b04583c64762783313029ae405cbfa06 |
| SHA512 | d4b21b43b67697f1c391147691d8229d429082c389411167386f5c94e3a798f26c2457adf6d06caec446106e0f0aa16d895bfc4e8a1ff9e9c21a51173a923e3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 5d0e354e98734f75eee79829eb7b9039 |
| SHA1 | 86ffc126d8b7473568a4bb04d49021959a892b3a |
| SHA256 | 1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e |
| SHA512 | 4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 2923c306256864061a11e426841fc44a |
| SHA1 | d9bb657845d502acd69a15a66f9e667ce9b68351 |
| SHA256 | 5bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa |
| SHA512 | f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 77e89b1c954303a8aa65ae10e18c1b51 |
| SHA1 | e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73 |
| SHA256 | 069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953 |
| SHA512 | 5780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 882a1e1f1cd7ce33ccd4c8c0ecf5e2fa |
| SHA1 | 3b8a1b5d383c7c86b7e208310e0d9b42871a8f5b |
| SHA256 | 52a4429b86802852fa95506e5dd2d27a25f1d9c82792dcc26bc905e04e2a52f2 |
| SHA512 | e86edb1f019835dee4d403f355f5fcba8271ca46b900d6f4ed4b4e53cd5084d6a3512468bf11c506baf0fb4b27dbbf1a3f6994051ac59b5dc72c54c37fee6496 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 431e1b9820e5ace6d832a01f0a6c167d |
| SHA1 | 71a698488db64540a8bb78a0cfa85a64a608b6a4 |
| SHA256 | 860a60a79bfe409f63c2559777212f99c85f3f052e46c87e9d0c6fe649dfa8db |
| SHA512 | e9943a2c11796c6f55b4bf7484074d7e2db2a346c338fc62e34b5ef1e17c91dbda416580823531af317c4528bf96bc98256e27acc64313f9682ca1ef98072cc4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059
| MD5 | e955953b801c04327c1e96c67dd3c618 |
| SHA1 | f9061d3780f153e863478106bf1afd85132bccb0 |
| SHA256 | e8965a2d52ef25918ebee58ab6971745d396177a7943acf1ed53a65bb4dddd45 |
| SHA512 | 6318ff1eb838954dd73dab5ed891d47f4f39089fa5e899d30183c32269c5620bd09d169af4cf8303e3d5c2ebab23cfe9ae5d9fa5c3281023abb009f66a25782a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 6c82f6cefec6e7affbe182d58dcbf411 |
| SHA1 | 2d74eb47178146e2a7ca8e8bd7e24583a9786ee0 |
| SHA256 | fadcecd0d0a75ca1376f9c5c2c24a33da92f0a8fb6ad01ef44532c4083f9dca6 |
| SHA512 | 1352808ffa2500e730a87bf065248c3a7a00e41503f71aac4d41491b15a5f56de77146374f04fae55774221c6eed9de17a1065535d329cad46ee0c9531199d81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4e8c6fe1fa7a6cbe99eebc15e763969b |
| SHA1 | cd2eb414a70a2cf6ca482834c72669384451e84b |
| SHA256 | 2e5a61a1a4aa17d5c518484bee12f959600e0ab4f7ae1d4e79463e9a1690370c |
| SHA512 | 289244eafdaaf1f68b4fc36fed4cd3978faa72a52b29352386d76873d4189f0bee63134fe0dc4daf964928d4ce33cc643bfde02b155ad2c32a042d0a78c01db2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 201ad75e3ba36a5d712256d75678f3b7 |
| SHA1 | 138a477a9ff3f2235808e08ec1ac3271933345ab |
| SHA256 | cdf935708013d672feca748c9be55acb221cb4de184090eab840ca99c3e19fda |
| SHA512 | 427276270428d171fa58b075d67bcff4fe3d2b7ee673b14df4749c6b8225aecb7ca907beddfd44002565d0427155867ad722ee6518eb497177b6eb2e30dde2dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fd53601dea9548c1c8a280d6264a4adb |
| SHA1 | 796e1753347e55587b4dbb663c9c1000370f99f4 |
| SHA256 | 878fd0867ba730468e04ebaf85812c1569c63e1c212f3a76fd9e77600cd62b4b |
| SHA512 | 670751ed54b19a53e0d54215d0eed61a65f9d366d2efb06f676da8759e7a2c2b473718e04a56d3a4ab180b4d28ceedf3cea80e3edc423d789d75d891be202a7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9d601c95031b27f6a8f9e07892977242 |
| SHA1 | 8e2787c73e29f03664c6165574f99f8e08e6677f |
| SHA256 | 405c57396621ec62f2a1d8add59355b3414d5ab3d888e2fc401de3afb869a1c0 |
| SHA512 | 3c2608294370296c6a89cf5bc4f64ac872dcd1cba615824e872b59b229018be667b4495ddd2dd3928dbf4bcb4861f8aadb7e8fca4883666d6d2b55a98ed1a816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 515a2a3fe7b3b636ebd76831c1067a43 |
| SHA1 | 556ec5306ee44f500e9924b96f547d26bfd025f1 |
| SHA256 | 49b330364cf6825d84d08ed5f1d1f846064df044981f0e06dc7aab7b317cb3dd |
| SHA512 | 95331d1159d84634e35bd3b14550361c1e11c5fa251c1dde575db5998aee01d0ed50e3305f64304e8132b1a81bf144d65e9fa2e2d20ddbcd9447530aeaedca1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | cdf9ad3ea0480452bae21f756a3e9a30 |
| SHA1 | 1c18ee78a9322093146e1e36aaf259a58c56dac8 |
| SHA256 | 4305b67a09ceed940801e9eab20007b008cde5cfe246bef5cb23318ac58b797a |
| SHA512 | 600f22abc35cb1f14cfd7efbdc65e44b837c6ddff680601b0c7d544c064a0f0e9cccd10345d2677b71e9b744a6bab5521f880dea34ccb6dcc8bae9777fdd2941 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe604c6e.TMP
| MD5 | f7c1ecd6399f09131b3523d5d2aef411 |
| SHA1 | 720226bca259f1e3ddbd65bd158229aad73f0d0e |
| SHA256 | 371850494421af503c6de4f346a33cdef7028e08b27a7c48201d68443eb250ef |
| SHA512 | a90c423a8d5c506d8d373805fa138ea638682d34e3ec0236d61f645260ada9171908bf2abac217d21ec50bec31160b0388258e956246109ac3dcbd64b43f68c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | f8f78dd4c00a4e8de49542a45ade7737 |
| SHA1 | 59187e887b52d9e41bcab8ec263547080430847b |
| SHA256 | cc7538d7f15156ff97c85d40748e82bf3f7f6674709c4efe66da1594c4aa1e51 |
| SHA512 | eaa78ef8dae881daf710bbdf4cbebdb631b750f79136dddb9fab6b1990db889827f3e67d4000ab077f3c6ba92ae2509ecd0c2f50a1b1f06b0f6d662c9c63da8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c809b7fac5baaba3e8bad29cc5bebc9e |
| SHA1 | 948f290f94cf3cbb783c999f2b9988e3f9162a84 |
| SHA256 | a55a2dda2a6369f08254807e0323df2b1f2fea42901d1cad6bc6e1b851a10ab4 |
| SHA512 | da66254d0b1ffc9e4df39de90eac6260bb233ff0c2c9827d75a4722b28e9b4e613fff99fd8fbc2c9dcd52d52ae0fb2556e77be8ce0ae5d8c0b2e2019f6a7da90 |
C:\Users\Admin\Downloads\Unconfirmed 747552.crdownload
| MD5 | d8af785ca5752bae36e8af5a2f912d81 |
| SHA1 | 54da15671ad8a765f3213912cba8ebd8dac1f254 |
| SHA256 | 6220bbe6c26d87fc343e0ffa4e20ccfafeca7dab2742e41963c40b56fb884807 |
| SHA512 | b635b449f49aac29234f677e662be35f72a059401ea0786d956485d07134f9dd10ed284338503f08ff7aad16833cf034eb955ca34e1faf35a8177ccad1f20c75 |
C:\Users\Admin\Downloads\Unconfirmed 747552.crdownload:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9ab107745fa3c59767b7c24d5a0e3012 |
| SHA1 | 2d40a03c18cafd14b340aeef06a92a8e37055d6b |
| SHA256 | cf30763ca754998d2a880ba016e18c0477b631faa1902f648c98554db4d44428 |
| SHA512 | e4ec4d6e4e152f49f90a2ac74e4f0395808a26645b1d1c2a509b9ff9ea623ee37c7a3ce3ef32e14e8800452df1d02707cb3457e24300f455f00bad33f3df1733 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 7eccb4d08289f1965938887fa8f1f334 |
| SHA1 | 90234fa0f1bf6b2a4cb6adcba5b91f4df54acdd9 |
| SHA256 | cb801f5438cd987f8cb99c3ea5470f74fed1bd4c2167bb038bdc8ca78c55cfcc |
| SHA512 | ba31c7c84b188196a49c613b0d3b8cca9130c223a61d06f252ad323f78e129dbf4dedf2a6d0bcfbcc0b066b009918e155aefe9974c9b40fc0601ea79da29a9aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8afb46819fa2fde1da0a379a02eaff01 |
| SHA1 | 3f6bd796e3ea6251be6b66ae7336383e98e1f4b0 |
| SHA256 | 107a0cbcd1b6c93f656de396c0cc431573022190239b46887483927f7c261764 |
| SHA512 | 7e2c9d5184f344adae535c8c0c182971988de05432c45eef4e2cc8be411f1be305ed230d099a3b3315c27b98e8ecdf16d5b7a4ca098098f962fc09a02aeb603a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 88dc1b6f152feb4876bc78eab2f76096 |
| SHA1 | 1be90c1f3d34aafb77ad96a61271fe219d268445 |
| SHA256 | 54ccdc33f789ff676abdbabef9d84c847279632c9e47b866c428835e581ab64e |
| SHA512 | 4076a37e5decee172e95e6241f621f99e9ff78560cfc991bb1c92fbc1d657339b96011d8c9c78e883b5225ab6285de4c44c8c4db66fe96d71f9a5bad2f19eab0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8bc239957b3c39595bbf3b12244a26a9 |
| SHA1 | 3205446492f650f7087ccc2c2795dde9a59a24a7 |
| SHA256 | fd17ac88e1a45eab1b0a3149f0177ecd5bcda82261ee33876c8823e3e3e99e76 |
| SHA512 | 82e1a316204e0c3db9f538d629bc40a156fed8deb4d1872948c4208a51f0e1de41c0315bd7df484e19b39d1f03c7ba1e2e4e2d6056b146d8a845b298066c9bd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 26918c048ad00f0dacd4e26c1fb96fb6 |
| SHA1 | b7f47b0267ca0d95eba4d58a3b9fb6f4bbabe4c1 |
| SHA256 | 9bf9d0c44baf4e6a7eafd8c9155ec8d501d7b69a224fa79dd29e6e00024b456a |
| SHA512 | df2b4a5c99218d6b8f0bf77dc225f5170a521a1a2654e2a9534bf8c0392fe11b940bfe12f1c3653e5f68e556ed172dc26bea4e5d57ce95872cfac028831ed499 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067
| MD5 | 6b5c5bc3ac6e12eaa80c654e675f72df |
| SHA1 | 9e7124ce24650bc44dc734b5dc4356a245763845 |
| SHA256 | d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81 |
| SHA512 | 66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bd06bcca61deba4ce1ecfd502ad3e95c |
| SHA1 | e79beb8c8ec9e42a837befa5f24d671c6ab22775 |
| SHA256 | 6fe3ab12410d0c6834c2aa6a57cf6416915c973ad65fdd321cb75a9a7772cf49 |
| SHA512 | 964797428b9ea088c5f1c20130232043272d0ae3ddd04a66e52dd83b350898089d0b429375ce63d8847cdc439ecb3b30679fa600b806e183def64900f893aa86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9da6042c48d997b3a4532d82db6da9b1 |
| SHA1 | c8c9fb4a132a6a927a15613e0362cca47af25dac |
| SHA256 | 834a25e252e690feb785ec9bf419c477e15e039c9464f116fd0341f56dce053c |
| SHA512 | 55e512bd375771f48b28ea3187441f6c59b782be4e891286188073b82f19aa1c26b2a623e3ef0c78bedb1f6ad124e3046d5d73adb98e167a10ccbf1519ec6a10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 62cf744e02d7d7ae8d52b154d8dfc7dc |
| SHA1 | 988e392f27eeb08882afb73efb4ea1cbb335c4f1 |
| SHA256 | 45759131bb7a916f8bb80cd704c8a77e0795f0d1f6efb05d329280ee5409e48a |
| SHA512 | f05d046b362e6fdab7dd96b04aaad2668ce9149614468ac542a73b19d874ec9c2fe77652256556e03d27c8109053986a0c05c8336412ea25356433df7275f497 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 30e35644a4a776e017f2b803af57fcdb |
| SHA1 | df0becb63fc183b39408ddd0407f52d5f4fafadd |
| SHA256 | bf41589609cc1c97e17569482db595db596a357699fb0991318c96a9fde80c1d |
| SHA512 | 0c047a6e8fbb0f93ce49c2cf6f50a262dff34186cac28ebb4c700bca36f5d0ebe7cfdb3c2c4bf46a65cd2d924bc65e598264d732ce6a6b5e889b0e2910459ede |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b341a396f91222947a056401fa226006 |
| SHA1 | 0fc422f34ec3fe69726b20ebfb2870da97caf6eb |
| SHA256 | 3442e82331cd8424a19e79c89708930f43e9f329fac66ec1520ea6b9da314cb1 |
| SHA512 | a117312fdf01b4127d13fca13e5aa6f88155c3d654867afce7e852687ec5e1fd7f2ba5161bf8400151612970bf560d2b388a1aff62b10d6ffb975d091f42bb3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0126c8724c70105440c19585086257c5 |
| SHA1 | 9f2bb4dd287e21ef9ecdb578a981dac2928a465d |
| SHA256 | f55fb86330bd55fc5b259c6afcec6b2b1031d647fbfc2f9bffe47d2f1739432a |
| SHA512 | 3a8dfaff1d987c416cf0f7366dc142f4450e76723d4112d5fdecb0abd1ae064af23ac26091602fd7d9b9fe179b32e7b205eb3a33a88d92ed3e97d5cc2d7e2bb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008a
| MD5 | d2d55f8057f8b03c94a81f3839b348b9 |
| SHA1 | 37c399584539734ff679e3c66309498c8b2dd4d9 |
| SHA256 | 6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c |
| SHA512 | 7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008d
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008b
| MD5 | 6c8413dbb2b54b0d8d2c44902da2488b |
| SHA1 | d798aaff61a4dcf553c40705a2029497dda61d1a |
| SHA256 | fe8ffa9f7682f10f96899685ecb9bac43717904b88b54fd49dc0107f77f0096f |
| SHA512 | f5ed56a26aaae0093ed55deba827d02df775c1673cf3270a1ec6d5feef3a3c556523d1ef5535da4488f284b8a9ddf67682309748a769f0b39c96f06409030fdc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008c
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008e
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008f
| MD5 | 3c6402ca667d5be25d0cf118502f6f41 |
| SHA1 | c57737bb7409d91579569d7cb1f21c8c5925c430 |
| SHA256 | 065c1d1d5d643ada11492f0b69c18d437cdef4bd9cc604af593cddbbc7dfbae4 |
| SHA512 | ac2fcbc9165343b6046b880623ccfc3ef50e43609f5432e41f477d8ab4142ae76eb82bbb27144f89053ec6196f87249085d7a31df25564c75be9a14ac58db464 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 485ae54e7cd83ed06eff6330c62834bd |
| SHA1 | f9c78c0d64c141faf1388e527029d4d275f92ffd |
| SHA256 | e966bee1903411828f5315328dc1beb0e26f86d4c905f093a0013fc09716d1a3 |
| SHA512 | fe80505e9c7fe22884692388be755ad5dab4466cdeb7f60b4f4f90a9eac330f72159aadf99db8a689ea483bd00a510b08bc52227652649a3727dc34cab364883 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0f5714364a4dd86c709590f01f6946a3 |
| SHA1 | feb8574fe76e411dadd7d0c4107b7f040051442a |
| SHA256 | 271e3ae06aa844c4fea4b9dfed1e2bdcca95e681f32e54cbcce1ef516ed16c53 |
| SHA512 | 8890ef212e1d088a2049e20d9dd73c719d4b28cc09fcf6fc76e3633220420be0d4b5e5f5ab00499f2330d7b6afe50d9c19670b75bf9963ac0dc529b5c7ebdd23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091
| MD5 | bc9faa8bb6aae687766b2db2e055a494 |
| SHA1 | 34b2395d1b6908afcd60f92cdd8e7153939191e4 |
| SHA256 | 4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed |
| SHA512 | 621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090
| MD5 | 3cd0f2f60ab620c7be0c2c3dbf2cda97 |
| SHA1 | 47fad82bfa9a32d578c0c84aed2840c55bd27bfb |
| SHA256 | 29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b |
| SHA512 | ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6d13fb283cdd1742aada4fd986a5ecfa |
| SHA1 | 2aae847bee5ea49b91ae771715a9ec62abd168fa |
| SHA256 | b587e847ea7d4938095f934c390f4f67adcd6ed464f9c3da3d724f79ef68e388 |
| SHA512 | 1fe2fecd3c114d02e1359ac9bfcdeb692520e898990b8cee230f4686aab312c00263df31d5109a83f7c892321ee15321f63f931ff5edf679004b35596ae6ae43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ac
| MD5 | 69ef77257c7fa3a494a232f90b05d55c |
| SHA1 | 19dc83dc05f718e9693de231d48bf0307d8d29a2 |
| SHA256 | d1ec04bcd468208a30012d660d1e857bd9d4d937957d45bb10cc7483de435421 |
| SHA512 | 1b95ee10d622e1468e04691dc47fcb59da6349ba8cdc0814ac8d27a0ebcb9c09692ef1b86533ebd59f2bca87f3340cbe032a011223afe4e7db018af47bab38ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a9
| MD5 | 9a8ceef2725801e17be5c55b0a7b6887 |
| SHA1 | 567f8cc2c9704f0f9186e50bb7ed9582bc3ac924 |
| SHA256 | c34f0544214631ecebb3d75ea3e9876f8096703b293266fdcb6426952fc98027 |
| SHA512 | 57c534210f5905ae7d74e3adb6c39ad3d387797786b9a9b8def51508f83b83e97dbca9a48dd0bf38dadb6ea81dc5769d704c8ad58471baf727866eb06c2c4dcd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6b4aa7ab0128407fb5e666d29a53e20a |
| SHA1 | 87131885750a8c22317dc56d8da6e029531fd5bf |
| SHA256 | 1fcf07da736c8e4f711aed790f7cf210d204249fc2425df847de0766a1c2ef79 |
| SHA512 | 6dceda938e0fe499a5130dfeee6c9ce40f5a8a503b8bd869dd256cff8d224f99657b4b74cbb201d1ce2e62e8269cd7c27e57aceb402be43df88802a110638daa |
C:\Users\Admin\Downloads\Unconfirmed 637067.crdownload
| MD5 | 4e19e70399076ab58d1160d0fa2664ec |
| SHA1 | e7ca7e0f1895c6bf60a14d6fbb0ccd4fb10a3134 |
| SHA256 | b9ee60f31be0b7dc3f814c8abbc7caacb6a3e1dc7eb1504b8e831dd42277f8d8 |
| SHA512 | f6338b52cb5a80d960e6b1ec72a28538614782a75d0270cb89e911160c0a0e8e3a4d0f93fb902c70c37cc5f4da0529043776e2c0b59287096f976addb7e584d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c70c05a064cc8dc0dd2eefae3e9f3647 |
| SHA1 | 91fae7514539516ab53151787f538b06cf32fe69 |
| SHA256 | 0c1388945dcb9bb36779202fe3124f85fe04d0ec80420210dbe5e66318d66d46 |
| SHA512 | 56a332c73c54263eeab1c72147a00821835621cf144bc1b93fbf3bd7a8d6f47926dedfdc92571967e9f48f007bd399b1009b4a28df15ea46dfd8ca3255610de4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 0e4f29c6572aaaae6b61508f819bb27d |
| SHA1 | 5facbf0f6d11c5bfafd7f5dfdf06dd60bdf5bf50 |
| SHA256 | 8c27c68ba3893ec798ace65516c695b820aaa709e98c4bd646fe8ad2a194ffe1 |
| SHA512 | 89247f94f095db92ef79b8b7181aeef0e0b37b21bc2126325d106a49a7d2f9b7c5478dc0fcc0ef44ae274226e86bc59fbe85d68668685b4c268e5552aa9f1c6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3ffce290fb0efce2a33b444b066d7689 |
| SHA1 | f8d7e4637621934d8636d28c069d833fea3ad3ea |
| SHA256 | 69b398b7fda7b3b3dbaef819585b6439efeb1f601507f2cd31193ccd2ef845a5 |
| SHA512 | 90d84b19c651f037fa8fa1d18a08ddf04d1df5e28f9814d94c597c5c06a8fc11595dc1326825f7bb7ea760daebcaa4b8d6929d12c06bdf85af61d4ce7adc2b52 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 7e23cd40cacf099af04de2e312ae1512 |
| SHA1 | 238502032436a8af363088f853a0d4bccd8b61f5 |
| SHA256 | 2b2a57e9466f21f5432c11a5138c984421d5c9228ec660926b24a5e75b30168f |
| SHA512 | 3e1e8299aab8a8ac9d9ac782c6def078ca6e1c2d024a8d00dd7762a4355c78829e831f6fd20e48b797487f212b0fc46cc5f8764e0ed5ee4a03d037501fb66dfa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 18ae209b0e7871f0f909a4349a9ae566 |
| SHA1 | 6749e11d4535881e04b18d654f6a17606d7a8e44 |
| SHA256 | 0b290895eb4354dec76c6e657407bbbaf159a12e7c3c3f0b4c5036e97e2e1734 |
| SHA512 | 84057fa428074c89626c251634685fa5031f43902e6a53d462f6e0d66a8be1b1a18acd9bfc6b79a14627751d3b4b27455b32e6e5c27cd59135055b3f28abd5c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c8
| MD5 | 3d45c1dac333992c8f38ef2c309291ac |
| SHA1 | e94c99df0999bf80e47ad0732a629ee89b35532d |
| SHA256 | 515c04c4bfdceeb1b8799e26efa765376166e22a826cefcc11a0a703f6876a0f |
| SHA512 | 68729df01791dfe621c8f0e0d27d34065a8799670d6e08391d64c0a183e04e647a3957902554bb60f4c364575c96267adc8fe75a521cc50f6d56b5b0c856b6c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 42d5b1aef1624610bd6550d89ee95de0 |
| SHA1 | a4ea5254f2ec52802c44456a8c992a45f5d08f0f |
| SHA256 | dafb95fecd3c0b8b00ee227951aea907d73cb1b1210af769bf839a4f75e76aa3 |
| SHA512 | c5c0d1172ab0e4b865b4b769cad9c3f70debb6b03ee445e38682dbdea5da1ebf058a63506f3d55ae6495217e837647dd3d4c6a408bf194584def4502593e91fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7aa18b1c8414f8913d0cc1de0a24bb75 |
| SHA1 | 818e85d5b9260aa796e1493736026b17cec802bf |
| SHA256 | 9f9074f389792050657387eaf76f80a15225fb0016a013750253083d59992dea |
| SHA512 | 5b0ab311d3cd0f3b676b8ddac87b8ba9b522607a7efc8b0c6a97b14a77d75644e62ef82c572435b73dd94154c69fa774bdcade21ac27daa0fcb244e8f33f0419 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9ffd7f6fc5da30036c48426e1a80e955 |
| SHA1 | d6643d0ac6790ae8e1718a69caebd85ffbebc67c |
| SHA256 | 1053c77facd64356cc860f7d2b068fe9ddeb52edd222399e64949d5759337bf8 |
| SHA512 | dbda6c9eec538d7c70856b34895d55ece6a6c7e5cd150f5e3b82907bdfeb9064e404e981df6001553e9d0ccd6cfaab497c14e5f27d3a9719b452cbd725942d21 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 39c7eb9fba9cac2848ff0e6b56704de1 |
| SHA1 | 3ab8a2162ce006d6cea7a7844c3fe941303188d3 |
| SHA256 | 026da37909514d79e734cec72af0f37d297e1bd2a273ff3f04b7244f8bdb5d71 |
| SHA512 | 51d18b27da8959642ba9a14f007bb00fc398b9bf2ac1f8e8bfd19559b3bb3fe432761cddbfc5580e7571bacdfb98deb55c17a2f50254eb281fad9ce7ab20b506 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ec05ec825c0c927194ac4bcdcea3bfe8 |
| SHA1 | 26ce943328e8ee2caf644cd0507463e395a64559 |
| SHA256 | e2c2e6878b6a45a808e9c07bb55d92dcf53b64e6c4ff98104f0844d5c34499fd |
| SHA512 | bc22f0e7666431d7227c0120da7ccb87de3885f78588226e4ac6fc0aaf4ded9ff50fdb0c44af38d31ed681b748507368753bb1adbae86966596551f2319f7d5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3d892be3938f05519a8cf6496965744a |
| SHA1 | e8bad9562cd33827fc3026c8732c48131e1d5556 |
| SHA256 | 9a6ea7db2efceeab0eaddb33d0bf9b8537cdf968c372094cff5cc0d82b8099f9 |
| SHA512 | f08a1be5265aaff323c4ec37a97c182b791503f83307a6bbc13e44cf07f41cc8fec218f57e9d164fa5e98f19da43e543cd7319c3590f880a718115cdcc2e3e93 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 6b4ba7235c3c0f7f9725d3f1c1007e99 |
| SHA1 | ed78330aff162a4774c7d024e6e735ee04edc059 |
| SHA256 | 425763d154ae8f62d84d00af7e94607b911c8d91db33bf5c442a65d5c819e84a |
| SHA512 | cc26907ca3cbab71667dd9cdc5bb2ffc72b987e85e4b69ace69798b834435bd0f6171a0a5532e2c3f97c87cca76fb59032c11514499b5114ceffa44ee86420ba |
C:\ProgramData\Outbyte\Driver Updater\2.x\Data\odu_sign.dat
| MD5 | 2aceffd693e8f66f30e86ab6d097ecc6 |
| SHA1 | 04340c4738b56ae34b86a9003281d8dd9c7b172b |
| SHA256 | f4a8bd89f9f8e4c8a2d0d0f6b7629a9b014e6d3bc84be20bcab07af121cf96f2 |
| SHA512 | 21881d6de668d39e09596464fbcac538dadeb14d21a105c335f887c115e7f1a23bee07ddfaed4082a9ec71333e1d2e995f113d76213e89abbde4452723397a5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f05b0c1cdd909eb116e7be3e31587960 |
| SHA1 | 32c5d7b44b1d48d8bee25caaa2f0df18f77e532b |
| SHA256 | 4722eb2339fcbb4cce713b4cf9b060a31674e4559b22a7577fd15593477434bb |
| SHA512 | 7418c69fd5e8cbf36df2820639119210c9e0a1488f5a2fdccec505b41f421f4b5e87b70ef280b9a12f2e77f224b52b1150fbe2c677ff7354e4ca70a6d9c14dbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\e78339d4-ec23-4af3-8e25-ad73d679620d\index-dir\the-real-index~RFe636fb7.TMP
| MD5 | 7717a5762e48dba600524e8ee8dab1b7 |
| SHA1 | df76eb051bcff7584d9b22d4a2cb3d1d64374591 |
| SHA256 | 9255778c4828c88ca7bf7d9ddc2e69935f85b97aeba4511c119a2ab7ed030d72 |
| SHA512 | b6a41eebdfd8c097a61858cb28b7262716f0da7586172021b00d3409dfa56e9e546e1d3f2486a38916fd85900370406c91ad78aff101144dbb166555fb1aa934 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\e78339d4-ec23-4af3-8e25-ad73d679620d\index-dir\the-real-index
| MD5 | aaa69eb6e55baecbbab2307bd9a951ec |
| SHA1 | c901409bd56d2e4f9af80e5b559332c7313a4d79 |
| SHA256 | e401405a257c24e7363da52ae0340ef51168ef00471775d6d79cb90bdd65e20a |
| SHA512 | a4529d69deb478b0d5a6cdd37da6dfb51bdd42f48a321e7bcb7417c853c718dad5c1148d8d12ef42612ee1b9b7395b1153c950e549b6e367d24fed7e0b915626 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt
| MD5 | 64db538bca1b8b033d9e130dfabafe0e |
| SHA1 | d47e9039538f020c7e455da3c1436812eaaaf159 |
| SHA256 | 242af964989caa9da63eafd90a256fbf95f94907963416ed8e715a3ab08babbd |
| SHA512 | 45a5f790fa22b03477c46eae872b38798b33b5352ce4fc303e69b1f64bbecbae18fd862ceb8a0b39ac1323801c050f5bd151f75409d27a40743421486e8cbd47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt
| MD5 | 9ebe02b8aef1bc11d222762614b03033 |
| SHA1 | f960d8d206f5229703f0580386844941b6b72182 |
| SHA256 | fb756b521c18c58ff56d7244a8830de5ce8c15dd3b22cbf4c52ca88d8ffd2e94 |
| SHA512 | d23a388cb78e292c09c13b4911ee20a95e93bc1f0692c3e576f612d8aeaf004ef704cd1f5f4fe86e571c20e872956eb1c7f5954e243eb79f587a82f770abe072 |
C:\Users\Admin\Downloads\Unconfirmed 474051.crdownload
| MD5 | e6b43b1028b6000009253344632e69c4 |
| SHA1 | e536b70e3ffe309f7ae59918da471d7bf4cadd1c |
| SHA256 | bfb9db791b8250ffa8ebc48295c5dbbca757a5ed3bbb01de12a871b5cd9afd5a |
| SHA512 | 07da214314673407a7d3978ee6e1d20bf1e02f135bf557e86b50489ecc146014f2534515c1b613dba96e65489d8c82caaa8ed2e647684d61e5e86bd3e8251adf |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | a467ee6a6c6f057a5437a2b4feb38482 |
| SHA1 | e22fb2b0499b522fa12f3a04b4685f99f52e0164 |
| SHA256 | 7b35385e0026c3f71bde80cf8eac6462094d8dbad1abaafbb36b527438e0c908 |
| SHA512 | b39ca6b1faa17a56c86c4ece9dd5af846c9540ec2b2b9af43d6899c82ae0fd3a705764ce5cf25b6666a08db1450b41a460d00e494aaf38ca39504fb6bd5efe7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ef602caa9f4053ef32e3e712a6335576 |
| SHA1 | cdfb3cb2654d7520c493649ca04b1efa8ef7645b |
| SHA256 | a9aac6d1ef2c5b4b21382c03e036ec765080293c563076cf117010ade0dfc653 |
| SHA512 | a126c77751596fb111259fae5f4bdb568c9c60dc4d48f293a33adaf094871ef4ab6d402b14b5b8c6d7fdb95883a487b698830ea3725db0685330931038b4dd54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4b4eb9884767561b7303c77e9e878b81 |
| SHA1 | 4617a1c387739f21a89affb660d0148487f11097 |
| SHA256 | 0699f1f75c83deba39570114d3da386f857681fa2b1962cd7a1be6cbc6a0da96 |
| SHA512 | b5c8f14c54a607009874782d4bfc06619788aa6d3249495dad7bbeefcd4f6c289fbe096d8174b75134097f6e00f0f7b10fedaab1691404ac4fcaf60795f42c50 |
F:\$RECYCLE.BIN\S-1-5-21-3558294865-3673844354-2255444939-1000\ETKOG-MANUAL.txt
| MD5 | b230b797a1375165c6bc934692b9fd03 |
| SHA1 | 25d801165d4a1ddb8d85e556bcc34a2a9ae70243 |
| SHA256 | d61d7e9317c9438746627a8cc31157cd21b354435e338ab13dc088c981619401 |
| SHA512 | 06cc4c1afb38911bfe1e87df946d9168271738642bc1dc92a90d4e6ba42484f89ca22ea357c21809df52bb7f3fcbf9182ca0fa48956a7a2ffc5e321b01c0d365 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bb9cf4239a449e57c9438c357b5deae6 |
| SHA1 | 0e74a73549244a7c6dab361d9894f8d81b346b34 |
| SHA256 | 08a38259f21e22439378dfa73edc9fa92597b011f14fca9ebbbb441fb52def0a |
| SHA512 | aeedb9743bd3cc24745316a1ba3a0cde1854f35e06d2da05cf523d2948aeccbaaa4856b152ba15d4bfa8249f13c7f12952f69082a68ec61888d2cd3a47778801 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9a53d69e123a3801bd30edcd31035bd1 |
| SHA1 | b28051040ac617f6a738a1d0ad9be432d1b22c1b |
| SHA256 | db75e847443208a78bb0979938aa688a0b32eb5659f52865712cec31a95ff746 |
| SHA512 | 811ca02306ca4c04d78a6b552110a7a769455d5127e8ca71a16c2fab1d11c8f988388b9ed6194c71da6b61d47f118a59ab4ae6c2650019d6550912ef8f8efea1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5dbbf09dbd6f39344001a806075d4851 |
| SHA1 | d0287119577449db8b0c5a47aeacf58fb58b6c60 |
| SHA256 | 8f0fe00fe5cd817a4d90fd26caf1b4ea6d6bf716f7294dc948a5f4753b1b9457 |
| SHA512 | 665e3209ac6810f46f84154de0f9e89367b65941fa1987c158032a23413400dc1f5f7dddc4fa6ca44a19c99cc7dfd9b102ebbeb9f5af185cc77e49d418cf4a3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | a11769b79e33c1a25f0a2fe5d0f9c291 |
| SHA1 | 7ab50d6eaf02efb78f41694d30b6dd2d940ebe58 |
| SHA256 | a44ec007f1291d3ba348a837393caffcbd35cbe976ae351ec5bd732bf4aa0c05 |
| SHA512 | a30a523bbd5b90dbc85e451d3f7d835841cb4f9323be2f87c32aa0a81797f34fa05a5755c2459d3eebd708355394c7c8d64317475854e0e65948e5eb5101cf88 |
C:\Program Files (x86)\mbamtestfile.dat
| MD5 | 9f06243abcb89c70e0c331c61d871fa7 |
| SHA1 | fde773a18bb29f5ed65e6f0a7aa717fd1fa485d4 |
| SHA256 | 837ccb607e312b170fac7383d7ccfd61fa5072793f19a25e75fbacb56539b86b |
| SHA512 | b947b99d1baddd347550c9032e9ab60b6be56551cf92c076b38e4e11f436051a4af51c47e54f8641316a720b043641a3b3c1e1b01ba50445ea1ba60bfd1b7a86 |
C:\Windows\Temp\MBInstallTemp6de568a622a011ef8cfe4a7c5f4b2f01\7z.dll
| MD5 | a144e24209683e3cba6e29dab5764162 |
| SHA1 | ab2112cce717bec8f5667721a072d790484095ec |
| SHA256 | b2ff9dbf90cbd0c45cd7d95ce4892377ec7e92970e05f2e56b0ce93861190348 |
| SHA512 | 2c823981b53b7eb7c1b726468d3b28c234c7e555aab35e759e88d38658566d267a20867f1cb18d96c830e7d53643629a9fa313eecee8b553703086fbb64cc984 |
C:\Windows\Temp\MBInstallTemp6de568a622a011ef8cfe4a7c5f4b2f01\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll
| MD5 | 3143ffcfcc9818e0cd47cb9a980d2169 |
| SHA1 | 72f1932fda377d3d71cb10f314fd946fab2ea77a |
| SHA256 | b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7 |
| SHA512 | 904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b |
C:\Windows\Temp\MBInstallTemp6de568a622a011ef8cfe4a7c5f4b2f01\servicepkg\MBAMService.exe
| MD5 | 31804b530a429b25e5763de3e7e5238b |
| SHA1 | 4d8eb7342a2bad8318ac51a02b7b55f978178422 |
| SHA256 | 1541c57f87f24610dff7a77af7e932992ef574d16ef3c5e7007255776951ee3a |
| SHA512 | efb6d78ad79c6edd8378640d2e6082320936b20462279ace63b127602009b06cc7097c822706cdbdbf9603e33372bfb5c8492c0319030a687589def37ba3c416 |
C:\Windows\Temp\MBInstallTemp6de568a622a011ef8cfe4a7c5f4b2f01\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json
| MD5 | d94cf983fba9ab1bb8a6cb3ad4a48f50 |
| SHA1 | 04855d8b7a76b7ec74633043ef9986d4500ca63c |
| SHA256 | 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a |
| SHA512 | 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998 |
C:\Windows\Temp\MBInstallTemp6de568a622a011ef8cfe4a7c5f4b2f01\dbclspkg\MBAMCoreV5.dll
| MD5 | 9bbcbee54b8adda7eb979322ee9c803a |
| SHA1 | 82d1c65ae32210b6ec3df6c2dc5a395ea6b7a9ac |
| SHA256 | fe5c67c1e19c1137a4d4b3928d8b37db1845ac6d4b3f13d7b4d4bf4b325e331a |
| SHA512 | fc0637f2f55698775840720480bc65fd40911913a509f0fe70cd2653aa2bdfb0605e4db24283da56a83ed7d74eb5837d2eab876c3025a94606bdfa6715ce19d9 |
C:\Windows\Temp\MBInstallTemp6de568a622a011ef8cfe4a7c5f4b2f01\servicepkg\mbamelam.inf
| MD5 | c481ad4dd1d91860335787aa61177932 |
| SHA1 | 81633414c5bf5832a8584fb0740bc09596b9b66d |
| SHA256 | 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3 |
| SHA512 | d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830 |
C:\Windows\Temp\MBInstallTemp6de568a622a011ef8cfe4a7c5f4b2f01\servicepkg\mbamelam.cat
| MD5 | 60608328775d6acf03eaab38407e5b7c |
| SHA1 | 9f63644893517286753f63ad6d01bc8bfacf79b1 |
| SHA256 | 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59 |
| SHA512 | 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7 |
C:\Windows\Temp\MBInstallTemp6de568a622a011ef8cfe4a7c5f4b2f01\servicepkg\mbamelam.sys
| MD5 | 9e77c51e14fa9a323ee1635dc74ecc07 |
| SHA1 | a78bde0bd73260ce7af9cdc441af9db54d1637c2 |
| SHA256 | b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0 |
| SHA512 | a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186 |
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat
| MD5 | 5e0e2d584de048ec8e1d96a8402b9074 |
| SHA1 | bc939970e17845f19b5487ebc0f1962aa4f5a756 |
| SHA256 | 2b7b5bc2a6db622fd284281cd712081dc0a8c2650ac55133a96d2a719306f41a |
| SHA512 | 8481bc8a5a7188e3d242f426d9daee162ed372101327ef6c452bdabb64cc3b5c38814715705d8341303a3ae1b377e6a0c77b8e0d7258376f563af8f9d21131f9 |
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
| MD5 | 23f1360ae0e948d300f0f62b53200093 |
| SHA1 | e44fd6f0248e0a02525ee67664d83b535d9cb7d3 |
| SHA256 | 40dfe0689b744e0812ce857f7221ff85431ca37315d9b4f75ca40892af5870da |
| SHA512 | 6e34d2546626736aa26b369a86745bdb9816138244fba3d5b5e29de4585cf4e66d52c35b5c5a577f252b62a137e340dd9de36c08a06f5395baec5a726ffb5222 |
C:\Program Files\Malwarebytes\Anti-Malware\version.dat
| MD5 | ff27edf43a94586ccffd93e92ac7f651 |
| SHA1 | 157ff45609104f383fd81447cbe434d97db334f1 |
| SHA256 | 8fb5c96d8634c8324cc1f3ed93160417c0b46029c15c5451e2d5c6ed28ae878f |
| SHA512 | 80175f2a2d1875151e1a832bcd33da49303701c3564f6d5ac6511a1035b350e9acc2087d60b05ab646618d71ca8f51fa02de8692a3085a2f320a37971cc02ca3 |
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat
| MD5 | dbee8e7bbcba63adfa242c00f228afb0 |
| SHA1 | 6aae8d9e4053cb52a2f1b6847e65ec6335dbc0fc |
| SHA256 | c01415842abaa4bb6ada941a44c132a4a41c55097fb7e931decd04e8b5d6d380 |
| SHA512 | 1e82896df024fe6a2390e415bcf8dd92f71125639daebed99e115bd9ac219b5667201d29c6b2390a2fcd505c3780ba112ddfca128137b665da0cfdbd4d63f038 |
C:\Windows\Temp\MBInstallTemp6de568a622a011ef8cfe4a7c5f4b2f01\ctlrpkg\mbae64.sys
| MD5 | 95515708f41a7e283d6725506f56f6f2 |
| SHA1 | 9afc20a19db3d2a75b6915d8d9af602c5218735e |
| SHA256 | 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6 |
| SHA512 | d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | 28002e156b9e3725bb386c8bd7a550e3 |
| SHA1 | 8a87974368d44826eb268cdf2862d48312f60151 |
| SHA256 | 254012c165e0a4a4dd3b609dcb2a9ca16dd8a7075d03d45c504695fa6d73e108 |
| SHA512 | 9bfe6d9d4d659e8b94e24da41b7762a1b743a137825a68cdaaf01dda9a095cfc70c9eeba697e6bcadc8f3dc1d76bd47d429dc6d79c30623f2b2c66d845e509c1 |
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
| MD5 | 46f875f1fe3d6063b390e3a170c90e50 |
| SHA1 | 62b901749a6e3964040f9af5ddb9a684936f6c30 |
| SHA256 | 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec |
| SHA512 | fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557 |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
| MD5 | 5d1917024b228efbeab3c696e663873e |
| SHA1 | cec5e88c2481d323ec366c18024d61a117f01b21 |
| SHA256 | 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8 |
| SHA512 | 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a |
C:\Windows\System32\DriverStore\Temp\{df246f33-a880-d744-b8f5-3f552995995a}\mbtun.cat
| MD5 | 8abff1fbf08d70c1681a9b20384dbbf9 |
| SHA1 | c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6 |
| SHA256 | 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658 |
| SHA512 | 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f |
C:\Windows\System32\DriverStore\Temp\{df246f33-a880-d744-b8f5-3f552995995a}\mbtun.sys
| MD5 | 83d4fba999eb8b34047c38fabef60243 |
| SHA1 | 25731b57e9968282610f337bc6d769aa26af4938 |
| SHA256 | 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c |
| SHA512 | 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | 54456530f3ec68365b724e163a88394b |
| SHA1 | 0c912a1ecaf7557f00cd019e9b0f227d72b91975 |
| SHA256 | 1cf3334db24a521d098167d83068458bd39850d289b6d5f1e99cec86274949a9 |
| SHA512 | 8536c7ed9c1c0e54cdf036946437215f78595fe71fc04b4693ff1bdce6f8fc614262ba7abe355de86eb0534e08d13b9a310dd0b6cf2b7699b6cf7bf5a95a0242 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | be10fe68785e686e8d8b639b82be9ab3 |
| SHA1 | d9c72df51bf3fe2a2c60193ff5fb7af7b4f99908 |
| SHA256 | 115c333f2d424898c93488dbf0dbad437d4748f81164a98c507b79be6639b734 |
| SHA512 | 8fd6a6868a2bd895e994016f5e7e066dd57475de958789acda23d46e99f1de8c7cec3398d63a27e36c634f9c6048dd0bdd38ea3bc78c4ed6962a6e9533068bed |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | f06373deef565e6227ab69bd2c3e3b53 |
| SHA1 | aabfc694df879ea4986eccc76ca53cde65f6e70d |
| SHA256 | 5dbb5771febcea8d2f4f642b18155c92ea58ab5d788692300474fc79ac1cbbb9 |
| SHA512 | a2d36de3b6e3bc35c6cd0cb707bf33a045c1b500738d8a46aa02c106da947f0b2c81e8b7edb2ebbf884de1de44b1e341fea49dc2477bbe056532bc2f465a1da5 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 5c8307c87e43c21c8b70e2bd18a9441c |
| SHA1 | 8960e68c5b7e101f6ecfee697675bb94423b600d |
| SHA256 | 571ca5a9b1114977fb5e2b234af87300913314b579ccb4b0dee2864d35be7eec |
| SHA512 | 246c37bdf5b25438dd5fac291b85d3d1d249fdd2d788728fee408d508f9640a0b338bc02ddef46a61bfc89bcd77288d74d212afdbd11a32c85d4f4adba682456 |
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat
| MD5 | 949ff399975858a24ddc8fa7b581cf4f |
| SHA1 | 7e61230de8e871003fdd1fe72648a5938f1dc2c4 |
| SHA256 | 329187515e2de7e6410e2c61b60e45b8e25aeebdac0803d319bdd92e7fe9a49c |
| SHA512 | 4a775f65924d15afe7c5b13d83210505b7a0c09396ab5f40801cf6051f99408eaca50e5fee8b403ae51de7344169fd252013423c31b29ac38e38f73f8e5480d1 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
| MD5 | 70f4290fa3f056b3bb2eaeab1863b05d |
| SHA1 | 6e75089a623f067fadb5ecfc354cfffe24cf50d1 |
| SHA256 | 4805e7344f06456ef5d38078171e740858271da1a5249b0396c83c4dec2d6a9e |
| SHA512 | 8d367268ea250025dc1873a24b08aec5d694568009e07711747928464b7ee339c2ac8598a1d14bb616bfb89e1e5f1f5f9b2fffadb1365a4df2db33c9b8180ac8 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | ce23338afd7593c0b1269c42b9c7ccf3 |
| SHA1 | 617118644ef5c10c6969e16c0f6b739798de03d5 |
| SHA256 | 64f3c296bf4f2f23b12233a2707676b789d6e1124058995551be28ff4c2d674e |
| SHA512 | e73342296de481fda2423591e05111d458a35eb9ad7f2f64a2c9e6e8278bd27e1cd517477786b83de0aab5655538c424d87d2c5cb3ef8fbd2ff716e5b19f9640 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 48b21a1b6dcc73a63fd8edab52401c28 |
| SHA1 | c9af7941e41625f6ccfe396fd5bd7b02ad75c781 |
| SHA256 | e78fdc71741197daa54665113dbf3c0aca80314e15c3da424133c83fcfb20c59 |
| SHA512 | 12b994fb4ff30bbb35e5efcf2574f7712ccd2a3ef829e36df45dfc465d559db37586deda65aed55aba23c4d6556d7abbf4c8b6bb63e0f761e21240a3cc39c8c3 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb
| MD5 | 2f7423ca7c6a0f1339980f3c8c7de9f8 |
| SHA1 | 102c77faa28885354cfe6725d987bc23bc7108ba |
| SHA256 | 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55 |
| SHA512 | e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb
| MD5 | 7833a17879c4740520a0d7dd9f9a584e |
| SHA1 | 5997af59d31b57ec8b06e87ae0d59ea3b5689f19 |
| SHA256 | 3b929c57ee70f5400ec10781856a9d0167b05ca6e15a3f3138c9bdbc0e8a653e |
| SHA512 | 9569d382fdfa2a2aeda629d38355e3e8ae75a8e86fcf8773886a2a2e1c8f36789d822ef08f9054e73cefcd5f0d54bfe4b4372d6884feac20fc96d6e483b4b333 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll
| MD5 | a9341141dc8a9f27fa46758ed69980e6 |
| SHA1 | 220ecb05f5456b3d2b0b05f5cb6fda6197207563 |
| SHA256 | bfd1e593eec056049ac2e52daddb635ae9e4047e6d81aa61df0496f6f634cb73 |
| SHA512 | 528cab8c240154fde3c0a728fd4d0250648a105ca95355e5c674d37ee620ab74fa499c85cb7781ae676b93117560c3c1f4d4b9f6f341af958de3073c447f442b |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe
| MD5 | 5f4f4838ed0a41b4ae61b16cbdb7c41c |
| SHA1 | c9e300e9f5245d736d6fcc42dfb990b2639aac52 |
| SHA256 | cd1e8db650a73bfbc124467737b96fe2080f27f27e031e1043ddc76a9844fb06 |
| SHA512 | 9bb1ac32b62fb1398616081574b03c0eac37377b4102641299202601f4881fe64c98111334f783d013b509f7eb36ec9b79a7b71bf07436632c280c1ae3142755 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll
| MD5 | a3fe79081a59d493c01b5c1139babdc9 |
| SHA1 | 1505cb4053bcd9b55c40227ad6b62a2457cebbdf |
| SHA256 | 60c8c024ff020f04fcccec10ee78872bb1e6985463d6370c6af095761d88b860 |
| SHA512 | 22310a585edb36050ff20356cd9eb5129cdae3ffea2ccd7a54d9652dbd336d7f402ed119dc59ae3250b93bad40e75983184256c0bb239cff049bbb983f487bdc |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
| MD5 | 20d70c6e04dbf14c01ab2d756e97854f |
| SHA1 | f172c8b8c0e87d2a9ab064513dce004d16d03e0d |
| SHA256 | c4002339b58bc493ae3540bafe1b2ca0a70bba0f853e29f60e0f6a1680fa9a24 |
| SHA512 | 13e073cd4b3d53c6d9fdda671a55962266b5c0a18abcb5774092c35f0d0bf2c5d0d9802d8955d32cceb166821634bfc067dac7809c9ade143cf3a3b497743b36 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat
| MD5 | 10f23e7c8c791b91c86cd966d67b7bc7 |
| SHA1 | 3f596093b2bc33f7a2554818f8e41adbbd101961 |
| SHA256 | 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc |
| SHA512 | 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt
| MD5 | aef4eca7ee01bb1a146751c4d0510d2d |
| SHA1 | 5cf2273da41147126e5e1eabd3182f19304eea25 |
| SHA256 | 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f |
| SHA512 | d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat
| MD5 | e9fe462db697153dcff5ef330f375566 |
| SHA1 | 3bfb14fba799ed6a85f3281193309cd5171d1cf2 |
| SHA256 | 95ee30d6bf4b0665f326e9aa2cb1e8ed6f8b3dd3fb02c1ea796cbc2fe3ce4d71 |
| SHA512 | b52c2ffe6d54af0b5507dab824f6c2743fc3f6a5b5fb217a2d446418ddb9297f450fbcfad95bc891e5cf6c9f050c0ab8e36982fa0cd45b98546af8c073c3ff09 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat
| MD5 | 051087d42e2be5109d8cb7b5e78ef4a6 |
| SHA1 | cdb48bc02e29b2f1a67f23f6e26d7d84dd9b9ca8 |
| SHA256 | 235b1a085e53d047eb09e67f97a6f98c736d256ec2748b209bd063ef0d47690e |
| SHA512 | 1300201a750bb938c8339ffb0fad8538c090daf09f3a230de1447e0bd4e6c4d86bfb48f60294014f4b84231bc0faf208ebaad370bdeaecfd72dce7c697e20f96 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin
| MD5 | 634c582955715ab32ddfe83406564b05 |
| SHA1 | 79c0a481c1ff351c2e622e440bf7e6795ca6efff |
| SHA256 | 4783d65126b8c83fd9aa8ee0e8428d10c20adb3daee6b6c92dab9aaa26964a67 |
| SHA512 | 38af39912704bed274cbea2c8cc0d136b94e328433cc02bfa7f04fdd9313473e11f6e6cd34a7b4614de55de0d8746ade1040a9eca4f37fff178a07d3e8f5b1d6 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm
| MD5 | 9ba2a9a4eacad00bc6a048242b8ffbe4 |
| SHA1 | 1429e28ff2d1a9e3a3bf308a0393b65f443817f7 |
| SHA256 | fa92f84bc5a2ab9f8a3ceb09f1b593b6be9d29136f5c7cce4e0afe9c80433e4e |
| SHA512 | ef3c7f28ea84dee670116a5eae7a766f9d55ac30e25198af223b51777a7349f58bc0aa81d309e376f28914f462933eca9760cb03e321f775f795276be3439413 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr
| MD5 | 090bf69ee38c2e8faacf40bcc895f0ea |
| SHA1 | ffd2e64e3eb1dc01ef024cead1e6ae65f7996a93 |
| SHA256 | 6b5a0c8f1285eedbe1746b1a94fb81f864a6fa524f50a94e7123a26baa25df63 |
| SHA512 | dd747186eac440680e4209e8314a27b7db5deda99a8509c187dad8ccb02d646eefbc13422e8ad5eb296d7b4b16b7d5161c40d891a313e77b52ff4adc3142cfdb |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb
| MD5 | 1a6cb54aa16c7a795fc6c8003bf75de4 |
| SHA1 | 6f9dd6fba29e3140727f27182f6f3798a5d3a15e |
| SHA256 | 2cda302704d21fc0bb1c9b68cca1205594af5d8f09b6c0ddb5b3e146eaf63af4 |
| SHA512 | 6a0fabbb19e3f626d2ee58ceb560c8352076d6b8ec9ac4b2f06876e0971ebace2b87b8528d8f69dd020f7fece780ea2dec7e862a1c1357632cb3b0096a060788 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb
| MD5 | ed6e91030855c2b3c76f45dad4d80563 |
| SHA1 | 2ff9c379c281ea0b6ecf5e1acf18ef756a058f0c |
| SHA256 | 4738ff9f7c89cc53f97946daf3e9bbfde33fc10ebb826ef8f56a7f70c967d6a8 |
| SHA512 | 270af937121b17b382ab42cdda18d0ff47390553d6887c6711fbdfb75c16acad7a2aa27a573abce46b37ff0330ea0c5dc6a0b17975ef33181c582c7e991c5ddc |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb
| MD5 | 7cde73dc19af25788ed7e0c6488ec10e |
| SHA1 | 6d4dba59613d611f361c4edbd2ab252657711da4 |
| SHA256 | 376c327c96c1ebb4abebac74854f66090cd4d4a964e36c3e4fcc5cf3310035bc |
| SHA512 | 1ceeaba9b07241d01afca7327b2ed6720efaedc38403a66ef1caea8e806d0068bef3a1b4b6a4fdf327d92298efb027020f346a1274119e130899800c9b877801 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb
| MD5 | 546d9e30eadad8b22f5b3ffa875144bf |
| SHA1 | 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d |
| SHA256 | 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f |
| SHA512 | 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb
| MD5 | 25be5a55eaf0976feed2b3a75b0505d1 |
| SHA1 | 395076c02889d3e0db17b1e49d2caa1d43eea7bc |
| SHA256 | fedd7c2e27400b3fd02294fd293907a34961934fc4e9a0587f28aa01117c0c73 |
| SHA512 | f190b641319da454a7b11fd5cb31acbc341a1ad0b40093bb12618a2e5da99f3ddb4de6ff2e404b1104e28ec4876b5503ad819685c3f543198f4e5d173f9ff206 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | f4496efef684eb40a59dc6f1c1f30cf4 |
| SHA1 | 5ddcce40299e5d9aac357d4fb0987593c2fa9d66 |
| SHA256 | d551a024ef18f3ac2c64b3f85739f2f6ed61d9606c89c096bb7db4cd2c8c12bc |
| SHA512 | d5d0310f58dfb2173e629307038b018de91caabfc8f1cf20215173cd7a44bd79e81498f8d8e9a91ec20df6331199cd2c888a7dae6d3d5766843c2054dbba75ac |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 7843d5537113b48e68ad38850fcdb6c9 |
| SHA1 | 90df93bdabc92467ba8c148fb2e6a69c3be7a295 |
| SHA256 | 803ace6537910ab3fd8573b52ea58501bba3184711728852f72bd62d1fb2807d |
| SHA512 | ceb324630219b2e20ff28ee608ec8799f6ce28a82f893b99e1add93f060ce8221399bec4ae013b6c21df0392518f293909ebb9ffcaf7c1e1fa2426b9d2e1b07a |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 53fc9fa2985aff8926491b4842dfbd75 |
| SHA1 | b94bff80c9e08d3123009be9e7145b2865b509e8 |
| SHA256 | b5ecfb3ed1878c69b2f003ef93ef087ef472faf0a105d8a317080f46a763b2f9 |
| SHA512 | bc0e2cf425a92762b7505a6d8454fc7a869a888be96b0350c8a142bd5ff04de4ed84b9dbd444bf11530f205c5312dc54373f816ce300211b4e1987b776c52b23 |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | c9cf71cb8ea9147b1c6218b434883eaa |
| SHA1 | fcb3ee24b061f49f72dc4bae0626131aae0ca073 |
| SHA256 | a7163d874714b5eb77d3374170f57bf3c56516823f0d9f38e5b054ea3673608a |
| SHA512 | c6715ce515d963fb682c304e2e43499b609ebadeac20225124a0e5891275cfe39caf13c93ca614177cb7a6aff360e257d2f537610513c44e2027e22e07f6193c |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | fd4248ffdefd812d6768768a24479d5c |
| SHA1 | 50d7039853bc848e9afdea73d49b8c29eb3ec89c |
| SHA256 | f4dd809cc7491f6672211c5531235977e527ec5a8830a1bd0795cf0776bbe42e |
| SHA512 | 3a1aa5f17b984b1813100053ca14aac3d795199739f5d290d4f2d9f7020e17ef14d4b922c55c18033d9dab6d1c63a3adae2d7c709ec6bcb295b4aec527818454 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | a22b8b8f84b0f6268f18be4394c51461 |
| SHA1 | cc9ad536d0bddfbe04dd6e011fa2b4a7ab593f85 |
| SHA256 | 2ac923e16675b723c61f1ed5cefa13aac659b3258741f4d09c60a5d87591e2d7 |
| SHA512 | 588bdd2aecbca966c6fa2652c4cc15b22d4eca47cb61ac5c2f5373ff1252569546d10fe26f49dcb6c05faa0d880a9802f82b6a6a5db4a266f0d6e072eaf65139 |
C:\Windows\System32\drivers\mbamswissarmy.sys
| MD5 | 4b2cc2d3ebf42659ea5e6e63584e1b76 |
| SHA1 | 0042da8151f2e10a31ecceb60795eb428316e820 |
| SHA256 | 3db4366ccb9d94062388000926c060e2524c7d3ee4b6b7c7cf06f909f747fc6c |
| SHA512 | 804d64d346b3dbb1ce3095a5d0fa7acc5da0bf832c458e557dac486559fe53144f15f08c444fea84a01471fd5981e68801a809b143c56b5b63e3e16de9db0d98 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 3576c72dea22b34ceeabe7b6940ac019 |
| SHA1 | 23331b69fb12bdd99142dbf2bca57183558540c4 |
| SHA256 | d3ea8db84c31e78b11761b51fe208925f54ab8276ebb35111fcde9c19083870f |
| SHA512 | 60db5eb7db2a1ddf8bdd773c1be6e89685b22d40c64adfa12c1b0d2b736f2c705430a97cb3405d6b79372f1fa772cc82624413d0c93a52fdc176218a6316c80e |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | fd48475c80fd82cb2062600621ac9745 |
| SHA1 | 3a18011bf0ded831c954c133d35910d4b2c8b1dc |
| SHA256 | 293e522693bf837ec22110c1efa68b8b1f14df23b6c5a9295a9b12ecf3439add |
| SHA512 | f8b58c17299cf8d6d52ba65aa13a9d02df4d392a21dfbe145dedcb0e47b0aaf1dd6159a4247db7e6b6e63de3475b16ee9ca2a89bade46737020eec059aaddbae |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 2cd0b0c995d072788d10048dbd72a765 |
| SHA1 | 53b5cf8a500956b1e02dfb7f210eff72e00ab268 |
| SHA256 | 7c671ac16e5696fdd02a5b52a58a349a654ad1074d1cd0ed4504d2edb8700ec8 |
| SHA512 | 356adbc08edabcadb6bd3580bfc212fdad3f15df6bab75b55407f50378406d044bc608366b04414c5a4daa68f4515844f6eaf88b7a9793ac82a6e4752f8edca3 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | dd62d7f3aff288bc06a572e2be6f3c5a |
| SHA1 | 7a2b68f395c8254b5b067816050b44d2063e52b7 |
| SHA256 | 6b83ce4e31d061ce41a7706bafc67224c4f821295a79b64d919b2c36f55f069e |
| SHA512 | e1f3735e1f3ebc789219a6f0939250f818bed6b4b4fe51722d62b57044802090c35b652199e4e8cfadb2cb62c9e6d4bae3b648a892fd605560f6f768585da118 |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | 190626869c3d0d6293fdb0850fd2d8df |
| SHA1 | 86a564638b75638e7535ae883df88bb0f2008799 |
| SHA256 | 40042e3acfa05e736d9656d364e2ae45ac894090deab9ef09825be7a142a5bfa |
| SHA512 | 3f0663e2b5e65b211bd4c7b9efc520e1c4d05dce683ce722e257d4fdab5fc62ae5c560aa464939932a589544a6b62d09972cba33673fb5e33e3f3f3fc7fe9c48 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json.bak
| MD5 | db5c80d9ac15649d4a4dfab0c129dbaa |
| SHA1 | bd14074fa8fe304a3cf60867712f8539af0e6208 |
| SHA256 | 92d10bca08d5919e7ef6153ca9aa6e55baa5842484dfd096f678bd37e03010c4 |
| SHA512 | fb41a6c721ce1351739f71044dd00339439b79f35905c9775b5725537a5409263eec4c960aead1a6b3b4e46fd261a6016d075f221950f11c78da994465e88432 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 037f7098b3c5af9d3c6ab1d9ffc72e47 |
| SHA1 | d7992c976c9065be1b604bb3a93cb8777fe71024 |
| SHA256 | 9ce9d077d24047f06dea3035fb02262fdb92de57d351167586e291c790e614b6 |
| SHA512 | 8b3295464392ebfd40bb71931043442d957f7e1b42478170473e4e12161ba7b28dcdd85921bce80a32641cf8667db7d364e6c85865307831b14e6a581b5a45c4 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | e882dff6df9519523212323268b1bf05 |
| SHA1 | 9bb7b5a81f8147ab949694a0bfacc860f74b6c03 |
| SHA256 | e7b10c5a993b7f8817580ecb94d3a3c4ec2006773c9f3087ea186b72fbc37b06 |
| SHA512 | b9df294eccc103fd98f67338d5d44d605991b14e5dcba620cf8af4b5144825c7c48682789cad81265d79691e3e2e02679c4c012a494203a9c47998ae71f00086 |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | eb31f8d66e5e3251c18a9cf5c64d2a60 |
| SHA1 | 7126d10e533b55b0a136589943a8c321ca6d6b44 |
| SHA256 | 3689cb48a512d62daeeccc9cebb9004acd67bc7935d17d8f3adf8c3c420473ca |
| SHA512 | 408c996ddac4aa6d9f9e636edcd2b5ea8bc81b80377533571e4e2c7aa087907a1f49124ec6b75dbe0069e2d8d30215611e8439150cd217c25fe16741ebd4bc68 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | 6ffe9c49802d113828f34d354cfbfcf9 |
| SHA1 | fa564cf685a513cece793dabbd7f588b3daeb3bb |
| SHA256 | c0b863a924d7fd14dfe9733c27d0c1ea08bf663aebc5e84b6a1be3c88acbe06e |
| SHA512 | 040d821d2e6328692fd3b63ac095906fb00797657d1c8e9fb42e77ce474cc4cba8926ac91691f9972a6df781362d511dc2a67ea09740756ae14798768d2d2b92 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json
| MD5 | 05189d3797a93193c6c5bad22dfb39a7 |
| SHA1 | c4820798e18e9abf6bdc4c9301751b0a689f623a |
| SHA256 | fb7a8a30abae2d5764553d06d12df58c686ece4916eeb38bc35dbc00e8a15c49 |
| SHA512 | 00be5e1c4bb08de9739c27076e618c9efb227d13920892f9b1f74c7eed2c7c0443b3e66c952922fa593fb248b906846c19a9b31a42d5fb2ccb998d81375911d1 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | c3c56ca17c49a9945a667c6a07a58bc7 |
| SHA1 | 641abc4d2e19b83f2a393b76020bba73a07dd132 |
| SHA256 | a2e2d2d62533a92acfe6ce55dbc3652efcf25238d212754c126a749e93655b66 |
| SHA512 | f5619c9c95761a25d2d7b729203a0d2859179980e59841ed70a042a6ebe8757474ee48217f453b11f752edf26d17566e99595567629ac89771b9309138727ea0 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | b0faacf4a54f1b829bac8dc990f5e0e5 |
| SHA1 | 5199ff59f35a3f167559656b3cde8bf2f6371232 |
| SHA256 | ddd169a2cd79c04f2f811b39344559f54570f8b0f10791899fe84d2fef8254e9 |
| SHA512 | 7b0ead26332d533cb9736c5772655cbb938b2dd459795a4219a0ecceb889e9f002c09b3d418eb3f319067ee2a79af37a478c5a5da5e7b4b2804c314f949b7be8 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | 623dab4d807bd196570a2bd5bbb414d1 |
| SHA1 | 93c06167e4402783d25f87b6de11d0499304abc1 |
| SHA256 | 35b2356444b7e3a10190e39b7d7598ff54415146c84004376f10fdd5553a6803 |
| SHA512 | ed79bf599f8d584d545ae4c9497acd4c5886441300f1df3eff467d39126dd28391effca3a24b7d8ebb5818862c5c36ac7c7804b6764c02cbca46f9e0125bad77 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys
| MD5 | 2a0bea88ce233b8d841d56df26195e06 |
| SHA1 | 889af4a1f2b77423d5557c8ba7980e5d25e74647 |
| SHA256 | 6116b30ab6f4bf5f0e8eca78bc67890e7aacc6c74fbb4a15a93af44bb34f2636 |
| SHA512 | c3d2620e3e1c19b63bacd578cbe55d52242dd01fc3ba5a90d0d001f8cab105a123959f0b18a8e6e71b4dc97d7995e832c8cd2d3693d808c8a81c98499cc63fd2 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf
| MD5 | 5a9717e1385703e8f06b27aa10a69e87 |
| SHA1 | 84ee67a9167b5eb6560711b9871de98898ad07a5 |
| SHA256 | 47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4 |
| SHA512 | dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | ad9ffd8ad5c6bab14bcfff549eae34a8 |
| SHA1 | 9475049919ff5ca15565df3ae767d0a1dd77dc16 |
| SHA256 | 10e5351a6a138030f36e1eb35c00a81cdc78d5e3f41a77dcd4f2de7faeb6cb24 |
| SHA512 | 05ceed6e15095b4b0cafd03b387fda6564cb2782c8ba1f7c7582fcd1c76edc6547d28e5c3a8c08f34a6cc27d3808f1e574652e557965012ac21d50cff4ab9663 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 2020e577ca5a8e150a0418923d7b6ee2 |
| SHA1 | 5277fe255777574e0476b016d20a04da0cb4f7af |
| SHA256 | b9c4e90d9e73869114bb2560350624e931c4c8ca461e4b09596f3e689c554e24 |
| SHA512 | 6db6ce78574964e566bc9550cfb66b2083e16d17064041457f601868bc8ff91d158f113628067e1408b7e474c69b249b73b442bd1f8d68d6cd0bc63f01272e60 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 9f91e860481807fb8ba835e638b9a3cc |
| SHA1 | 873596dcbf278536b3e02ac3655cd637fe0024ed |
| SHA256 | 3e0bd05f8e749324809c8d0dedd33570d8b5c69d0020dcf8931c4f60be90d7a0 |
| SHA512 | 26df9eedd25862f197ab39d7aeb085298b7b6d06ca1a5efd8fac64a02909dcd0e20a24272bbdcd7f6da17830e93b1d6c097177fc1f9e7a967b6d49b155248805 |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | 24a006dec6510c4793daa000e17a8217 |
| SHA1 | 3327c4c502c14ff8f50abfab00422eef91975972 |
| SHA256 | 69a5d3c87f8b372ae49db27cef75d40fbe654b50a0f666df60c9a869dc4faf94 |
| SHA512 | a937a0ee36eb0136a5dc7046e14db38a74ca7449d57cf48705c991fa8105a5e6977f1e31116ba8e903416c1153b9aa438f715c79ad43a54335a33e013552b3ac |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | 8970e2b993f70b4d771b5a50bbdbfd13 |
| SHA1 | 592cd6f0d6e8e28293e263dcc00b409da547ab9e |
| SHA256 | 25b5520fc8e8ab1649af77e0d91cb9b3cbb01deeb21835d1ea81fcad4b148a23 |
| SHA512 | 2657a030dd07f3adcc3cd2fb9402f763b6ffc52911d84ecafd8305c9b4518150eb8dba3e240a654ec6bf0b28f69d02306fbcf0f88b56c733fae0c607e43e6519 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 98fe62dbe43b9b52ec59f600e94225c0 |
| SHA1 | c123f6402a395cce70f89a0e502d5b38ed6dcb8d |
| SHA256 | 74fa8d565f497b2bc0091a5a9e7051e724033090e333e30f799118885f62e471 |
| SHA512 | 42db64a297bc087bee60bef3566ac0b67c614f6cb1b1bff2c28579bf77aab4a765ad7edd38aecac801108182d028828af0b83a6ff9c9d3d5acb63d8e33210039 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | b1e0349add866692cdd7fcd3e7ac8d5f |
| SHA1 | d1ea84d606c510f2b5c9650d43c572f498dc43a3 |
| SHA256 | 1d479093bdfa3c969d1a8d7ab3eb01c0f5134d627f8965c95b3b3cc46c96cbc3 |
| SHA512 | 8a4fc3f4293d6c9b65faaaee47624b74604060b407a8cab81e1147ee87fe4f950aefa62744c69ffb63562d7fbb5c31c2072c04638b974e1f092a9369da46f13c |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 9a38223158f12a7561972ebbaedfcd8d |
| SHA1 | 2f171ed08ae065a752576cd85be6c22386531592 |
| SHA256 | a966e569f5e95663de107165339f4c08ed23dc32d898ce1e8314e262d33a8fa6 |
| SHA512 | 7c4c6421ed95c4c78602d05f31ae71d69f680a3605dd06f861f65ac1f01499aee6db11f8364686a71225256b7cd28fb49fb0ec0340373ee8030aaa4e141793aa |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 14479b6a862f72cd7914102292fe0049 |
| SHA1 | a3316a9afc702d9e548846835725800fb2abf3fa |
| SHA256 | c7a344957d501a7173eb94e265e311d6aeb5b9a07045c752715bd5b1d170dcbc |
| SHA512 | 5a7f9143f878340cbacb3d0e820d63299c37949b93d9fec8049bc1419d7a091680c308cbbe709890fc1c67bb91032645d5845665b25f0228c73cc65cb231b30c |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | b122520c458b49eeb3be6e0250ab6beb |
| SHA1 | 18b0dbfc83ad3664ec738b22dbdd30d7a1adc338 |
| SHA256 | a8c6281a84efbb01c94a3e5a2b856d1bb8cc53af7690f4bcaaa25f5302dd9d8e |
| SHA512 | 77016a2d9dcdb5b2c4c06d6489875853c0a2a33d0f0a294b5bc222fc347e6eef1110801906c57a4f042fa1248cb30d3c368613027961a2f16563e5bfaf512552 |
C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe
| MD5 | d289d84c0406750cef937bdcdbd32740 |
| SHA1 | 89a8a040a62bc0d2c2809177773f6a10bb83fae9 |
| SHA256 | e21d1060a4a2ad8d0cc781d0ec252b497d96915b648fbc9d1ab46ab750c8d00d |
| SHA512 | c8abdac9756ba299ecd3285a134219ccc222acc9f005a71eae85fd815a93b17b8857ac1e446a8122755e8702a39b76c13df962ba79f45855c752e3347311e09b |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys
| MD5 | 9c4bec17ba2add58348045dbc762ab67 |
| SHA1 | b00ed0ca3634a93a23f70e79bda67c945dc915b6 |
| SHA256 | 9c3b11ba1d4e462d9470fa0b50a61fde9f00cf4adfafd8e8b19f1e8af369cdd6 |
| SHA512 | 6aab0e3d3c189c18ea6540d1736b64a518958c62e1cb0a2874826f6cfd76e3a06fdbd28ae0b81e2fc8fc20601d00d804d86fe9887ab6919dd8090a696fb52b31 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.inf
| MD5 | 358bb9bf66f2e514310dc22e4e3a4dc5 |
| SHA1 | 87bfc1398e6756273eee909a0dfb4ef18b38d17c |
| SHA256 | ff51780a5a854b2c18f71ae426cb066a13723ef6155e24f4910137c9e8dfdc17 |
| SHA512 | 301ec5ec5c0813951843011f2204924240235494999136ea30a557cbf58146fc6043a8866b344fa7deb927d7c83d44e2aaf45adca7d221aba5d36715b9a63e09 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.cat
| MD5 | cffd7ecf8765733aa7a2c36ca5f1eac0 |
| SHA1 | 549b0974cf92676a7589466a3ee29e1dd45afa6d |
| SHA256 | 89c561a58d649d5f29fe1c576ca46245780369845df32045a64739b4056d8bb3 |
| SHA512 | 47006f07c3270f358ce67c235739ebaa17b8fbd9a05da9f05a079322a003f8e6d704d3c5353e1a186df74b1bd6438526f6701a0c173563d676846c0f0f230be6 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 0b40f994fb6f26aa4059bfde879c0dda |
| SHA1 | 83e04598bbd83efd5903320ec791e87a655266d7 |
| SHA256 | 22886a4e6cfb3bc950e9756af4617e3074e94fa0d3d7d58f0f84d553fd942446 |
| SHA512 | e22bbf58bfa11eab67ba67ee539d85feb0e55c3cdd081d0bf1662103eefd5e52efe32fac459cc6c3e4efe6e81e4469d332a1155228c3cd4c406a0fd2bac69b27 |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | 7766c19bcf09d6b4dda88200b0f3419d |
| SHA1 | 39bda571c9a9efb0bbac50f7e3cbb1e063739166 |
| SHA256 | 23207d2992fe0e4c5c9c0f8df7d7ffa98312e1266e8eedc6466b3bf46a86e5ac |
| SHA512 | e5d35cdd949f989d760845ff815e853368caf3f80995f3f600b5e0ce6ab504afa05875ca8be08ca5d8dbe6d57ee766007a828e243ffeb17fa920114338196ba2 |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | f1996b00bd1bd58868c0b24de004e324 |
| SHA1 | 5e02b060a2a0ae687b91cc6bd12f1355f8c70aa3 |
| SHA256 | 4639874379faf2f66dda4a7c8c09ecded45e9988589069b37ff3e8eb2d0f5cd5 |
| SHA512 | 8e455ca8832bc043a64c5d62d03851cc27fce629252184027f38bed33c626ccaadef5f12bd83f37a8f2fe9366384272f87f89a24b756aea9f172336a0ac98072 |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | 9444bdf7494b80b52ecfa4db1e97bf23 |
| SHA1 | 834bad1e511f2658acc1d4465627983d365ca2d0 |
| SHA256 | b34f87ef97ba20708d0f06901e979806aa90570e9acf6df5486301cfa144eb9a |
| SHA512 | e7270e9b484451d566ebf1468cf30f5c0c84142905e1a52a2970218c22db024f588137b18b156564df2fcefc6ece6bc4b8e882694fb8fbc76d8a1fe8ea653f0b |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat
| MD5 | 7ec33c052afd81a7eb453f3a4a581c15 |
| SHA1 | b1589c853cc11e3842e89bab21b3b6c746ecae29 |
| SHA256 | d2ff36638e2efbebf663186bbc59bb128ddfc1023bed2c20d4803495b410c6a8 |
| SHA512 | 7b68f05947ee9b899b82283fc3bed115e2ac2ea1fd2ccc39c87dab2687321d247d25c4a2cf396063d7871957727ec85b40c45d373ac5a9edb181530fa4761526 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 583e422fa68564d77284d8faffc3c875 |
| SHA1 | be39e72766930af6e0c6768b74c536946d32e6a9 |
| SHA256 | 8d971552a3f61ddc000cba5fd11d9a1548a8ef2accd4a03c3ae1c4c347083744 |
| SHA512 | 57ab11e637539624c0b8be5310ccf9fe94ac70a75531588333c0da2c126363b188fc943b0d61d5d097c5cbf9dca90991dbd6a98517c8dc598b922d6004e56cb9 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 213b5593f5cd29dd2609f7f7f29a011f |
| SHA1 | db6cff0d7757968225d7cf2e583de9a0a7b671f4 |
| SHA256 | 25dfe1cfbbf57e8c2ab6f53ea31a230ccdfb7b19a6f067977440a26662f612af |
| SHA512 | 88871ffa6fed641ba7edfadbcc7d8f82ba1e73d03a84be669e10da1ca095a45a5b069542894b19638ed0c75c3c0853066850f1484e7e0b1c6625b13273b1cfb3 |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll
| MD5 | 5c4b6998682070ad73cd246eae251ccb |
| SHA1 | d4e3eef6332a6598e5d63741f3407574c7de5f5b |
| SHA256 | 54e0e90cc5cfef91ceab363c6cad54c7190cfbbecf6353181779938a3f8de8a1 |
| SHA512 | e1f844ecb631b628ff37068ef474b070e22c5be6453c77acde53e886b7e9109f22d09748a7902e64237f5cc9d05818080c0bb5697918235ea2d4ceefb68b8524 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | eba5b424039585662997f8cfb4457b93 |
| SHA1 | 16cc993cf78230cbfaf4a268063e13889c29fa3b |
| SHA256 | 70509bcd7d85b5c0b4e0263a3e18194ff1d46fe681d070e8df81f08dbb6a4252 |
| SHA512 | d585a297e2241046224b680f7cf5814253c5d21bd4c17e2493666f5d480c94b43710116dbb01e76d0cd1d4bacfc1cc0cc7e45fd11eb5c2b9830215570b276c90 |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe
| MD5 | ab258c2dec1945b65cd09b302652e8d5 |
| SHA1 | 90e660cd3502d9bde40227ec0c0c2820958bab3c |
| SHA256 | c488c36827fc5505fc797e4d7f9bc56c2c2ab9d8c432ff9eb55657179bbe5e36 |
| SHA512 | de9e9d01f7cfe40fb64ff4e9ca83ae8f7a87b2e460d89b1fd6717f007afbaffb8cd4dd34e13352c46bbc00372c3ff7f9d9027f54df44f2fba16bd0dda4cfe7fc |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 2601ab49046f804d75589e482beb0ad3 |
| SHA1 | 5fd378f0f0d6e08e48d03ff1b5fff11474a53efb |
| SHA256 | 78568f0e98619bc4b521c7d9241ea1896db7e961c49b197f9a034cb6684adbde |
| SHA512 | fe501a4c3953becf81feab7b933af51e6d7177126741fb81c483a6029cd6717e9c4e18052fc75e24663712f738bda153470c7fb07d13df829e451ea438550e2b |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 380b12e230c179e109f77e4d1bb49822 |
| SHA1 | 381d4b2f34f3f8f9589ad15c6557fabd005091c2 |
| SHA256 | 369142d36248b65c62e201f8b7faea6f25e7ce046cbbfeea556150681498ad86 |
| SHA512 | 7b56312a35f4728d09893dc1fb6ad4f65d3e8548f422b72df875c113b0ae24c4334e35d7022059b4ec882cd796e4829f0a151cedcb4045a3fd248999251c1382 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 3e7e5d74b646e3b814cc6bfa2791d5e0 |
| SHA1 | 2a6d1b0795dee66b3f45690106f5440703c127e4 |
| SHA256 | 9ae58e665f656888d7021bcbe65dc345655e0d0252f96dbb4cd0449d0c8921b4 |
| SHA512 | 4f410ae59ba4e00713dda5d128c8a8513e2f153865f360d9d0bc336bc89338e301ca9da01a7aab0b73186958243d329ebc895916f8553dd2b8867164acd49f28 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 123b961b86b4e9952a2c0054d8637e39 |
| SHA1 | a961195d44c83a3230627a02b3d9a4d412d01436 |
| SHA256 | 5dcf12d31441587d4d3cf2fdcfecea1805528e1d0321dcee2e5e9e02277207e4 |
| SHA512 | 52a36721af825ceff6b0bee9c6ea5512f4f6a9c136004d5bb1ee3ed6e2fd7be961806f754329571f3c6b5ea31055b75ae4b52d35fcf5c0c0be842cb8960cb2e8 |