Analysis

  • max time kernel
    167s
  • max time network
    206s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/08/2024, 14:51

General

Malware Config

Signatures

  • Downloads MZ/PE file
  • Drops file in Drivers directory 9 IoCs
  • Modifies RDP port number used by Windows 1 TTPs
  • Sets service image path in registry 2 TTPs 2 IoCs
  • Checks BIOS information in registry 2 TTPs 6 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Executes dropped EXE 41 IoCs
  • Impair Defenses: Safe Mode Boot 1 TTPs 2 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 5 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 26 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 21 IoCs
  • NTFS ADS 2 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 52 IoCs
  • Suspicious behavior: LoadsDriver 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 58 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:748
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9f4046f8,0x7ffe9f404708,0x7ffe9f404718
      2⤵
        PID:3176
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        2⤵
          PID:1820
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4012
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
          2⤵
            PID:2456
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
            2⤵
              PID:4532
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
              2⤵
                PID:3700
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
                2⤵
                  PID:1848
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
                  2⤵
                    PID:1908
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2340
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
                    2⤵
                      PID:2080
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
                      2⤵
                        PID:4352
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
                        2⤵
                          PID:1960
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
                          2⤵
                            PID:1356
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
                            2⤵
                              PID:2640
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5952 /prefetch:8
                              2⤵
                                PID:2576
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5924 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4052
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
                                2⤵
                                  PID:5304
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
                                  2⤵
                                    PID:5412
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
                                    2⤵
                                      PID:5428
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
                                      2⤵
                                        PID:5980
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
                                        2⤵
                                          PID:5988
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
                                          2⤵
                                            PID:5124
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
                                            2⤵
                                              PID:5132
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
                                              2⤵
                                                PID:1600
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5544 /prefetch:8
                                                2⤵
                                                  PID:6072
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
                                                  2⤵
                                                    PID:6080
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5504 /prefetch:8
                                                    2⤵
                                                      PID:5400
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6520 /prefetch:8
                                                      2⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:5792
                                                    • C:\Users\Admin\Downloads\MBSetup.exe
                                                      "C:\Users\Admin\Downloads\MBSetup.exe"
                                                      2⤵
                                                      • Drops file in Drivers directory
                                                      • Checks BIOS information in registry
                                                      • Executes dropped EXE
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of FindShellTrayWindow
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5008
                                                      • C:\Windows\SysWOW64\cmd.exe
                                                        cmd.exe /C timeout /t 1 & "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\Admin\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"
                                                        3⤵
                                                        • System Location Discovery: System Language Discovery
                                                        PID:5992
                                                        • C:\Windows\SysWOW64\timeout.exe
                                                          timeout /t 1
                                                          4⤵
                                                          • System Location Discovery: System Language Discovery
                                                          • Delays execution with timeout.exe
                                                          PID:7432
                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\Admin\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"
                                                          4⤵
                                                            PID:496
                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension C:\Users\Admin\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi
                                                              5⤵
                                                              • Checks processor information in registry
                                                              • Suspicious use of FindShellTrayWindow
                                                              • Suspicious use of SendNotifyMessage
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:6916
                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {78211f57-af49-4eed-bdd2-e98b54ba8a0e} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" gpu
                                                                6⤵
                                                                  PID:7184
                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2484 -parentBuildID 20240401114208 -prefsHandle 2476 -prefMapHandle 2472 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d4cb147-cce2-4675-8c54-f12b9575c2e7} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" socket
                                                                  6⤵
                                                                    PID:7320
                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3216 -childID 1 -isForBrowser -prefsHandle 3208 -prefMapHandle 3204 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a50e312-7676-45d7-b775-22a34e202a4b} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" tab
                                                                    6⤵
                                                                      PID:6320
                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3584 -childID 2 -isForBrowser -prefsHandle 2844 -prefMapHandle 2848 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b7d8bfe-dbbf-4721-9486-3c5829e96d6d} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" tab
                                                                      6⤵
                                                                        PID:6460
                                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4360 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4352 -prefMapHandle 4348 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9801d08-f219-41d5-ae11-82ff72a30825} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" utility
                                                                        6⤵
                                                                        • Checks processor information in registry
                                                                        PID:8120
                                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5208 -childID 3 -isForBrowser -prefsHandle 5200 -prefMapHandle 5172 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aba5725b-f025-42a6-a91f-3d38141e6eb2} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" tab
                                                                        6⤵
                                                                          PID:1944
                                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 4 -isForBrowser -prefsHandle 5352 -prefMapHandle 5356 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91186289-46ea-4c64-ae20-bd74e6b27c03} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" tab
                                                                          6⤵
                                                                            PID:6468
                                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5536 -childID 5 -isForBrowser -prefsHandle 5544 -prefMapHandle 5548 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cf9bbef-4e6d-40b7-b589-61c049b75162} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" tab
                                                                            6⤵
                                                                              PID:1000
                                                                    • C:\Users\Admin\Downloads\MBSetup.exe
                                                                      "C:\Users\Admin\Downloads\MBSetup.exe"
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:2368
                                                                    • C:\Users\Admin\Downloads\MBSetup.exe
                                                                      "C:\Users\Admin\Downloads\MBSetup.exe"
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:5228
                                                                    • C:\Users\Admin\Downloads\MBSetup.exe
                                                                      "C:\Users\Admin\Downloads\MBSetup.exe"
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:5276
                                                                    • C:\Users\Admin\Downloads\MBSetup.exe
                                                                      "C:\Users\Admin\Downloads\MBSetup.exe"
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:2324
                                                                    • C:\Users\Admin\Downloads\MBSetup.exe
                                                                      "C:\Users\Admin\Downloads\MBSetup.exe"
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:6004
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 /prefetch:2
                                                                      2⤵
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      PID:5228
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5508 /prefetch:8
                                                                      2⤵
                                                                        PID:4648
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6248 /prefetch:8
                                                                        2⤵
                                                                          PID:972
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 /prefetch:8
                                                                          2⤵
                                                                            PID:2120
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6416 /prefetch:8
                                                                            2⤵
                                                                              PID:2600
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6740 /prefetch:8
                                                                              2⤵
                                                                                PID:5560
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 /prefetch:8
                                                                                2⤵
                                                                                  PID:3908
                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                1⤵
                                                                                  PID:1988
                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                  1⤵
                                                                                    PID:1084
                                                                                  • C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
                                                                                    "C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
                                                                                    1⤵
                                                                                    • Drops file in Drivers directory
                                                                                    • Executes dropped EXE
                                                                                    • Impair Defenses: Safe Mode Boot
                                                                                    • Loads dropped DLL
                                                                                    • Enumerates connected drives
                                                                                    • Drops file in Program Files directory
                                                                                    • Modifies Internet Explorer settings
                                                                                    • Modifies data under HKEY_USERS
                                                                                    • Modifies system certificate store
                                                                                    • NTFS ADS
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                    PID:5628
                                                                                    • C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
                                                                                      "C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      • Loads dropped DLL
                                                                                      • Drops file in System32 directory
                                                                                      • Drops file in Windows directory
                                                                                      PID:5580
                                                                                    • C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
                                                                                      "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
                                                                                      2⤵
                                                                                      • Drops file in Drivers directory
                                                                                      • Executes dropped EXE
                                                                                      • Drops file in System32 directory
                                                                                      • Modifies registry class
                                                                                      PID:5456
                                                                                  • C:\Windows\system32\svchost.exe
                                                                                    C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                                                                    1⤵
                                                                                    • Drops file in Windows directory
                                                                                    • Checks SCSI registry key(s)
                                                                                    PID:5728
                                                                                    • C:\Windows\system32\DrvInst.exe
                                                                                      DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "000000000000014C" "Service-0x0-3e7$\Default" "000000000000015C" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
                                                                                      2⤵
                                                                                      • Drops file in System32 directory
                                                                                      • Drops file in Windows directory
                                                                                      • Checks SCSI registry key(s)
                                                                                      • Modifies data under HKEY_USERS
                                                                                      PID:3560
                                                                                  • C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
                                                                                    "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
                                                                                    1⤵
                                                                                    • Drops file in Drivers directory
                                                                                    • Sets service image path in registry
                                                                                    • Checks BIOS information in registry
                                                                                    • Executes dropped EXE
                                                                                    • Loads dropped DLL
                                                                                    • Enumerates connected drives
                                                                                    • Drops file in System32 directory
                                                                                    • Drops file in Program Files directory
                                                                                    • Checks processor information in registry
                                                                                    • Modifies Internet Explorer settings
                                                                                    • Modifies data under HKEY_USERS
                                                                                    • Modifies registry class
                                                                                    • Modifies system certificate store
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    PID:5988
                                                                                    • C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
                                                                                      "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
                                                                                      2⤵
                                                                                      • Checks computer location settings
                                                                                      • Executes dropped EXE
                                                                                      • Loads dropped DLL
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      • Suspicious use of FindShellTrayWindow
                                                                                      • Suspicious use of SendNotifyMessage
                                                                                      PID:2476
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:7664
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:7716
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:7544
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:7396
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:5512
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:6172
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:6184
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:6356
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:6344
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:5388
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:5824
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:6308
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:5992
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:5780
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:188
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:5872
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:6376
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:6244
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:6560
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:6576
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:6640
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:6440
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:6620
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:8076
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:8100
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:6452
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:7392
                                                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                                                      ig.exe reseed
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:6060
                                                                                    • C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
                                                                                      "C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status on true /updatesubstatus none /scansubstatus none /settingssubstatus none
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      • Modifies data under HKEY_USERS
                                                                                      PID:7108
                                                                                    • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe
                                                                                      "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no
                                                                                      2⤵
                                                                                      • Checks BIOS information in registry
                                                                                      • Executes dropped EXE
                                                                                      • Modifies data under HKEY_USERS
                                                                                      PID:2868

                                                                                  Network

                                                                                        MITRE ATT&CK Enterprise v15

                                                                                        Replay Monitor

                                                                                        Loading Replay Monitor...

                                                                                        Downloads

                                                                                        • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll

                                                                                          Filesize

                                                                                          4.2MB

                                                                                          MD5

                                                                                          03d6455dc6934a409082bf8d2ce119d5

                                                                                          SHA1

                                                                                          995963c33a268a7ed6408c2e6de1281e52091be2

                                                                                          SHA256

                                                                                          82ca2aec64fe151efd59a838c1845111bfb9f94ff277be3afae4e3f684ef3a62

                                                                                          SHA512

                                                                                          a0ff71bc01a11c9a95c1a0186a7bbfec9c3f84d7e600d0bca877934fa5f84053627bc59bb355f53ce9e3c9e4c6a841b8f5cb7436fe7f43b63426a8a851392c6d

                                                                                        • C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.cat

                                                                                          Filesize

                                                                                          10KB

                                                                                          MD5

                                                                                          8abff1fbf08d70c1681a9b20384dbbf9

                                                                                          SHA1

                                                                                          c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6

                                                                                          SHA256

                                                                                          9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658

                                                                                          SHA512

                                                                                          37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f

                                                                                        • C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.sys

                                                                                          Filesize

                                                                                          107KB

                                                                                          MD5

                                                                                          83d4fba999eb8b34047c38fabef60243

                                                                                          SHA1

                                                                                          25731b57e9968282610f337bc6d769aa26af4938

                                                                                          SHA256

                                                                                          6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c

                                                                                          SHA512

                                                                                          47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

                                                                                          Filesize

                                                                                          8.6MB

                                                                                          MD5

                                                                                          4dc92b52e48b9a7e209307def43f0fa4

                                                                                          SHA1

                                                                                          ba0640d5afd2d5b07fdfca4d2a37a1208bda1b94

                                                                                          SHA256

                                                                                          461727e42566cd84e4161d5332131956041e02e3d81cfec07c22862fa4b6d3d4

                                                                                          SHA512

                                                                                          cb1b2f63befed99c26a5f4912f5e9e7a315f75414097e66a2c2768573425129d18245e515d2bf38e352eefd78d0e61407d43a09993edf0aec6e2ff7c296d0d8d

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

                                                                                          Filesize

                                                                                          2.9MB

                                                                                          MD5

                                                                                          46f875f1fe3d6063b390e3a170c90e50

                                                                                          SHA1

                                                                                          62b901749a6e3964040f9af5ddb9a684936f6c30

                                                                                          SHA256

                                                                                          1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec

                                                                                          SHA512

                                                                                          fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

                                                                                          Filesize

                                                                                          291KB

                                                                                          MD5

                                                                                          6f96b5f5aefcb16a87b609e71ffe4102

                                                                                          SHA1

                                                                                          ff6393b0735c17b45af2e67f4a097caf3dd36764

                                                                                          SHA256

                                                                                          2a14ea7aa0a9032941be509b5e767562fe64e5d66fa04f5c9bd0553815ab18f3

                                                                                          SHA512

                                                                                          4a37f2f3cfff9d790bd0023774338ad3e370678bd87d5619c4f0938f6a92838c5bca91a0c6461a9fd137cf928b1903d4c5ca5b8b4ea1c59c7abeecd0ff387b93

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

                                                                                          Filesize

                                                                                          621B

                                                                                          MD5

                                                                                          2994b82c0587eee0b82291782ef31895

                                                                                          SHA1

                                                                                          d6c30765a2dba5359cd057504d2b68767c47527b

                                                                                          SHA256

                                                                                          7f8e25441413f5728506c84093be0f02c646f19143561731e2033a2a37e1d295

                                                                                          SHA512

                                                                                          bd8d7b9c063f5e856f1c010985bd6bfc7a9d4a7570063424be9de2966a471a3b4d971c899fdaf9b5939791aab48ff2fc2df219b9ce5ad02bd4180649eeddada1

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

                                                                                          Filesize

                                                                                          654B

                                                                                          MD5

                                                                                          4c44dbd8277a073d4d6963b12eb9e510

                                                                                          SHA1

                                                                                          b4987310a9756c126ed3d96889091027925c9718

                                                                                          SHA256

                                                                                          bdc9f0a0c64f8f5fc4ea221458f67a1777bfe2021623e511e8c041eb90ed2266

                                                                                          SHA512

                                                                                          f7cf5486212e006cf890a1b88bd986ff1c87a2638b487d06984a1312708aaa7dcd5fba863665168f22810437ba2564d635a02911d2341d16dc435d983c4df33e

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

                                                                                          Filesize

                                                                                          8B

                                                                                          MD5

                                                                                          c9d055c8b473ed36b102277e246eab96

                                                                                          SHA1

                                                                                          9f21d44a5457fce59151391faa4830ed0d3b0631

                                                                                          SHA256

                                                                                          bd83ce37859006d7c8e9b72ba335363b4ccd98778463d076d3f1be55147c26e2

                                                                                          SHA512

                                                                                          31375edd020a38d018744b127764ae883a02acbdbedc663355dc22b402711f24b9dfc2b4faf09fbc0b7b5b89e7f851d9e0e16dd0dca000d395c7bc8e3fd1c620

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe

                                                                                          Filesize

                                                                                          3.9MB

                                                                                          MD5

                                                                                          b672a064c3cfdf56ce0d6091edc19f36

                                                                                          SHA1

                                                                                          1d21d4ca7a265c3eafaae8b6121be0260252e473

                                                                                          SHA256

                                                                                          04fdd99a4e8ded496a99c9d3c8c0b6a9a9bde9c4187d07342260f63852ef6273

                                                                                          SHA512

                                                                                          53e6c4bd68a0cf36160b21d63e7a6152ca78f17c76ccee9e185c1cf3f5a254c05f401f91501ad3d6806d5085b1f58322e6b7ad483fb813b86cb8570519410680

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll

                                                                                          Filesize

                                                                                          2.9MB

                                                                                          MD5

                                                                                          43ac1c20beb5002fa077cf957f4acd1c

                                                                                          SHA1

                                                                                          26d293956846ad24faf3c7269654a58885256c5d

                                                                                          SHA256

                                                                                          1367ed1b5a3eea658b136d7e04598cc8fa9652bebd2e301bea0042c108ff1754

                                                                                          SHA512

                                                                                          3526000c38985e8da22d245ab944545ba8bf5a4ff2611c45c4602259c86b800307330dcdac9ebb1a0c3e12c3b3649825686737d4417d2580f3f5e0bdc05ef39f

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll

                                                                                          Filesize

                                                                                          2.7MB

                                                                                          MD5

                                                                                          b7e5071b317550d93258f7e1e13e7b6f

                                                                                          SHA1

                                                                                          2d08d78a5c29cf724bc523530d1a9014642bbc60

                                                                                          SHA256

                                                                                          467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064

                                                                                          SHA512

                                                                                          9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll

                                                                                          Filesize

                                                                                          2.8MB

                                                                                          MD5

                                                                                          2bbf63f1dab335f5caf431dbd4f38494

                                                                                          SHA1

                                                                                          90f1d818ac8a4881bf770c1ff474f35cdaa4fcd0

                                                                                          SHA256

                                                                                          f21a980316bd4c57c70e00840ab76d9ad412092d7d2d6a2cff4f1311f7c05364

                                                                                          SHA512

                                                                                          ebb9834323329dc01ba2c87e5fad1083a4cb86f5ed761cb63299ac5336a9843a1aadd42fbed706797c2295117af1c00f96806422338352653c8e0255fecc2fd5

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          5d1917024b228efbeab3c696e663873e

                                                                                          SHA1

                                                                                          cec5e88c2481d323ec366c18024d61a117f01b21

                                                                                          SHA256

                                                                                          4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8

                                                                                          SHA512

                                                                                          14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll

                                                                                          Filesize

                                                                                          113KB

                                                                                          MD5

                                                                                          2ccb84bed084f27ca22bdd1e170a6851

                                                                                          SHA1

                                                                                          16608b35c136813bb565fe9c916cb7b01f0b20af

                                                                                          SHA256

                                                                                          a538caf4ac94708ddb4240d38b1b99914ca3e82283f0d8a2290be28fc05eaccb

                                                                                          SHA512

                                                                                          0fd66d241bdebd0052f4972e85b42639e3c5a40affe23170b84bc4068dff8e84446898a77ebf7cc0bef97454abb788faccce508a68bc5e717980ef26d8436986

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.cat

                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          1c69ac8db00c3cae244dd8e0ac5c880e

                                                                                          SHA1

                                                                                          9c059298d09e63897a06d0d161048bdadfa4c28a

                                                                                          SHA256

                                                                                          02d57ac673352e642f111c71edbb18b9546b0b29f6c6e948e7f1c59bd4c36410

                                                                                          SHA512

                                                                                          d2ec2ff9fea86d7074998c53913373c05b84ddd8aa277f6e7cda5a4dfffd03273d271595a2f0bf432b891775bdd2e8f984c733998411cfc71aff2255511b29c9

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.inf

                                                                                          Filesize

                                                                                          2KB

                                                                                          MD5

                                                                                          358bb9bf66f2e514310dc22e4e3a4dc5

                                                                                          SHA1

                                                                                          87bfc1398e6756273eee909a0dfb4ef18b38d17c

                                                                                          SHA256

                                                                                          ff51780a5a854b2c18f71ae426cb066a13723ef6155e24f4910137c9e8dfdc17

                                                                                          SHA512

                                                                                          301ec5ec5c0813951843011f2204924240235494999136ea30a557cbf58146fc6043a8866b344fa7deb927d7c83d44e2aaf45adca7d221aba5d36715b9a63e09

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys

                                                                                          Filesize

                                                                                          196KB

                                                                                          MD5

                                                                                          954e9bf0db3b70d3703e27acff48603d

                                                                                          SHA1

                                                                                          d475a42100f6bb2264df727f859d83c72829f48b

                                                                                          SHA256

                                                                                          8f7ae468dba822a4968edbd0a732b806e453caaff28a73510f90cb5e40c4958a

                                                                                          SHA512

                                                                                          0e367ce106820d76994e7a8221aaaab76fda21d40aede17a8fe7dedaca8f691b345b95cf7333eb348419bc5f8ea8618949783717100b38ed92544b9199f847f0

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.tmf

                                                                                          Filesize

                                                                                          63KB

                                                                                          MD5

                                                                                          c97bdce34905d88028d709cbeb8396c8

                                                                                          SHA1

                                                                                          fee05f9fdf2f52c3b13de2e77e6ff98e4df485a3

                                                                                          SHA256

                                                                                          72e4695c9c70d5bb90bcf4d4f6b20607ca25fcdcb1bf9c5c77a062c6eae77370

                                                                                          SHA512

                                                                                          31ef1b6219d6bb7d723342e2f94e8199fdd517cae7008ad1f77e064f77eea0f6a3c0823269e55285a27137fe0234cca731829691f84f100ce048a5f62f7466e0

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat

                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          3da850e8540c857a936b3d27c72ed0af

                                                                                          SHA1

                                                                                          cd5b3a36b1c3d762835ed2f62a151c5127f01dbb

                                                                                          SHA256

                                                                                          0c77c63c9eb8eef49e833dfbb2d4f0e91bf9aba6bbea1fbb8ff8d1cdc16f7e38

                                                                                          SHA512

                                                                                          5c9d5add57ad377cea6958e13e515053ae8aa9f9d8471e8ec57064e5bf8f5c1f3efdf26078aa287e63f38b528333c69be0745894cb2c0b427d78775f7605507f

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf

                                                                                          Filesize

                                                                                          3KB

                                                                                          MD5

                                                                                          5a9717e1385703e8f06b27aa10a69e87

                                                                                          SHA1

                                                                                          84ee67a9167b5eb6560711b9871de98898ad07a5

                                                                                          SHA256

                                                                                          47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4

                                                                                          SHA512

                                                                                          dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys

                                                                                          Filesize

                                                                                          226KB

                                                                                          MD5

                                                                                          817666fab17e9932f6dc3384b6df634f

                                                                                          SHA1

                                                                                          47312962cedadcacc119e0008fb1ee799cd8011a

                                                                                          SHA256

                                                                                          0fcaebe94f31fa6e4d905b5374733d72808f685fa3bcc9db9a8a79bd4a83084f

                                                                                          SHA512

                                                                                          addc9a5b13da4040a44d4264cbfe27656b7d7971029a0ad53c58e99267532866f302ca8831a3f4585bbe68d26ec2d11a6b43de9bf147b212ab1f05eb4ed37817

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat

                                                                                          Filesize

                                                                                          9B

                                                                                          MD5

                                                                                          c5655eafbae3d85507c93a2a585c0dfb

                                                                                          SHA1

                                                                                          f6abe776d55940c74c20632d36839a09aa571008

                                                                                          SHA256

                                                                                          36310f22e6a5e06e5572f0dc42a97330a9807486ebfa04a3860f7e4d11f06877

                                                                                          SHA512

                                                                                          92f3471770f502a7f71d895a3664e929c8f1a08c39b100919b47677fa3f510ce43f1679e663d108b351a85948822dc24dbb7f7d4ea090f1081de6b37f7e9ed19

                                                                                        • C:\Program Files\Malwarebytes\Anti-Malware\version.dat

                                                                                          Filesize

                                                                                          47B

                                                                                          MD5

                                                                                          af6060defd600404a141d27f07fff6a1

                                                                                          SHA1

                                                                                          9a1aa568da808ef501356530d89458a87b0880ed

                                                                                          SHA256

                                                                                          f1adffe26afd5d1c786ba6d2c8c0852a2bc99ff10fc67b69027728630fd8c35a

                                                                                          SHA512

                                                                                          b2c9db90668355bb7afe4371cab09aa5767837fef1121b46333302a1fde5f4f1e11f4897aa58dc9b7cbbe6cb83ee4f5f82a89254148b19eae9283c73eed2037f

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\ARW\mbarwind.arw

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          31f4ed6c2077a6712cfc2b27762b580b

                                                                                          SHA1

                                                                                          57c68266fc9b49c5d7dc62a15eb6636befcbc84b

                                                                                          SHA256

                                                                                          1ca6574269eb2e6daa059cec58c5e999fc6345bb8a93a7b3e22fefd34a7ea8b3

                                                                                          SHA512

                                                                                          13d9727a694c88fde149517beb4d16938f328486065b9d491151b06855312cd0b5deda67a2ee4ba85280d19d7d6b648bf0b6ffd3ed9cb346ba9ed0cfe9ceeed6

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\LOGS\mbae-default.log

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          2ab6efd9915d75ec1b7edd6940d8f2e2

                                                                                          SHA1

                                                                                          97981acbfc1f61f26f39ab13c0a884250ba638d2

                                                                                          SHA256

                                                                                          f27417c4773bebbbdae5b6a079eb2f0de6bb61d63179dad46b7ac56c1ec3d666

                                                                                          SHA512

                                                                                          7cfb980be6da53947896da189db8d8af76d34fc73c142d2560793deb564ab486c05401e280fcb6d31522a55813800e779ee0dcd2e0e9dc2033b21bfd45b2b9d3

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

                                                                                          Filesize

                                                                                          66KB

                                                                                          MD5

                                                                                          d4547c6b61917ff7dbccdf697abac893

                                                                                          SHA1

                                                                                          74e063318258ba73aafa512cee7478369f251925

                                                                                          SHA256

                                                                                          de935c1d04ac387a9f690a8d2bf6cd2f955eba08dd85a0efe9f0db35c8bde1cc

                                                                                          SHA512

                                                                                          5242e4b25f80759340b56f9fa45541834891ee602667ff2f2e49d5ac79d43727b14a7e7237e13b42c97feeeb48e9f05effe757a4d4670087de461ccb561710d2

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

                                                                                          Filesize

                                                                                          66KB

                                                                                          MD5

                                                                                          a08b24f122e4e199727ba9c21e1c4bbe

                                                                                          SHA1

                                                                                          7921a38e9246ca1664271f120bd1d4029a2f6463

                                                                                          SHA256

                                                                                          a1cab05446efa17621550e1d57d2365c96c5c0e8bb0471077f9265cd40bb8243

                                                                                          SHA512

                                                                                          5458e7d98cb1f667c57ee7123b3638240e1e4d63abac7415b1ae25662d4325d91d55983f29bded9ddcfe022a96018f697dce3dde590ef854060a7da13ed57112

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

                                                                                          Filesize

                                                                                          89KB

                                                                                          MD5

                                                                                          3bedd32b02c3f9814f597305713ac856

                                                                                          SHA1

                                                                                          464c4418f40c3275529d644e8c8e88641645a2e4

                                                                                          SHA256

                                                                                          0f95ad30ab72993c28acfa1246431381b0bb87e78c0493d5d4d674fb133028d9

                                                                                          SHA512

                                                                                          82a11426473bb82c912ad212b56ea12733549bde0eebc1f4628bcd6882a8b43aad45a72078b3317d6e03e6e1a0bb600fd57798f6deab7d4b01af6d8e1d82d436

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json.bak

                                                                                          Filesize

                                                                                          47KB

                                                                                          MD5

                                                                                          d0c0719786aa24788040879f5a8545b3

                                                                                          SHA1

                                                                                          9b39368247834f13bc4b0a0055fdc83123418913

                                                                                          SHA256

                                                                                          90da5d286f01090be2e9fdf848055272af22ddbe210453722a7f374d7a77ccf4

                                                                                          SHA512

                                                                                          db09d4659e2b223aab5b9148d9b5d99468fe475cf82bd17ac845dcdce4c893d6d66dfdec505312235bfbf80cdac4459fe36689489968309de9e3bb4cf12abc03

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

                                                                                          Filesize

                                                                                          607B

                                                                                          MD5

                                                                                          be6086708e50cb5b193e3fa95a41df7f

                                                                                          SHA1

                                                                                          5a17ed6bae4ff5b9c58d28e225dfcdf97d168961

                                                                                          SHA256

                                                                                          8328423058245fe28dc99f5fc76906695af8225f72afcd5c9809d0f4d78ee2a4

                                                                                          SHA512

                                                                                          7dc0b4f9494895de9ee923b65693cd59433627ae73067d4b4aa77b28f629ccce36a1b9e797e997a410645a002d13e376011cb5a77e17e0e34662613d9175d0b6

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

                                                                                          Filesize

                                                                                          608B

                                                                                          MD5

                                                                                          7696f11b4ed942a3a8c2cfe61993c690

                                                                                          SHA1

                                                                                          401a064298f154ded0bec4dfe71fedc0d0924166

                                                                                          SHA256

                                                                                          f039d3f0d05a052eb78a1fb8fefc034d071310ca3a88f601c79bedd6011052d9

                                                                                          SHA512

                                                                                          5d96cef79788f89af13c3d6e68a6738433af21910ac02d75071934812c1d5aec675b26018936cbf1fe4ee50cc16e16365ae75c3f3e45dd8325440c0578b7cb95

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

                                                                                          Filesize

                                                                                          847B

                                                                                          MD5

                                                                                          da8a3fd6dc76f243fb3244de8bbc6f60

                                                                                          SHA1

                                                                                          dbea2d100f858c9720eb80672ddb5cc718b092c1

                                                                                          SHA256

                                                                                          7006ef6f0e3901f8a78ab0d04f149fda47078840610ce19db0239244584be119

                                                                                          SHA512

                                                                                          f120a79d743765ef122509a1bc1c3704effe8986525ea50d2263bd8af3845dff046c7ab45628143103549d586b90618bc41a6673b53131d4811d8127ebdbaf21

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

                                                                                          Filesize

                                                                                          846B

                                                                                          MD5

                                                                                          9c91df487ce52a5de8ce17c37199fd72

                                                                                          SHA1

                                                                                          be2d8f72e36d3d533a37fecea645096766ada144

                                                                                          SHA256

                                                                                          5be11e9eb310e2dd1529d806ba9ce2b10efb91deae0ab87c8424847c14e0a755

                                                                                          SHA512

                                                                                          d7b16236d4f73d5de8eaea2d1f3e1af3695f5fde87be1cae819d6fb5a59c981a249de07377c750b26dbc839f72265e1b5b791c3af3fae87e6e3c8afc0d96ff42

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

                                                                                          Filesize

                                                                                          827B

                                                                                          MD5

                                                                                          5ea25629dda932c06243d2d4b7a3f117

                                                                                          SHA1

                                                                                          56ba555e9600fd6df6c8885925544d5ab57ef6cc

                                                                                          SHA256

                                                                                          bda70ade8e44d7a8e29387bfde6aa46f495b0be9b5683b0a109d76bb8700ec5d

                                                                                          SHA512

                                                                                          6ddd4eb0f3e0b1ab8acdd97868797e0c073b843d43a707d83d02562329a57cf45972d8d62405118b1a6c135988ae743c8fefbed1a91b256e002f7fb63b128d56

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          90ecf7e933d884948d074e45fc12e802

                                                                                          SHA1

                                                                                          6f4a3741d9621da465b2a14797fe876c309207cd

                                                                                          SHA256

                                                                                          2c15272e9fe056b313915abe9ad7b8217c70abb3e21b298c2c9bb3c843a257cb

                                                                                          SHA512

                                                                                          ee5e62843a24bc0937f6aa3bc17ee60f2d871582ff512a0d3e10f738d56ef62d34827ad37f98131de2e17e203cd8dbd34c9172ccb72d086bf448cc4c92211fd7

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

                                                                                          Filesize

                                                                                          2KB

                                                                                          MD5

                                                                                          1526feaa24bd5ce63a54e4fca00dd5e9

                                                                                          SHA1

                                                                                          6e110ddbb40eb48cbee8893bba018bf7b1460bb1

                                                                                          SHA256

                                                                                          2446f69f85db77a0c060346e52f10c65012feea55a3fcc6db320c929dbf3fdc8

                                                                                          SHA512

                                                                                          bcae8fd52862547f3d180ca9bbf07212b79de53f147c65a129bc73741c67ee652476c13022e46bb04ae1ff99ef8377f1966c4b3f1cf2dbeea4c0ee1716b8fa5b

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

                                                                                          Filesize

                                                                                          3KB

                                                                                          MD5

                                                                                          76379d5bf419ad4cb108cf997acac362

                                                                                          SHA1

                                                                                          c9d78bae8562ffca8560fe1cd8d3d838e1e9344f

                                                                                          SHA256

                                                                                          22e6316e17fd82330d25327d2baa296a972a7f006ad6107b7fab8bfa360fd760

                                                                                          SHA512

                                                                                          064eec674d1d9d51993cebcad3287090e2fc279fe1d5756130c3912c3b25536b4ba2565252acacdfa91890f3eeafb2caae91e7e33c3cc81e9694c05e9e7a2636

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          7bc9a3af7628b63db7eab0f860662f05

                                                                                          SHA1

                                                                                          362bf8e00a79ea9a2f1ae7540da0a98c83f2c156

                                                                                          SHA256

                                                                                          bd68c5e395b72458402d86f96134d7708f43fe56f51031106468eb332ba73a89

                                                                                          SHA512

                                                                                          c5e9d7acc577585565174001a852f7ea8ade8ad4e4e550f63c2aaff364f967fb90151f12c0a7aa6bd64f77fe169714bb32404178ef491a7ac982c52790a6ff46

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

                                                                                          Filesize

                                                                                          12KB

                                                                                          MD5

                                                                                          6a6809ede5ba8e4be984ff627d402a73

                                                                                          SHA1

                                                                                          a88cf1a14f74e80755a6047b58df933f05e0cd8e

                                                                                          SHA256

                                                                                          4b44ee3cd92995600d0177607325a37bd2023db71a9c05c8562fee2b5c2f41ba

                                                                                          SHA512

                                                                                          904e00b0b379440588ac4f18640dd3b3b6c9e64c8584e8629b2c347d3f3e5b8c0a9a30acbc67ee95b7f5ab738debd260a2493ddc139e5406263db8485c3b75c8

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

                                                                                          Filesize

                                                                                          12KB

                                                                                          MD5

                                                                                          e1f5f35852353493e8babd2df9ebbba3

                                                                                          SHA1

                                                                                          6d6a4880dfc6ec562e6ab0a26b6cc2d3dc3290d9

                                                                                          SHA256

                                                                                          8e6f6c741bf2ab5851d966850ffe34662dbd36fb8cc0455cfb33efc8f1312dd6

                                                                                          SHA512

                                                                                          cbcbfc97de339a46b370b7131a42a98fec198890fbb6298da122d53dc8c74117bb0fb41cf9a65b75df987274768103e6f6392a626e4b804d51ef0e5c3622edef

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          452f004454f093b10fce2150239b2ff0

                                                                                          SHA1

                                                                                          60c778a36ec6eaf4a1885d996bcb6ac1b7cc91c1

                                                                                          SHA256

                                                                                          f6a16069a4b70edd030a5079cc7192638f77d59b8e570d739898d49ca06455d5

                                                                                          SHA512

                                                                                          271d3afb8fd3f38c2279acd5e87f536d4b88ffa792a6bb61d7b0e035bb36afaa020186b6a5f76bdbe3b06cbcd1478996997778fa1ba544eaeb9c53af1abb7822

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json.bak

                                                                                          Filesize

                                                                                          2KB

                                                                                          MD5

                                                                                          59987e19121a905e244888c3ea7bf470

                                                                                          SHA1

                                                                                          69aa5f8b3d0f42fb9d06081d0bc2b2f135885083

                                                                                          SHA256

                                                                                          8822c6f1348e2197f6f4412526158f114da63f4af9d28155b1ef43fd8d36174a

                                                                                          SHA512

                                                                                          c28412ae0c455821455393872c622f81ba2b81bcb80b9843478b78780f6f86cc5244c6017a3d3a8f3d1eb57b10d8c7a4de8f2e95214828592b0dcfeeb10963e3

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

                                                                                          Filesize

                                                                                          814B

                                                                                          MD5

                                                                                          f7d1311d37db14454505c85acc18d1c0

                                                                                          SHA1

                                                                                          39b422abc1027c712b058607d5ccb4a77c4e7fe4

                                                                                          SHA256

                                                                                          13cbb7654053232e1c9f4fc37c2176bf0ce2e154f10d4ac1713545639290ef84

                                                                                          SHA512

                                                                                          6c12633e5565cc7dc4374f64d10b301d7e0f1f17fb4bd99e674b764971d26d44cd2427f267758e8153a63178ffc7bda3a96938d70fd83d7ee5538ec17128390d

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

                                                                                          Filesize

                                                                                          816B

                                                                                          MD5

                                                                                          16f43d8bc0f34b3076c77f2de58d6a19

                                                                                          SHA1

                                                                                          30530334cd8b6abb265d0bd8247a89293b83683c

                                                                                          SHA256

                                                                                          4f207c38b3b21c36d336e6fadb3b94fdbebe5691bf4309d1dd69a982e68be6f3

                                                                                          SHA512

                                                                                          0ca2de0f1e5d7c7ae4db20b71756c4ba1c53f4c34fddaaa4378347ec9e4e656516e4aaab2846545d83eec6fcdda96133c4aded664b9764bce5d0611746d49e2c

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          b70a3cd4366c9a703cd185615a957196

                                                                                          SHA1

                                                                                          5be69033463ef15f5f90a81f5176c00a4ee010d5

                                                                                          SHA256

                                                                                          6739c56b928ae8416cf621bbff7be6bbf996bdf7a66441ee0c2c5067a2307b5a

                                                                                          SHA512

                                                                                          e2bef3ee523de49fd39a5c7c02668192841c7da8f24f52824281914a0f49493f0845d72ba460b3ed8e6b8e1819900e261c22e2c52ff85ad0afe8bb841cfac6d2

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          f8b2a251958469415c2410795e7842ae

                                                                                          SHA1

                                                                                          bb030454631d2d0238e1784466f2e9200d5de703

                                                                                          SHA256

                                                                                          9fc2bcc3bff1991394fe758d30d04714020a67fa0555741c05fc7d57f4b727bf

                                                                                          SHA512

                                                                                          77d9ba983d00b79604916340f57bb44514cedbc02833b67c5f9a54a11f2028c24ce4db801023be44e1cb440544f3601c197b8cdf140fc79058bdf7f537b61136

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          41744a2f2f37dd5b139c5b6a07fce1e5

                                                                                          SHA1

                                                                                          8d36608ad1293f4cff4025d1529cde961e3cc429

                                                                                          SHA256

                                                                                          87a1dd86b9986e0e76dc948a8530c5a50d7071139e643ace9ac59d979a83a3e6

                                                                                          SHA512

                                                                                          a03e0adfedb3fcde6ffed28a0c0e4512a011b8c4f1c312b30ebc88613f24553efd49b291d32a1e3af1488c536d37e1f559d39158d3e3f4bca08bccebc6727783

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          ecd5800598b2a541575be98d3d47bcd2

                                                                                          SHA1

                                                                                          e8d59cbf23ed62eb0e4afe8c186effb365f0e66b

                                                                                          SHA256

                                                                                          f0bd25725f15a5cfe8c5e160b09fcbb3f6ec6464576951c9f7bfab0447620444

                                                                                          SHA512

                                                                                          eace60930980525faa22134f8f3fff0291faa93188c5f9702efbb4c2fab9c5d35a8bfe857c6ea28a172c02adc7dc51526ae951aa4b42abf99d18291b3eb66511

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          127adda43e38df3e6ed637e7a35ccb1c

                                                                                          SHA1

                                                                                          3e33127bf7d13c48895510e41b0e9a0484ceb62a

                                                                                          SHA256

                                                                                          e849cb1d34077a5e8ac7d5e7c5039178f05cf6172646dee6d81181465c015ac1

                                                                                          SHA512

                                                                                          2ff923a4eaa38315deeadfb308db63e56229f37caac5d3092ab81c69ac31459ad90f4a097dce3cd9729de57e8af9adb551e95c07d82f5cbeb65bf7b00a1dfb6b

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

                                                                                          Filesize

                                                                                          2KB

                                                                                          MD5

                                                                                          8c54498215b14014c42a748cd41defb2

                                                                                          SHA1

                                                                                          e1124d4ccc6b97863ebd148acf75974cc5494b48

                                                                                          SHA256

                                                                                          1a9e0b952a9bf0d784c6e2458e26b1c7f591afb78ac38b1d41b7b7aacbd6aa34

                                                                                          SHA512

                                                                                          87f9d41e9c33c6ac8664ce4c7a84ef5c963cd1f3a40ffc75ec010691b9426a24d095efff8b4213d15fb64811010ef9dcae5e5f4cdc3c627ce2408b4f5751f303

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

                                                                                          Filesize

                                                                                          4KB

                                                                                          MD5

                                                                                          f6b5b9201db1a6ce11e1cbe3050b1175

                                                                                          SHA1

                                                                                          e262402a132b62e75b1c0f76a37f696d3d33fcae

                                                                                          SHA256

                                                                                          edb4afe1fc42d7af19fa9af9c17d13db22abe6c9a907ebcc369feb0e453962be

                                                                                          SHA512

                                                                                          52979672bc3184b29f0ae008cecdc9577007a475c22988844c09a131ef9ba2c5e26f7acb6162fea93167b2df030ff557710db48cad9cc0c700428be0a4e799d6

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

                                                                                          Filesize

                                                                                          7KB

                                                                                          MD5

                                                                                          afb962661ce920363bc84d7b6f4fbf51

                                                                                          SHA1

                                                                                          c78826a9ca72785bbd5f6e646494b7f51657612d

                                                                                          SHA256

                                                                                          38f0695432665bc237eacab9382a8890780d381a58f253888180dcc0f275bf3e

                                                                                          SHA512

                                                                                          1472abe1ea9c50258d63cdc93b2f833756a17e58afa00a45b0e78e3117128d8569daf88e7ecffbcd7a481a3cd477024666bbeb94e724f05d3277b2df6b7b79a8

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

                                                                                          Filesize

                                                                                          7KB

                                                                                          MD5

                                                                                          29700cee0e07178eabffa5f542890ccd

                                                                                          SHA1

                                                                                          70b52731446645d34a05098e508972c0f51858ee

                                                                                          SHA256

                                                                                          b2194d063a05299baf8c924312030debbe8875d7a0ab4d648e50c913d8363491

                                                                                          SHA512

                                                                                          4094f04ebab32f23c78df0c4b20e8d52137f6ab01da56ca54429f153afa0b7b18276ade2255bd970fb6c29b8380f65fc3206f7ceffe2d832550a0e23ec034c2d

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

                                                                                          Filesize

                                                                                          7KB

                                                                                          MD5

                                                                                          fc015a8867b79dadac7a30b7b1a513e0

                                                                                          SHA1

                                                                                          664215a5978a73f33854201abaff11fa28de85a3

                                                                                          SHA256

                                                                                          3e71b9ac6c43fb252fc4dd831357eb8072ddce4ca33828b70c1088c7953dd99c

                                                                                          SHA512

                                                                                          1e1d79d1d5c71ba33654070fcc2b14e343305c85301c242151efee4ba761895188b54c62ab0fa82e8c61cca013299f02fd83da29ecdda06f0639512006ca5159

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

                                                                                          Filesize

                                                                                          7KB

                                                                                          MD5

                                                                                          6a9674849ec1d431e255b22832852797

                                                                                          SHA1

                                                                                          7bca88a07b13556a807061d051876998c5bec84a

                                                                                          SHA256

                                                                                          b5b55a0617412988c59a8315acde178ed7ddeb48403a5442077641ef19dfd628

                                                                                          SHA512

                                                                                          86f12e42a9bf116f00d9f32ba3577292b627208d4bff40f612fabba5cfe464315e7884cc680acc4a9da3e5b7bac4063f2867d82487ff59cead841ad633238873

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

                                                                                          Filesize

                                                                                          7KB

                                                                                          MD5

                                                                                          27512216ea6576bf7a4e9e6e2caf30e2

                                                                                          SHA1

                                                                                          2c79df68f522663b2c7a7b856ced1f6a2592f555

                                                                                          SHA256

                                                                                          b29f96c2f0622aa64bc3983877efd95aa18ff29f7160a685253838d4974fdc4e

                                                                                          SHA512

                                                                                          f40c3b7d919505078af58f5c7a89a44ff3e0b80e17216e87cc7ff2cdbde4939dc6aeb536fc8947acfd8161e8368e87d1d9553f61acb377e4708335f73a5973da

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          afe050acd9d2370a2a51afec96d73656

                                                                                          SHA1

                                                                                          14ac24e7aabffa1730a84db723a239dd53b8b5bc

                                                                                          SHA256

                                                                                          b843a337d984621643a92f3144d31dad01235053910cd460dbe84407a1f61b83

                                                                                          SHA512

                                                                                          2d33647c56b9fdfd106c66425243b292afa18225b873564afef8fef0261205ea3fe06dfd1ee29de3ded478c75cf7f0c8c3af9f79e2c3955f6ef63bbb179955d8

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          d4e178d87262fb9753d0165c4f07717f

                                                                                          SHA1

                                                                                          ec860fee001a8ec507b5431eabbecbbf518d855d

                                                                                          SHA256

                                                                                          8ab0b14f51ca32168626fccfe011d2059646054dbc2fa8f792edf111d71f73e0

                                                                                          SHA512

                                                                                          f3aee05aa1f082daedfbafb25be66ccda12f2bf464b3cc3921d91e41cd1d5892220e4b6c454e0923369bef1368d19dfc2e7345101a900c2d081deff78a28a2c2

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          77bb33a24edd66a3d2245c5d7f2fa5ae

                                                                                          SHA1

                                                                                          1aec0a4738a7c4bc55cc59cce1b51b6ce072be7b

                                                                                          SHA256

                                                                                          27409d2ff141d11b174931c687eeb69b9175c076970d29f39e0f6225850770c1

                                                                                          SHA512

                                                                                          78f9772247c61782e38f8f4c453a5e74e542c68b51d2dc54ec2a3d86eeadb8d05095880edb30fa6754d6c2eaffe897827db22d5c20f53b6fe96da26025a361c5

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          dafb7153d02e156f1bcdb7355bad84ab

                                                                                          SHA1

                                                                                          1ec1976bf7ac0651d413818707a1ac66a29e3eee

                                                                                          SHA256

                                                                                          b859f122763c14991c0e121fb8fa449dc21d2033128704d889f2dec79b82ec4b

                                                                                          SHA512

                                                                                          7807d287a75e837912e271b467c3f268f1478236f307e80141e1585ffc8369194bb58a5790832b55b40301ade5c80da876891ed693e7a24cc1e1b9e828e84c7c

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          6780262c0a2a445f72cd95717dbf438a

                                                                                          SHA1

                                                                                          dcfcb911341ced36711f5e4f42beea94e0a694e0

                                                                                          SHA256

                                                                                          cd57ecd68076b017e83dba82cc883347883d1e96893674415e9034a6eeef8a9a

                                                                                          SHA512

                                                                                          8f4195d791a1195fe5b50c165f629d64cee8563bafe64426a30ba23340aa61415754759c150350ebc5c86483292c41e129845808542f29f58f135b7772785c41

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          5d4ed220afefca6d51b89f0a3120855f

                                                                                          SHA1

                                                                                          dda9809c484de60e4638e4ff2e29ddbd47d1a9b6

                                                                                          SHA256

                                                                                          ce6d9c85ea55e20b887404fab6659e3e92bf043d61b649020f424d1a767e7524

                                                                                          SHA512

                                                                                          7ceb7b6d97f85490cd91d0e4df774954718ab379ac61fb296dcad8e100e45a2e5a52fba7f8fc66054988af63c3b6c599834e2bd38c0efbb6d2fae79ffb4d639c

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          ef538acc79b30c2f3c92c6507f799187

                                                                                          SHA1

                                                                                          59882d6973a1d56fa806d43de00991a5d50bd65a

                                                                                          SHA256

                                                                                          8afa878dde26c8e7f32172f0ddb0f98d0ca782814651be6d46a20444afc15f38

                                                                                          SHA512

                                                                                          f94e42f9005ba346d5f0044f0a21b0fdb94d8efab32eb9da96b328cb5fd757a480e63d419bcf1b2294b69eee590be21cbe892885f86732972bbb13e3a6f854bf

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          7d728264818ece4d31138bca3a79d339

                                                                                          SHA1

                                                                                          d2b67b6fb059a17112adba5ac9039ad93d816586

                                                                                          SHA256

                                                                                          51f7d398851f969b3aef10e97536eaee6a6284310beb69ec0dd42fb4017ba9a2

                                                                                          SHA512

                                                                                          46e228554fd02a03633a25d29a2aaad2916ac53aad038d8180d8ac6f5d026f2ef0f661acf6aa87ee404e14df10d95029ab9bd8b87924dd6797d6d143c78c9710

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          6a9eaca557db82f1e33f0fee64eb5557

                                                                                          SHA1

                                                                                          9aba1c865ad9178b8f420667cb728ebb6c355346

                                                                                          SHA256

                                                                                          ccf6e20f8af67722b40d7716bd3f8f57fd6721193b1a167b7d34018f27c2803a

                                                                                          SHA512

                                                                                          79e9b835f1a17830c3576a622889f30c547df15d19800e9a0909a900c115132fb0d974e2a201303e4f4b70da342e79f45bfbecbdbe6c8ef0c699be2910a71458

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          9918d9507a7bed49077c44e84c476861

                                                                                          SHA1

                                                                                          a0c76a551f7e6d1e0a57f359ef220e1ccb9f7e41

                                                                                          SHA256

                                                                                          3b0e2fe1734a9d2cc028d0c11ac95a088d9538a6c35f3bc5b078c8ea8a50d4bd

                                                                                          SHA512

                                                                                          f1f9cbff0e11f8642f72bc4237eca2a13e199878f76e468c416591ca7ca518c154cb30e510027e6062a04999ab59ebcc79bb1f68b11e8c8c9246ba5fdff9c7b9

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          894c03ecc9540e813ca0c0764a146af5

                                                                                          SHA1

                                                                                          6f4811da74e575ee841d454815504d14317fd728

                                                                                          SHA256

                                                                                          140d9a999f4af5947341a892275b1b4b4eea02fdf902d3cb984076b4c431c8ce

                                                                                          SHA512

                                                                                          ac8ecfe90483c76c7b0ed628adb4c3dc94524888872599bf6c48a2952a6f96f4a52b09e70c0a704d19b25f5856329564f7743831e8a35e0e76edf3aad9645808

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          95276bdb2d72a931afcbf2f1e70e05b3

                                                                                          SHA1

                                                                                          8625c9b2157bb42421e3b13fcf14e15f6548184c

                                                                                          SHA256

                                                                                          89725b9281c647e58903dcc0df260b8407ffd398ad2a4dbdbf14daf01576a82b

                                                                                          SHA512

                                                                                          2caeb10c3cb97317bc560b0f2b642c8348a0d6e792c6c41068c3347cdefc1a17feeccb46ec22068574d085e1da2b13c93b778e70b24b50a2ea1e748a698d76bd

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          b955bbf2fa8937afa88f3c77dc8353b0

                                                                                          SHA1

                                                                                          482fae3b035f8fb2f105995434e471f0bfeb05f2

                                                                                          SHA256

                                                                                          1c6e9956a78d2c510fb65f059be0b9b37347e606e7e527895d44a232d47a9f9d

                                                                                          SHA512

                                                                                          6a48aa5beaa3e5f766e311cc11cd06fb294e77ad8fd7cda655a74460fa1f2d40d3888dfc9f245eb7636759452ffef8d5d4c40088a058b7e4413bb3c7d64b3edf

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          76240efbfc36cb4b32892259bb161063

                                                                                          SHA1

                                                                                          ad92bdf95c9e78731d551d9018bce638c1f3052b

                                                                                          SHA256

                                                                                          490daea9ea72fd89aa899a26ea4c7ddc25f65efc82c7ea9fc6454214ef1b4608

                                                                                          SHA512

                                                                                          ecce93e3a12f58d65f7465fa60d15b2ae99c86387833f11f75d9f2f1920dc74a1c6adf92d96fdb743d37e04e0c5306c5bcbf2229ba95f0ea83f9f9ee2c157d88

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          9f3d3138e3d2354df25f715dedf9cf8a

                                                                                          SHA1

                                                                                          46d2de4e5d5199444e89868f320332e62019f62b

                                                                                          SHA256

                                                                                          50f8859e81e3f43a83cdaf4a6d042b7e29f7328ad3bd46310e5ff8f9102815a9

                                                                                          SHA512

                                                                                          57ae211643a87f50a4b050b81f4f4c914f1daedb08a81b8b2e1591059f8561d1a4efd17d5716c716d8fc36e82f2bff27ad2f18753e7a47a278a3fcbb15c54e15

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          1138541e20e4b146f60b1b32a1d601bb

                                                                                          SHA1

                                                                                          f06230b2d22c6a0ffb4268dac05566f231f1d16c

                                                                                          SHA256

                                                                                          59bea7d6a8c0d38692fc03c59600cdaae1736a8025738cd2b31eb8020dae147f

                                                                                          SHA512

                                                                                          d7381c5e083df4862b29da17fa44c684a3eb145a359aefc25e050463b7858acd032bd43995d8f4c14bc12bd2a4c58724fbef0a26eb75c22e519ce7324e2aaed4

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          8998a29f002c7f7e65f54e950c92a52c

                                                                                          SHA1

                                                                                          cec13cd76f6917ffc8cc75d8f4a0a5f08321210a

                                                                                          SHA256

                                                                                          58430a378b16b2b43c3beaf998629d28ca22a0c5bfd9b97e315d9cc8c7f65b9f

                                                                                          SHA512

                                                                                          96b966dcc681057faa25bad5536b3da5cef07089300d113a7da2e7231eea337883826fa21e9e35dafc603bbe1ab88a4a68ebdeda83a841d0a8d5c51de7b4a07c

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          8df1e23831b0a96021d47ee08ffcda80

                                                                                          SHA1

                                                                                          95a52e4dc5f5670ef384ef2fb9ec38d1ec27fd58

                                                                                          SHA256

                                                                                          bd3dd990f3bf08b38b903e467c919f72bf0e6ad39920697455dee3cf39bd8bd9

                                                                                          SHA512

                                                                                          c9d5740e113e23c10431181a610f36047c4f95ee3860c0d2652689c378f27577fe82475629d6248f95482e013111f9e94bfd44fe25bb9fb93206db883224e2b1

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          03a7cb2d2c98ac14e2678b40cf62b8ef

                                                                                          SHA1

                                                                                          d06f4114521fad70139e110a32408d6d311b14c6

                                                                                          SHA256

                                                                                          2fea51979eac90aa8cb988325daf0258dd770203d10cf5ecd501195c8c236e1c

                                                                                          SHA512

                                                                                          a5aa734dced73dc2cf7d0bfa703bde8ac8fd9a6317fabd76a3a02ae1ca082c6f79a2dd2b067c5ed715bfb5673530b6b3b7f3a048f874814f44d434c8603f935a

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json

                                                                                          Filesize

                                                                                          125B

                                                                                          MD5

                                                                                          e759027e8ecf049029da7208b3c04ab3

                                                                                          SHA1

                                                                                          a37ef59d78c2745e7c394069753a90321ac289e0

                                                                                          SHA256

                                                                                          df10de8dfb99c6a74914853992661aa3fc5fecbfa169e92116d2a4b47d0793cf

                                                                                          SHA512

                                                                                          35afededbb2d5445e992ca004624c7b72500ace074630e9a8f6d66915eaa73663931fbf0731eb0d18f706964cc2c694f682cbb7b146a00aa585dd4b8bbf01920

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D22.tmp

                                                                                          Filesize

                                                                                          1.8MB

                                                                                          MD5

                                                                                          804b9539f7be4ece92993dc95c8486f5

                                                                                          SHA1

                                                                                          ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c

                                                                                          SHA256

                                                                                          76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b

                                                                                          SHA512

                                                                                          146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D3.tmp

                                                                                          Filesize

                                                                                          116KB

                                                                                          MD5

                                                                                          699dd61122d91e80abdfcc396ce0ec10

                                                                                          SHA1

                                                                                          7b23a6562e78e1d4be2a16fc7044bdcea724855e

                                                                                          SHA256

                                                                                          f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1

                                                                                          SHA512

                                                                                          2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D9.tmp

                                                                                          Filesize

                                                                                          4.7MB

                                                                                          MD5

                                                                                          a7b7470c347f84365ffe1b2072b4f95c

                                                                                          SHA1

                                                                                          57a96f6fb326ba65b7f7016242132b3f9464c7a3

                                                                                          SHA256

                                                                                          af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

                                                                                          SHA512

                                                                                          83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

                                                                                          Filesize

                                                                                          4.5MB

                                                                                          MD5

                                                                                          f802ae578c7837e45a8bbdca7e957496

                                                                                          SHA1

                                                                                          38754970ba2ef287b6fdf79827795b947a9b6b4d

                                                                                          SHA256

                                                                                          5582e488d79a39cb9309ae47a5aa5ecc5a1ea0c238b2b2d06c86232d6ce5547b

                                                                                          SHA512

                                                                                          9b097abeafe0d59ed9650f18e877b408eda63c7ec7c28741498f142b10000b2ea5d5f393361886ba98359169195f2aceeee45ff752aa3c334d0b0cc8b6811395

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

                                                                                          Filesize

                                                                                          5.4MB

                                                                                          MD5

                                                                                          956b145931bec84ebc422b5d1d333c49

                                                                                          SHA1

                                                                                          9264cc2ae8c856f84f1d0888f67aea01cdc3e056

                                                                                          SHA256

                                                                                          c726b443321a75311e22b53417556d60aa479bbd11deb2308f38b5ad6542d8d3

                                                                                          SHA512

                                                                                          fb9632e708cdae81f4b8c0e39fed2309ef810ca3e7e1045cf51e358d7fdb5f77d4888e95bdd627bfa525a8014f4bd6e1fbc74a7d50e6a91a970021bf1491c57c

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm

                                                                                          Filesize

                                                                                          335KB

                                                                                          MD5

                                                                                          8fe32009056c02b97598df10c491a849

                                                                                          SHA1

                                                                                          d6df776478d6ba453553e209caade04a9530affd

                                                                                          SHA256

                                                                                          8a4eb08c10270b7788679b9bd373140fbc9c0e2cf719bd8b2eaba918be0ad1f4

                                                                                          SHA512

                                                                                          38426667bf93f570a2a906690d62cbb5cfa3883edb53804e1f3e461809bd64b486068132053a86ebbdb706e9bd22b7250a11217a8ef8ca7a1765ff2713c85350

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

                                                                                          Filesize

                                                                                          20.1MB

                                                                                          MD5

                                                                                          e53bc4cc5e1a2f91f3ebef0eaa13e8db

                                                                                          SHA1

                                                                                          f57df69f04492cb287a847e3126104e5863f1d02

                                                                                          SHA256

                                                                                          6075fe87a1cadbe820d0fdfcc46f3cab1afbd7cc43b3786bf1769feb75b819cc

                                                                                          SHA512

                                                                                          30dc51a34e9fa64d0cc7d94b56b45ec68718734c5cef569fad2d63bcd01fd23ecc0add59586ca90671d6d3728736521211281ff2b24cfd15c01bf524ccabc4f7

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin

                                                                                          Filesize

                                                                                          995B

                                                                                          MD5

                                                                                          a8e4820e175f7d9c0f37c4f63bdf44bc

                                                                                          SHA1

                                                                                          e0aa265a99ceb65255ead59d54ab2e044c7f63ef

                                                                                          SHA256

                                                                                          4c2d5ddb9c89842b4c0aa4289c62aa67d7480400b95b0bb9be5581576b680a6b

                                                                                          SHA512

                                                                                          68a717c19a8f3532ff8bf3fae6d28a081939618c0f49da8c2cb8c14a9b563cc8dfd3b22d1d0f0e3aec8bd79207f46f3ecb0c49f5caf4fee2d570a5d1917df0df

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb

                                                                                          Filesize

                                                                                          14KB

                                                                                          MD5

                                                                                          68633cf09a383e9bd6fedd2730d4d4f2

                                                                                          SHA1

                                                                                          f36fc3026d42738f614a429fb8d68966c0508654

                                                                                          SHA256

                                                                                          c6f45e2f1e6befad211ef91bb30398c8cef8e71e2d1bf82812af1044dff9d32f

                                                                                          SHA512

                                                                                          d57699c9ad4dfc4038593de92d1bd87e0fe3efe47f8f953e8f68316adf1cddca66d2bd0ec954c0671407980e7b83f07dfb151206defb1eca7f327499d834ebe8

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat

                                                                                          Filesize

                                                                                          924B

                                                                                          MD5

                                                                                          15285e0259fd1758025c1ffa083f220f

                                                                                          SHA1

                                                                                          91244a5a77b6ac640faf88876c63227f98849768

                                                                                          SHA256

                                                                                          52a41bca3f2eee3a158665d0217d52477e4b055e4f03179b7f615746b195e484

                                                                                          SHA512

                                                                                          361c6e3233397361bbdd44e9d6128a0062773ef4effcf25187e6fb9e496d07bdc0a6af35828b1b14ea8fc08f1ad4e5bf91b584170deab316448583ddc701a5ba

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat

                                                                                          Filesize

                                                                                          39KB

                                                                                          MD5

                                                                                          10f23e7c8c791b91c86cd966d67b7bc7

                                                                                          SHA1

                                                                                          3f596093b2bc33f7a2554818f8e41adbbd101961

                                                                                          SHA256

                                                                                          008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc

                                                                                          SHA512

                                                                                          2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt

                                                                                          Filesize

                                                                                          23KB

                                                                                          MD5

                                                                                          aef4eca7ee01bb1a146751c4d0510d2d

                                                                                          SHA1

                                                                                          5cf2273da41147126e5e1eabd3182f19304eea25

                                                                                          SHA256

                                                                                          9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f

                                                                                          SHA512

                                                                                          d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

                                                                                          Filesize

                                                                                          1.8MB

                                                                                          MD5

                                                                                          00bb4872fd3c456f23b2b00a679b3890

                                                                                          SHA1

                                                                                          b2f98fc663e37bbfda7398079d4d483d862256a6

                                                                                          SHA256

                                                                                          1bbaa5b2a9e7423568aaaf7b6c2939a6ea784e0b8fb5e428b6e7423927e0c9ca

                                                                                          SHA512

                                                                                          eda71ee5c4bb9490e9a303347180e94425f2228476a45d983ee4ce5ff1c84b60c359ad29d545b0bcc8dac0aafc6cf0d4297560bdd2e68587aeb0137de61f19ae

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat

                                                                                          Filesize

                                                                                          514B

                                                                                          MD5

                                                                                          5016024d2aafc3842dcdc934f5f3952f

                                                                                          SHA1

                                                                                          9538432bf77f3305e7e13df8005fe8da2e7dbcc1

                                                                                          SHA256

                                                                                          e5fe66aa5a1b2060b92db5ebc8c2694b4abd4276b48b6abb0d72a69cd4d5c63c

                                                                                          SHA512

                                                                                          8ff79e34739358739cd0547343911a2e9c47ef9378d682fd6019963c408ea4db37a59b4c8593b69d3252dc88ac9c8306658c8dbfb664363331deb43322e314e6

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb

                                                                                          Filesize

                                                                                          24B

                                                                                          MD5

                                                                                          546d9e30eadad8b22f5b3ffa875144bf

                                                                                          SHA1

                                                                                          3b323ffef009bfe0662c2bd30bb06af6dfc68e4d

                                                                                          SHA256

                                                                                          6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f

                                                                                          SHA512

                                                                                          3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb

                                                                                          Filesize

                                                                                          24B

                                                                                          MD5

                                                                                          2f7423ca7c6a0f1339980f3c8c7de9f8

                                                                                          SHA1

                                                                                          102c77faa28885354cfe6725d987bc23bc7108ba

                                                                                          SHA256

                                                                                          850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55

                                                                                          SHA512

                                                                                          e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

                                                                                          Filesize

                                                                                          9.7MB

                                                                                          MD5

                                                                                          eae498ef7101deeca3e8c07c87d715dc

                                                                                          SHA1

                                                                                          64c704e82ee4f7eb672f4a75918c18d51eedd87c

                                                                                          SHA256

                                                                                          e3336ae362842ca94c93339c2c095cd5b6b4b27bdcf455007d0cc5354bc1bd5f

                                                                                          SHA512

                                                                                          fd171ec6a59be58b79d9f34769ea0dd3dfdcd58a1c76b9ea937a08ce7c5578e838ce9aa7cc4b4fcef4aeb405661f31e82e9a5e054ed16811f008726ad6b0db1b

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

                                                                                          Filesize

                                                                                          528KB

                                                                                          MD5

                                                                                          a8de0cb6e0103dc9dc9f1a7f4f35f819

                                                                                          SHA1

                                                                                          27674efbfcc8975b4a372742b141ddce47cb540d

                                                                                          SHA256

                                                                                          87bc58ad3b68b87620c543f54f1e5ecbbb49b7468aa7c271a6d9ab95ac9beefd

                                                                                          SHA512

                                                                                          6688449e115b0403e08cb24c61f961c74c27cfd6609af360c251eb446d294e42ab1323e34a4e3992020d8c7fd0e8002fb7b96329cdf9c486910508d81429a072

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb

                                                                                          Filesize

                                                                                          812KB

                                                                                          MD5

                                                                                          a4c6180d6a7209b39f9ffb2cfe2ae0f6

                                                                                          SHA1

                                                                                          b78a5b365295ed3dd40ff22b0bb9ec547a5685a1

                                                                                          SHA256

                                                                                          5893f0a5eef19afa9a72d07566b5b2291b40c251264f02c98d6b140c7293b8ca

                                                                                          SHA512

                                                                                          baeaeb90a49555858a0e4855b7714607a836f5d8bb1c3fc8d5ac03c3b50ab3c4fd39b4ab4d824eb343e262c9496c208368dc87e7e55e72886dda15b16f3a3b72

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb

                                                                                          Filesize

                                                                                          166KB

                                                                                          MD5

                                                                                          be14ad57c940eabbe886143187e161c1

                                                                                          SHA1

                                                                                          b05d2661863a6ccbae4ee913efb401cf072904e1

                                                                                          SHA256

                                                                                          8181b88e870da5f0dc848e32a35eb5663781b026dd596844e02910ea29e94757

                                                                                          SHA512

                                                                                          29e295c7b107c6e8e2d406e874a91169fd7356165fe5d22603e3212940d917605ba7954be34353a5ce3137b63ef33080f5d8db0852d694ccdc38ccde0d207c61

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

                                                                                          Filesize

                                                                                          23.4MB

                                                                                          MD5

                                                                                          fdd03b6f2a274b6fb1cdc48d9366466d

                                                                                          SHA1

                                                                                          ff65c21ea4d2b9124174ca24a3d6d7dd30cb8e7a

                                                                                          SHA256

                                                                                          36d0eb5f7696b7e227f268a268bf121de65f3df675306447c1824e5b41295e31

                                                                                          SHA512

                                                                                          c5a7e72548e2ef415bc29814e8b2d1e738383f446784fbafce5882bacce5ecf889704c4e55980cd1ff14ab3bad3958ddf0443febe79dcb41a81fa43e3559b9aa

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat

                                                                                          Filesize

                                                                                          75B

                                                                                          MD5

                                                                                          e71f2368a0b7cbd09dbf3453b1a4661e

                                                                                          SHA1

                                                                                          0f1114b55a41e88e6c13636a6db32c02a7615d64

                                                                                          SHA256

                                                                                          887af2346f87c4e89434eae1a3aa8cce36b5c02717221d71059bff8f149b7799

                                                                                          SHA512

                                                                                          8617f18097c10ef892fc95178f75d9041755e6747200759be9c5d35c336db0d1f86950a8b0ff65a10d7d5bd621e9d68e49d2ecb6881c3dc2e705c91e97877eb4

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll

                                                                                          Filesize

                                                                                          2.6MB

                                                                                          MD5

                                                                                          52c4aa7e428e86445b8e529ef93e8549

                                                                                          SHA1

                                                                                          72508ba29ff3becbbe9668e95efa8748ce69aa3f

                                                                                          SHA256

                                                                                          6050d13b465417dd38cc6e533f391781054d6d04533baed631c4ef4cea9c7f63

                                                                                          SHA512

                                                                                          f30c6902de6128afbaaed58b7d07e1a0a674f0650d02a1b98138892abcab0da36a08baa8ca0aba53f801f91323916e4076bda54d6c2dc44fdad8ab571b4575f7

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\expapply64.dll

                                                                                          Filesize

                                                                                          473KB

                                                                                          MD5

                                                                                          76a6c5124f8e0472dd9d78e5b554715b

                                                                                          SHA1

                                                                                          88ab77c04430441874354508fd79636bb94d8719

                                                                                          SHA256

                                                                                          d23706f8f1c3fa18e909fe028d612d56df7cd4f9ad0c3a2b521cb58e49f3925d

                                                                                          SHA512

                                                                                          35189cc2bf342e9c6e33fd036f19667398ac53c5583c9614db77fb54aadf9ac0d4b96a3e5f41ec7e8e7f3fe745ae71490bdcf0638d7410b12121e7a4312fae9e

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe

                                                                                          Filesize

                                                                                          5.9MB

                                                                                          MD5

                                                                                          9761279abf322b5679210cdc11ccba78

                                                                                          SHA1

                                                                                          e3956b256a2d34f2326f9956129a2d2c098dbe01

                                                                                          SHA256

                                                                                          73514832c7e23866058fc434ff282be593357f086d84550299c3ed3bc540d221

                                                                                          SHA512

                                                                                          f1ecd3f05dbd1cbfa3086ff4c21c957ab720f7786db32a3435d9333508112a767fed8f289a33c7c7799931d9ed1dbf248aaca6bfb444e351b763341f3b435c89

                                                                                        • C:\ProgramData\Malwarebytes\MBAMService\version.dat

                                                                                          Filesize

                                                                                          26B

                                                                                          MD5

                                                                                          14c0edf2f8fb8c7259bb351c281dfbb7

                                                                                          SHA1

                                                                                          bb48bcd5efe065f13b2eceb3b29198f8c1109c8f

                                                                                          SHA256

                                                                                          37c30323de24022ffcb5b442310c5e39f5dcb4b9cc23aa6897019ac223196c2c

                                                                                          SHA512

                                                                                          4fa8385a7f80693366129157eba57e7ed58ddeae5163a958e515dd643030cd0170e11ba6f16888a637f2c60e0024ab8ab811dfe7bec977c6a5f5646c05d8d994

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                          Filesize

                                                                                          152B

                                                                                          MD5

                                                                                          9b008261dda31857d68792b46af6dd6d

                                                                                          SHA1

                                                                                          e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

                                                                                          SHA256

                                                                                          9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

                                                                                          SHA512

                                                                                          78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                          Filesize

                                                                                          152B

                                                                                          MD5

                                                                                          0446fcdd21b016db1f468971fb82a488

                                                                                          SHA1

                                                                                          726b91562bb75f80981f381e3c69d7d832c87c9d

                                                                                          SHA256

                                                                                          62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

                                                                                          SHA512

                                                                                          1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                                                          Filesize

                                                                                          209KB

                                                                                          MD5

                                                                                          3e552d017d45f8fd93b94cfc86f842f2

                                                                                          SHA1

                                                                                          dbeebe83854328e2575ff67259e3fb6704b17a47

                                                                                          SHA256

                                                                                          27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

                                                                                          SHA512

                                                                                          e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                          Filesize

                                                                                          3KB

                                                                                          MD5

                                                                                          97d7ba923b3fa3ead3b4189412329771

                                                                                          SHA1

                                                                                          a3cb843f9aa1f47db8a8e3663533ffe334de63b1

                                                                                          SHA256

                                                                                          975c6be9a69641bf4cdd717bb19e560ff2910d8b6033e43821b831eb03b408be

                                                                                          SHA512

                                                                                          5706ddfdfcecfbbf2863ccf6833accb6ae46351d7abe9da650a5b90fc71605f35477966b1bc1e087506b8716a1d67270b77975934920e4d827462241c4e23427

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn\3.0.7_0\_locales\en\messages.json

                                                                                          Filesize

                                                                                          73KB

                                                                                          MD5

                                                                                          81449a1b908c124963a44dd4b5cf673a

                                                                                          SHA1

                                                                                          12ba4dfa1266512f328625803f450a68c5e695c2

                                                                                          SHA256

                                                                                          0307c9d18530e27d5c83b905b741f0bb2a92b8d8dfc830e4dd7c90f15349caf1

                                                                                          SHA512

                                                                                          10260357ad81b81bfd27a68bd456703f1d887d42c72d6543243e6bf91679d38ad74624075caaaa2bd5eedef9d1e64b0cbf95b2d43d7eb35d9374bb02372fefac

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn\3.0.7_0\manifest.json

                                                                                          Filesize

                                                                                          3KB

                                                                                          MD5

                                                                                          3063bf8c8f142b4f1e65af3ccbf76f6b

                                                                                          SHA1

                                                                                          135aeddae1e8125cd36b8ee51e8698ce17aed4a9

                                                                                          SHA256

                                                                                          862bf5cefe9664d1a30adece566185e71e8e8c6ddd2e3f6d4dedf7f8b97f2d85

                                                                                          SHA512

                                                                                          1e3390f0c5048dc5943c3128d78e4e7a3d9c33881543595bd4d5156a149c29a2e8c85990f15d39c7ba5a13a9c864b247ed78cb98fcf878b1a4e7643f0f9d7151

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                          Filesize

                                                                                          3KB

                                                                                          MD5

                                                                                          fe5e6f5147fb83e5922d8a305bf97d98

                                                                                          SHA1

                                                                                          1c0dc077a437fb3823693497f3b4a843baaf19a1

                                                                                          SHA256

                                                                                          c7f351a380a3f454588ee82c7f5e98c990302415fad08a839ee4edd0ab62a6f2

                                                                                          SHA512

                                                                                          9817bb0868e646df6b846ccdc2df012349cac2259370d2aa0ab1e965772818e5b622283ed0670ac987e0f3b519eb3d144b758ed8251dd131339272ecb3a2dd37

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                          Filesize

                                                                                          3KB

                                                                                          MD5

                                                                                          01990954fc90858078f0f364ecc6fcf3

                                                                                          SHA1

                                                                                          73a4f1d169228cb4c955d8c66413086c308a9aed

                                                                                          SHA256

                                                                                          1561c7a5b32540e7be6daefbc9d5d0f40b39d6ae0caa2af576744e08c34896f5

                                                                                          SHA512

                                                                                          77a55ca39a3b8771bb56bd08a20a87375b0fc82d8db8b73be6e84783708386fc159658a0c70b903b7e35a4c15ebd80d1cd68b5493d316eb54d18f6ff83f7e7f1

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          5KB

                                                                                          MD5

                                                                                          bca23a1e5b2c0a498d168e58cf859bea

                                                                                          SHA1

                                                                                          430642459f721f9502115b07c17641354828e7f9

                                                                                          SHA256

                                                                                          8c137a04c611559cb6c24c63096689e206db485b119bd15d99e3c2332c788263

                                                                                          SHA512

                                                                                          802a713a3674ebfd8c544a41ad298cd4688e779cc1d420ca09f1db3d4d6a1611bc265cbc58a81f7702521d54e01ff79af77d00837a738d177846b397db071310

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          7KB

                                                                                          MD5

                                                                                          b48556554e77d5e83a75d75ae87e5022

                                                                                          SHA1

                                                                                          73f4c5dc40b0b3aa147e761a463ab6fa8fe66011

                                                                                          SHA256

                                                                                          1742dd0481f31a226d6dd40f3ee409f677ed043c53c97c16b0e443cbd40ac78f

                                                                                          SHA512

                                                                                          84beb3c20f566c216a9a9f03a5b637850dc4b949b3bfc0b3998195ca9b21e00b0ce3f2681319a324f9b4c780344befc1c5a4df538cd4d245cf1ca0e98c437fb9

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          7KB

                                                                                          MD5

                                                                                          0aac282f730d8a146e69dd06780de4eb

                                                                                          SHA1

                                                                                          20a97252a62d1a2981c2b5092d9bbbc5198b4139

                                                                                          SHA256

                                                                                          5edee13d37887368363fee5db976702f40790c78c8fbf0a2080be6894679292b

                                                                                          SHA512

                                                                                          e792178cce1d6306c0bb78d9bb6c8ca755f5464010fdee9c31d7476e48be14a79d76da866ff25cc54e605bae624451d9948885e23cc4ed8dba47b072e8021aff

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          7KB

                                                                                          MD5

                                                                                          cda1f4078861d141b22210904d32e88a

                                                                                          SHA1

                                                                                          f296216d55c18dbeffd2981698855d8e85005401

                                                                                          SHA256

                                                                                          281f26b1d14d820844fb10a1c214270e9232f9ae37faa283631581df3840143b

                                                                                          SHA512

                                                                                          a2c2ec100689c588852dd77397e8266883dbb4453b7cd36c004818bc31773a17de913efa138befe9a9a1e446ec221be7bb9be145b6b8d4c29b29723ae6df9415

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          8KB

                                                                                          MD5

                                                                                          930d757091ec7263e6a71da40fc36c84

                                                                                          SHA1

                                                                                          4c50328e052c867135542daf224d9ae1ecfb6c54

                                                                                          SHA256

                                                                                          e47638dacb5263724ac5c16eadd46dd890f8019f56346e41e3450a536e953db8

                                                                                          SHA512

                                                                                          98e2039164d0d510a3b95d86f6db70f0125375c9a3418f4625590d4bacbbcebe602d6eb045e34b6c88829ed0e84ad2f14f633404e17af1e42e5a5120f726a1f6

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                                          Filesize

                                                                                          29KB

                                                                                          MD5

                                                                                          8df7db25a4c0d8c189b86c0f20b713fb

                                                                                          SHA1

                                                                                          9641d7d1533966bb8c531e45e1a0cc38c396c2b9

                                                                                          SHA256

                                                                                          936b961a0c8d2e8081e1cfad0f7e24940de0dd78c01d04b5bebf91de679882fc

                                                                                          SHA512

                                                                                          55883ae32f19ee18258d8825f6448e2017c231c4382ee47cabb8aabc1349160746e5a7c7ec0bd06629e55007ae6a92aaafc6b9b54f93a4a3e69e07143c5186be

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                          Filesize

                                                                                          2KB

                                                                                          MD5

                                                                                          1f500946d3d5430146ecb2024dcc4234

                                                                                          SHA1

                                                                                          8dcab1a63027f271af5c230046d1553aad8876f2

                                                                                          SHA256

                                                                                          c660da5c601d29ad7708014ba0c8f2374840d71744e3a00eedd9fd1948a996a1

                                                                                          SHA512

                                                                                          1def9f9760c9c5a9140a164413b9110e07c4af7cbfd04e6c799c0697cafc77e75708487273734821374625cca1add5041bf9c55cb9003e1e717dbcd48f66a036

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583cd5.TMP

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          0bd6ba14f7c46df38aaeac1ab3162209

                                                                                          SHA1

                                                                                          4eb5bd04e9609ad5f10c9ed4395d5c53d0278d30

                                                                                          SHA256

                                                                                          eac1c2ef8067dddc68e9c69ff1a3d449d986a92a279bb8bc81a2b03964e8e52f

                                                                                          SHA512

                                                                                          8622aec39873287d41d0c26a17747895ba2a324ce8bfb1b5371440098f3bf8cd92047c8c68e799604aff3d55c7362329dc1ca47fe838b3a25a9d2a41298033aa

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                          Filesize

                                                                                          16B

                                                                                          MD5

                                                                                          6752a1d65b201c13b62ea44016eb221f

                                                                                          SHA1

                                                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                          SHA256

                                                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                          SHA512

                                                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          a85b5a789f78d1bf673f764a367aae31

                                                                                          SHA1

                                                                                          9f327dd18a9caf06506713e4eedf04e9fb4abd4b

                                                                                          SHA256

                                                                                          61357951d451077e152f23e8e54d40b90b3031437173d45e98ca2ba0abe11eb1

                                                                                          SHA512

                                                                                          19e592243b39c9343ee8f6fb614895fd0a0ba33d523262fdf5b57be9d8f21c34691bb8a3e0c225bf50f9d48d8ef09aeb2090739944788d1e613899a799f5ba89

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          4abc1807d71a95c60c8c7126a329342a

                                                                                          SHA1

                                                                                          b0ccd2ef611b8b5d46c58d9b01aff0a8dae9b3db

                                                                                          SHA256

                                                                                          a860a759eb1331d968abe5440a911ac0e5542011d16e00929e0c984268203367

                                                                                          SHA512

                                                                                          bd8545ce9e3f49bf14d6c4770a2d7d863e046b8b4479d841008d45220da660e3fddbd2d3242a3f16e019d814548416bf34428a221b5e55398e07240407da0f39

                                                                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lirn7gz7.default-release\activity-stream.discovery_stream.json

                                                                                          Filesize

                                                                                          28KB

                                                                                          MD5

                                                                                          05613171da47bd4c5a45e6b83482536b

                                                                                          SHA1

                                                                                          fc9aed22759525f1246b15549a3d49a28bff3d5c

                                                                                          SHA256

                                                                                          fd8d1a992760d1ce6f08c04e38aa583ada5569a684a526615d2d7df3c408e2ec

                                                                                          SHA512

                                                                                          88f921f45f21e95daaefdc3e37031bc4bfa29c143969d405669f29c2f451c7a59cc30fb2a92e23cd42e0bd4da69afb6f2a919d6fcd186c29f1c4c811826183b3

                                                                                        • C:\Users\Admin\AppData\Local\Temp\mbsetup.log

                                                                                          Filesize

                                                                                          3KB

                                                                                          MD5

                                                                                          186aff6698196c2e29c69a1f1102f0c1

                                                                                          SHA1

                                                                                          f3b44ab9a10a3169feaa7f0c4f94ef7cfdc42526

                                                                                          SHA256

                                                                                          5f822a2a1816e3ecc125913b3ae6f0973219240f3a96f89a219545045acd4a2d

                                                                                          SHA512

                                                                                          e1b914e45f05083ab26f9f7b175627981c08453c38b343e581857c0759b23f991ae25cf1aff7d35b120fa0c256a08199b0f0446cb79d3958b115c24bae29628e

                                                                                        • C:\Users\Admin\AppData\Local\Temp\mbsetup.log

                                                                                          Filesize

                                                                                          4KB

                                                                                          MD5

                                                                                          8e1220c96e8b533b5a469e503890e4d5

                                                                                          SHA1

                                                                                          d227acdbb0a8f85a2c176b628956e9268d55d4c3

                                                                                          SHA256

                                                                                          455b08b64eca78ea300c6addee8adefaabc34c8bbd5c8747717c17e387ea97b8

                                                                                          SHA512

                                                                                          3afa2f117f72bd62b0d79ab2b27ca7774b3f3373af77fa3a0164c905157e83a378b4eb819a71ee176854fe5269b76c3883707e88fb3bd6c30cf0bdc81d0b415b

                                                                                        • C:\Users\Admin\AppData\Local\Temp\mbsetup.log

                                                                                          Filesize

                                                                                          5KB

                                                                                          MD5

                                                                                          8516ba70c695eea8e59eee48f190d5d3

                                                                                          SHA1

                                                                                          d42dcac7494dddf0080646e2d5df19374226901f

                                                                                          SHA256

                                                                                          32c0092b464f1d56f5f83fd0fde1df1f46e94e6fbe4d4c44fd4958477cb1d1fc

                                                                                          SHA512

                                                                                          4a6428838aadc956a7951c7c0db80a07ae30bc57719ae57316df2541340cd454a2998b3da088bfe9c5b8b6b4d22465dc4f5ccdf16683cfab6c081c97e0882f47

                                                                                        • C:\Users\Admin\AppData\Local\Temp\mbsetup.log

                                                                                          Filesize

                                                                                          6KB

                                                                                          MD5

                                                                                          86a7557a3a0c700be8d8e2a57b9a9248

                                                                                          SHA1

                                                                                          ae611550fa0866a5f7ed4a986bdca788158d68fa

                                                                                          SHA256

                                                                                          d9426e7defc3f443b5e84d9853684d11225f6d733d04097e09e42688f8ea15ad

                                                                                          SHA512

                                                                                          415b8732049e20392ce77f44f6faa87a6d246a63bbb6498ef17d99b409ec290268b8caa41bff0520acaecf7f443716a402756f488ad94edc09f5dbab3b661c78

                                                                                        • C:\Users\Admin\AppData\Local\Temp\mbsetup.log

                                                                                          Filesize

                                                                                          6KB

                                                                                          MD5

                                                                                          f062fb836af30fcc237576ea9f81238f

                                                                                          SHA1

                                                                                          884e12e91dc71dbc503736422b82f653fe7b1691

                                                                                          SHA256

                                                                                          600c61031edd8ecbfe09162e50b34377ab1b18bdf942dd4e05c6b4184e657d99

                                                                                          SHA512

                                                                                          9cfa30eed1de5722d4901aa62c9fa493f2844941e8b5eb14941d9cfd6a7e654f6d17a050770da75ceadfdf12fcf15254e1a5a23ee21d1c0c095a26a15e784ffb

                                                                                        • C:\Users\Admin\AppData\Local\Temp\mbsetup.log

                                                                                          Filesize

                                                                                          6KB

                                                                                          MD5

                                                                                          b611314c600da9ae0797e79c90ae439f

                                                                                          SHA1

                                                                                          393c37b15012b6569fce13a13ede02eb880226a1

                                                                                          SHA256

                                                                                          9579d1a084b5b4f36995b0ad7af0080125cf6e54826d61fd4a289296e3af2c3a

                                                                                          SHA512

                                                                                          ef011725f1cc3bea03936fdb150a8f5ce55bb7a61236b89ffca49845fc0c9c62d3f7fd9aad811c28430cfd5a8a1694c01070a0ec985065fb31253ef477644667

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\78e9b2af-689f-4e87-bd67-13cd5d759eca.tmp

                                                                                          Filesize

                                                                                          32.3MB

                                                                                          MD5

                                                                                          3fa8301631713857043933d22bff830b

                                                                                          SHA1

                                                                                          23d3674b60424a31a752e4c58338c0c89d838b89

                                                                                          SHA256

                                                                                          373fd27b19bb8c50ccc4189b2e86359a8e364d8fc3a16659ac50f6ec35c597ea

                                                                                          SHA512

                                                                                          e8b661ee0df9ed39c000926560657f3e938d019caf9e5d14894a282600a3eb8ef0405f5dded0317897c820023e43d035cc76c6a49d9e0b0f5359dd526c6e2123

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\38c6d8bab26db77d8c80.woff2

                                                                                          Filesize

                                                                                          39KB

                                                                                          MD5

                                                                                          0ab54153eeeca0ce03978cc463b257f7

                                                                                          SHA1

                                                                                          6ec6d36cb2464b4e821cfabb532f310bd342601c

                                                                                          SHA256

                                                                                          434466b59545a8a1cac6ddb38197cdc6b35995a98c3f3812fb88d61b1c300dd3

                                                                                          SHA512

                                                                                          f4b03963386fc05a28adc3905cdd361905bdbad1386ec8d1e8a4440af778e311bb46b41da4b46288291ac3c174d727addd62ab7c27513bca34079c6a2c3cadc2

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\425399f81e4ce7cbd967.woff

                                                                                          Filesize

                                                                                          49KB

                                                                                          MD5

                                                                                          faff92145777a3cbaf8e7367b4807987

                                                                                          SHA1

                                                                                          9c293328f39dc54bd654d273d0cc5af0d11905c6

                                                                                          SHA256

                                                                                          95b6a4840f8711ecab427bc236eb86098db7e5c782bafb139c8c30805aa5ffe1

                                                                                          SHA512

                                                                                          fd55e196c14d6482a5fdc8d43ba04c4e35935b49682688de96d82b85d10b95d8d1f639249cf9a1974d619ac9d3c5bf6cdcf76bedce35318e93e6859673e0d16e

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                          Filesize

                                                                                          77KB

                                                                                          MD5

                                                                                          7b7eeeebe008b02c1f88fc9f44229e85

                                                                                          SHA1

                                                                                          3919d61edb5628073d291e6483cf279ba42d8b7d

                                                                                          SHA256

                                                                                          29fa3f3bae25643f2e04e246a7b8db148935c066a19aaca05580aefe7eb93a62

                                                                                          SHA512

                                                                                          3d511d036ef312f55ba2a044439ca4c6173297fa99149aa822c92901ad90e49949950b259e83993fef40005e25768755c23beb7ceda4570d4273864f96ba27b6

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\a01e3f2d6c83dc3aee17.eot

                                                                                          Filesize

                                                                                          103KB

                                                                                          MD5

                                                                                          8e3c7f5520f5ae906c6cf6d7f3ddcd19

                                                                                          SHA1

                                                                                          b7de2e1d65766852486de24b36a46240f4ae5994

                                                                                          SHA256

                                                                                          8b4e1b847e22233d4f467d34faefe7bcbfebce6fa9bbbee560c45cd894868751

                                                                                          SHA512

                                                                                          c0f6c4d32c3e326ed78da7fa193523beb48469023740eea56171d4b570e522e3acae11319cad27a034b8b1f43f8b8038da29a0299e61055dab11e699d6d5dc76

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\app\eventpages\block-notification.html

                                                                                          Filesize

                                                                                          18KB

                                                                                          MD5

                                                                                          5df1099b937768be5160bee76da34f52

                                                                                          SHA1

                                                                                          92c52171e2b3dcd3d26fa17facb319f9303d6661

                                                                                          SHA256

                                                                                          647c9302484e34897944a169f63280418edd584c0a0ed968e8e384acfa7844e9

                                                                                          SHA512

                                                                                          786293f0ff8478756a6c8c4d2df6e4def4594218e167aad4b2a2cfa96f1b647d6550f8fb19ed18b0d38abbd1185edf6985fe843174ebbcdd636c920066f78af7

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\assets\images\dark\level_up_illustration.svg

                                                                                          Filesize

                                                                                          8KB

                                                                                          MD5

                                                                                          a9e3771385f296e75ebcb2d007a6373b

                                                                                          SHA1

                                                                                          db8327c0ed04e15d682cef672a519e99d4182cc8

                                                                                          SHA256

                                                                                          900d8c36d1dbc29cb7d14c435a42d8e0763b98bbfcb7372a3031f90e992fc8f1

                                                                                          SHA512

                                                                                          bba6c401ded4ed75fe64d7d3a7dc24858a82936441c176c7cc4d1df4632bf18b89d15cdd89795634be9e5b218ecc77013b24225fe6afc172c27efc727d033e3d

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\assets\images\dark\no-items.svg

                                                                                          Filesize

                                                                                          821B

                                                                                          MD5

                                                                                          647ee72468992a14e8681d23d7e28540

                                                                                          SHA1

                                                                                          d46eed64dcbcc625d83d2b6f8f2f2caf82f1fed9

                                                                                          SHA256

                                                                                          7b43c21f8e6e0c1208e8aa36b6702271686f8fdf7c82cc046857a35997b271b7

                                                                                          SHA512

                                                                                          a595487f3563c20ef43f62f25fd144a621357d83e298d1bf9c1854960b30f00de52a4cca863ed9ae91305916f22d5d47c8ac19afc0b0e144accb23b7a4678156

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\assets\images\light\block_page_back_arrow.svg

                                                                                          Filesize

                                                                                          661B

                                                                                          MD5

                                                                                          40c3547cbcfd2b62e83c7d4569dc3e48

                                                                                          SHA1

                                                                                          dec17685ead5db29cdf70c02ad6b489280d0fe26

                                                                                          SHA256

                                                                                          bf995d63320762b2ab0d33b26348b1b6c0599cb6f9cfc3a3befd42bdcea32a0f

                                                                                          SHA512

                                                                                          a6409ab0b7d05dba3981e93d75f23fa9aff59ea8b38d0931f625b56e47fedb7743e8160bb8976c1f1c011f3efb63b24eb2c72e301a16b75f4cd25a545805d06a

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\assets\images\light\close_icon.svg

                                                                                          Filesize

                                                                                          268B

                                                                                          MD5

                                                                                          5773d0129091debf0a7f17aa001d9e26

                                                                                          SHA1

                                                                                          e2d75bcf624175150c1bc6fe224ca1f43f533697

                                                                                          SHA256

                                                                                          986ae7cd13eea34af51835d3883733dfcc13d6cb827da099ac7098e7642ec923

                                                                                          SHA512

                                                                                          ddb3c52ef1f97f423197fab6e53801f2fbdf49d36bb529f3a73a83d6019171bbc1495b4887069b516cd065a2f1a1d6aaea1a68cc19ca0e02249562111568aa77

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\assets\images\light\cog_icon.svg

                                                                                          Filesize

                                                                                          2KB

                                                                                          MD5

                                                                                          644fac82b826dfed1fe991fc34de5abc

                                                                                          SHA1

                                                                                          21b9b3cfd7a1e53ea9318d0ff30740e14d8d93a9

                                                                                          SHA256

                                                                                          9b1ae662ce0ee13b4cf195be75b1e1f7d1bc07140ee167d2c7e2d55007efb6d8

                                                                                          SHA512

                                                                                          72b8a9750602142f240f0a6620188f7b13c1f534bc17ee50ba9a9c39fa7fede67d63afb0ddf18f851db7fcd856e46ba7ab34e699c8f0eb0211cdf8991908d3b7

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\assets\images\light\learn_more_info_icon.svg

                                                                                          Filesize

                                                                                          511B

                                                                                          MD5

                                                                                          7fa6ff207c7ee40d20e8bcd8106fb3f7

                                                                                          SHA1

                                                                                          536e31442aec3b14845ba1ce6d3ba2d67a051421

                                                                                          SHA256

                                                                                          318f6d36200609a8f82e336c7c0eb5627a9e970c67a1d3c5e87690d26097d5a4

                                                                                          SHA512

                                                                                          787cd6555279de9b3edd73180e547a6ba4863a10a81d1de562e91ae9a40767c9b15198c9d21e05250d734e31ac22861ce00e0cf06de08a1d9f6c1631c23d3538

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\assets\images\light\level_up_illustration.svg

                                                                                          Filesize

                                                                                          8KB

                                                                                          MD5

                                                                                          654530887587ea6c25496619b01c6d07

                                                                                          SHA1

                                                                                          3387fc1420016445a51dde530582a86bfd49adc6

                                                                                          SHA256

                                                                                          9d4425b5d11cf9476b72a37b836d23d6bf340bb4648fdc7fa0d443c6987a7b6d

                                                                                          SHA512

                                                                                          4ccadb00a920266eccfff6c63af10eb09259aeb26b1fac71bf246c70a20fad08eaacd4d751959ee6e474481cbe5915b56e68550fce8fe46e3a54e07d0a2185d5

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\assets\images\light\no_items.svg

                                                                                          Filesize

                                                                                          819B

                                                                                          MD5

                                                                                          8780c0229fd120e5f8866524137542f5

                                                                                          SHA1

                                                                                          13e7d9f5cda40cfa1bd7b372346f066594cf9f1d

                                                                                          SHA256

                                                                                          c6a3b0fd7fa7b49e717737baef5bfc2e320768b94ec98d49d6be121c3b011055

                                                                                          SHA512

                                                                                          9512d941e14ca0b9ea3f7518787b5b5b27b6d03d37e65a82a7fb057fb118aec87ce8f4e155bc1a7b564d95c52fdffd52629fff3e3db4e69571b6694c4aee836a

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\c656b8caa454ed19b9a2.ttf

                                                                                          Filesize

                                                                                          103KB

                                                                                          MD5

                                                                                          b87b9ba532ace76ae9f6edfe9f72ded2

                                                                                          SHA1

                                                                                          cedd7227091b22f873e3856d84c3dfd974745048

                                                                                          SHA256

                                                                                          cb7f81f542f5c418a3bbb9ad3f9fbe784151d13b04cec50ecedec6013324a3da

                                                                                          SHA512

                                                                                          530ac5440dbe30baaf85589238fba550b8054885ccf71ce3347be61682378d071536d80284d883cbfd5d09d7fdfb38fc7c498dd158b76c4a40a96490eb3f099e

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\content-debugging.js

                                                                                          Filesize

                                                                                          678B

                                                                                          MD5

                                                                                          9b531261f75b30f9b8855f6effb18f93

                                                                                          SHA1

                                                                                          5d4730aafc4a2c47e8ceb4ccab7fb46abc2afcca

                                                                                          SHA256

                                                                                          14a8d4def5b4844c5e5b1cc7fa814e28ad7a059133aa75d5062df23cb3b60c00

                                                                                          SHA512

                                                                                          b142567b1f8279bf3c3e243dae4e79ec565a5ecdb7e8367f638f092a010f998c0bc4d1cffb42f7d22438c11ce0b609e9b925528ddd1f63814af3e0378986ff76

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\content-scripts.js

                                                                                          Filesize

                                                                                          1.1MB

                                                                                          MD5

                                                                                          ac1c95912676d54d31195f9618087a13

                                                                                          SHA1

                                                                                          e20e5ea8688e7f7795a19761f30cfa18566a2e0e

                                                                                          SHA256

                                                                                          d59304922654c4afcbaf1b487de95d01500d673407af26c3ee89456648b20a20

                                                                                          SHA512

                                                                                          dd4648e4f8c787eaa62a1c3e0e69dde3bd5bff4b5cbe13c4a30cd224a6cd3e46cea100ccab019990af943105df95ee4daf80833280068cef097ba136afbd46b9

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\db\mbgc.mv3.ads_1.json

                                                                                          Filesize

                                                                                          8.2MB

                                                                                          MD5

                                                                                          2154735d35b98d6254c079df4231e8b8

                                                                                          SHA1

                                                                                          e74056fd55979b0e1e7c901e51d26f6955a142b0

                                                                                          SHA256

                                                                                          83098f8ad5c3e3542c04630ebc600574bc951612de5778a3a061fae6db4e642d

                                                                                          SHA512

                                                                                          77a9f95138e5c43d8b1c337d5b16f8731656818a26208f63364fa2cb1c6bd79506b4127220351d0c94557eca01479be3c12e005b2d5227bbdab8997a249bd084

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\db\mbgc.mv3.ads_2.json

                                                                                          Filesize

                                                                                          3.7MB

                                                                                          MD5

                                                                                          dfa1ed1cef6429188b662874927473d3

                                                                                          SHA1

                                                                                          0d807c7eea3bf6f0e631fc28ea9bbb4fad29fcad

                                                                                          SHA256

                                                                                          648cf07e6c251c76d8d17d9a8a78903b517bea382dce181e294855cff4ab1e8c

                                                                                          SHA512

                                                                                          e2d13d9ccab336362220e02867117ac317317ee69d7850e6dd35291a80ab1903d4fa0faedcc883f2249b91879b332e019482558b5018fb70f5fad89a8a8abf65

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\db\mbgc.mv3.easylist_1.json

                                                                                          Filesize

                                                                                          5.9MB

                                                                                          MD5

                                                                                          3aa3bd5280ced6dcbc7b8217aadb1c1e

                                                                                          SHA1

                                                                                          6be0a6e7610ef68a6e3988e0b2403f21c1e1153a

                                                                                          SHA256

                                                                                          98605bfda727f82dd70f1438096360ed36b8e6eb01fd9bd29664b2f9c556a225

                                                                                          SHA512

                                                                                          4449ad8803f58b221b976851e214e24c33926b59ff6bf7954c9852813410157a112e4986c76310f18f4f36fa3d95e542ca98a0c9a09011f88b7d7e02238d67f1

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\db\mbgc.mv3.easyprivacy_1.json

                                                                                          Filesize

                                                                                          151KB

                                                                                          MD5

                                                                                          9f73e2999104f6b79abb8d547322b338

                                                                                          SHA1

                                                                                          a675dc5139770a9f3381c6b839aaa47094df3f08

                                                                                          SHA256

                                                                                          6122080ed36b7851e616cb153407ebe29514886e553a73eee48016db7f32149c

                                                                                          SHA512

                                                                                          ac22f1280978145755bd154b2d6613992840c5105add6f5171c2f3145de20922647f438e5280ae57a52d42944c9d9e0864f1e1bb707780a05a5c9801d4a217a1

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\db\mbgc.mv3.malware_1.json

                                                                                          Filesize

                                                                                          448KB

                                                                                          MD5

                                                                                          1911ec9341772ba8c675251712f62b1f

                                                                                          SHA1

                                                                                          cbf42772839425dcd2395cc6e256f497e37e8951

                                                                                          SHA256

                                                                                          dac31425488299d24963b61f469dfce855ae70c1dbf515615189e504fd145801

                                                                                          SHA512

                                                                                          99bb3ed901cb1f410ed02fe31bd100d9c4656978b807e1fa36408719df5a0ec44ca4a55391d654dd9b45fa5e22a9670dc50a5677cd533a3a158c80ebf9258f04

                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\db\mbgc.mv3.whitelist_1.json

                                                                                          Filesize

                                                                                          23KB

                                                                                          MD5

                                                                                          87ec7f10e6f26422cf13f29f4efdee4c

                                                                                          SHA1

                                                                                          e581c5c380906973344801eda2c839ff69707e19

                                                                                          SHA256

                                                                                          778f1ed4ed13536646435a4aafbe83c95935ef8e12ab6946f3e0a48ba7b0a00c

                                                                                          SHA512

                                                                                          ae17d486cc92411146844081ba44a07e738dc1bbabfbf8aa98f0988241ff89db0e68a70289122e3e24883312a58004b69ae7215b9d3213a33cd5face0a37b2a9

                                                                                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                                                                          Filesize

                                                                                          479KB

                                                                                          MD5

                                                                                          09372174e83dbbf696ee732fd2e875bb

                                                                                          SHA1

                                                                                          ba360186ba650a769f9303f48b7200fb5eaccee1

                                                                                          SHA256

                                                                                          c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                                                          SHA512

                                                                                          b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                                                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                                                                          Filesize

                                                                                          13.8MB

                                                                                          MD5

                                                                                          0a8747a2ac9ac08ae9508f36c6d75692

                                                                                          SHA1

                                                                                          b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                                                          SHA256

                                                                                          32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                                                          SHA512

                                                                                          59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\AlternateServices.bin

                                                                                          Filesize

                                                                                          8KB

                                                                                          MD5

                                                                                          f7a52664c4784396c8b891f78c957046

                                                                                          SHA1

                                                                                          f6beecf3a9971445310613ffed40bdaff281a2f4

                                                                                          SHA256

                                                                                          3be155519a5c2c64156e6112fb9cf0112453d90d21d8a06fa35f0f3a59c6efd7

                                                                                          SHA512

                                                                                          6d39897e9367fd6e7ac40f618d627691ba7484fa20ac554c44fe69df589383c1fa8e3301993fc6feb0b55cd90034ec4e5f19ff6fa745ff37f451f3af6a12d1fe

                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

                                                                                          Filesize

                                                                                          6KB

                                                                                          MD5

                                                                                          acb71c0b470f9477afd7f37da3f42364

                                                                                          SHA1

                                                                                          bfc0607c58efc7d678d75e9f13f209d9260b9369

                                                                                          SHA256

                                                                                          2039b9353f3c6fcb63809b94991db1a0568dbcb0259fcc2defa27169eda0dfc5

                                                                                          SHA512

                                                                                          591b310fcad1c67f24f8d5a455f60b2c3028465e0b1bb74572a9b56f3c1f2c18bcf8e866ee81d5b83bf2c6fa16df961bb31681ae86e6e153ca61f73a1ba59ee4

                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

                                                                                          Filesize

                                                                                          5KB

                                                                                          MD5

                                                                                          cc88ce0d93b716c224785832c678d804

                                                                                          SHA1

                                                                                          5a94f0b6ac1cfa45783da60cae4678dff33540b8

                                                                                          SHA256

                                                                                          42bd00ac8899d1a48905a0842863b47a84e3f40c24fb807636ec29957fdae0aa

                                                                                          SHA512

                                                                                          8d767f40e0cb567dea75f021dc7e68fc634bd2ccfc59fdc0551a48ab3748e4a47ff4e9bb3f3080651f9b4b24dd95e92581d17ab645d2dd90de99768d7fa7b49e

                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

                                                                                          Filesize

                                                                                          4KB

                                                                                          MD5

                                                                                          f8c91e3a3b4e1808830bf15a6863475f

                                                                                          SHA1

                                                                                          d4b7d20b143ae81f201c6929bf7691015902950c

                                                                                          SHA256

                                                                                          b7c8ca3c325510d106eda2fe7ee1cb4e4a22bfd49068281455d2a068ba8cf49c

                                                                                          SHA512

                                                                                          a985bf72fd49d20cbb48ce98afe1e1439350049529fee9f378089561b1cbca84256559799182fcd0399322a48a128d449abf795a33f4f7649f45af18b5aca45c

                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

                                                                                          Filesize

                                                                                          20KB

                                                                                          MD5

                                                                                          8927bff3e13556c2f0650160bb016234

                                                                                          SHA1

                                                                                          55e50b275205ad5ad0c84988162b86b4337357b7

                                                                                          SHA256

                                                                                          12815ecf44b7d834ec623f342292c32992ceb7ae0438bf19d3d3a344056263cc

                                                                                          SHA512

                                                                                          1c0c257077e18b0e54a6be224fe878c5cb126b9243cf8d75ea96a54536278bf510d88bffc0b6d68c769371812fcceed66ed1ee6f78a2b1c892a2ac1397e8d92a

                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

                                                                                          Filesize

                                                                                          6KB

                                                                                          MD5

                                                                                          b2ffdf91136912f51c05a89f53617aaa

                                                                                          SHA1

                                                                                          4347ffb695e8f6d707a5a0b36650cd64b1930e58

                                                                                          SHA256

                                                                                          c86092e53f255a8e2aebd24c75d57d59c262b92894f4913e8f1f9323b18e625c

                                                                                          SHA512

                                                                                          77228c4d79eeeebb967e75daa1226b0b3faad704d75f91c9b085b200b601db80e6e17d26d2abadbf7efb9ae0ae9bafd4fe8a2ca8d11cff11e8b38709dd9ece9c

                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\4acab052-5fd7-4cb2-906a-13a22440f575

                                                                                          Filesize

                                                                                          982B

                                                                                          MD5

                                                                                          5eb0fe89b4954caa421005ec324d30c1

                                                                                          SHA1

                                                                                          5e92435656d994848d08fd65c87512fa4599cf70

                                                                                          SHA256

                                                                                          b6b18a3c113d2e7e98725d174da29d456ccade853e2f164c2fd4822095161993

                                                                                          SHA512

                                                                                          f645d0d208d15798b696c6ca5bb0c848b6c6d0048e89b1ee72350a5304ab01d4c16d49fd07daa68c01b145d48a66d1766750a0155f658b6358aacad50345b79b

                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\58165975-4490-4254-945f-f796df414111

                                                                                          Filesize

                                                                                          671B

                                                                                          MD5

                                                                                          179348bcb2d8dbabbce2e23e05200930

                                                                                          SHA1

                                                                                          248777c87f854c32e0a6edf1845a1aede12692fd

                                                                                          SHA256

                                                                                          6073daf9c1eda23b9330577a634ecf43d55ed493217e6c348e1abd4814db396c

                                                                                          SHA512

                                                                                          e65249b85538d2cf05ddf1247194891066e33aca6b65adf9aed235f312fbcfeabbad5273910014b859d29b85b5b8cdf3a1d55b9506e53494d68719ef9775c4f7

                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\705c325d-40f1-4250-9acd-e6a444c8c079

                                                                                          Filesize

                                                                                          26KB

                                                                                          MD5

                                                                                          ef30c5ddc6abc3a8419c50621e17e443

                                                                                          SHA1

                                                                                          0f9760a94bab088afbd82b165a78beb846267623

                                                                                          SHA256

                                                                                          08b21c9b88755ce94368d857feec9636a0bf7bf6f1efcffc16b7164bebbba398

                                                                                          SHA512

                                                                                          7c5e369783ba9b20b05c38afe6393b20aed70808fb7b15f66c6e247855eb548022c2a33d2860453335658d822cc55334aa75db117ba30db41ea573ed081e4327

                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                                                                                          Filesize

                                                                                          1.1MB

                                                                                          MD5

                                                                                          842039753bf41fa5e11b3a1383061a87

                                                                                          SHA1

                                                                                          3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                                                          SHA256

                                                                                          d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                                                          SHA512

                                                                                          d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                                                                                          Filesize

                                                                                          116B

                                                                                          MD5

                                                                                          2a461e9eb87fd1955cea740a3444ee7a

                                                                                          SHA1

                                                                                          b10755914c713f5a4677494dbe8a686ed458c3c5

                                                                                          SHA256

                                                                                          4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                                                          SHA512

                                                                                          34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                                                                                          Filesize

                                                                                          372B

                                                                                          MD5

                                                                                          bf957ad58b55f64219ab3f793e374316

                                                                                          SHA1

                                                                                          a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                                                          SHA256

                                                                                          bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                                                          SHA512

                                                                                          79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                                                                                          Filesize

                                                                                          17.8MB

                                                                                          MD5

                                                                                          daf7ef3acccab478aaa7d6dc1c60f865

                                                                                          SHA1

                                                                                          f8246162b97ce4a945feced27b6ea114366ff2ad

                                                                                          SHA256

                                                                                          bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                                                          SHA512

                                                                                          5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs-1.js

                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          49a08c8bae14e5a3600106873d2ce6b8

                                                                                          SHA1

                                                                                          1b6d46bfd757406bc3707b6a54ddf0e7fb95484b

                                                                                          SHA256

                                                                                          259f9832ed437f7d1205a82b5e340e7a44b9be1e2aa07e35aea3a709cc19029f

                                                                                          SHA512

                                                                                          c9fb1e2d89df1ab928ea2491d22c1a3c55cc1899528a03d5907fb18e826f5f5ab27efde0faef38e3b9cfe602aed9d4dbe9db0d8251f4ac734d49f06f6225f978

                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs.js

                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          9ff05bc4503efd121cecadddca6789df

                                                                                          SHA1

                                                                                          8d7e207cea6dcf32936a7bd0f109c25d0400c609

                                                                                          SHA256

                                                                                          625ebbac66fff444e5b652674194a368df6d7143fd32ee0a77edb3233d888958

                                                                                          SHA512

                                                                                          b6c419cf835de3a4e27fa511977c8c844228f6957177c6a19e5a28471554c90cc63fa4200c32d1e52391babf780a43d168f9f54e038774aca968f6eaea849ecb

                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 988844.crdownload

                                                                                          Filesize

                                                                                          2.5MB

                                                                                          MD5

                                                                                          d21bf3852bb27fb6f5459d2cf2bcd51c

                                                                                          SHA1

                                                                                          e59309bbe58c9584517e4bb50ff499dffb29d7b0

                                                                                          SHA256

                                                                                          de9c4e8b4b0c756eee4e39221c1e4e0e11c2e67effb828e27de3c4b4470ccff2

                                                                                          SHA512

                                                                                          17bc7740f131a1d4e84fd7e4ab5e1ce510660f5046340ef6d09ef99c56c88da2b6be3ae5c5ddb7213841c506eaec147c65abba1a7a2a8eb4fb8f6329bbaa03d1

                                                                                        • C:\Windows\System32\CatRoot2\dberr.txt

                                                                                          Filesize

                                                                                          19KB

                                                                                          MD5

                                                                                          7e485f31995f0042dd9fbab97dbcd70c

                                                                                          SHA1

                                                                                          d98398fb20184d285bbbc5bdbdf757b1c8533c44

                                                                                          SHA256

                                                                                          77ee3634e237587727bae8596fef2c0b7c6ce29da95535180a99684dbf8c6d8b

                                                                                          SHA512

                                                                                          93a22e02f8f6321cd665d1d09adfb653fdd91aa330198e96ced42fea0ab176808231ba89f4adc2c1d55cb02623a163a3f595b6604da52d929651af45c6127d25

                                                                                        • C:\Windows\System32\catroot2\dberr.txt

                                                                                          Filesize

                                                                                          19KB

                                                                                          MD5

                                                                                          d9366fd761c5112b6c9adc198969f92d

                                                                                          SHA1

                                                                                          d62ec5157be6343726b32989e164ff56663e4414

                                                                                          SHA256

                                                                                          06109523c26095ead99c10ec196db67642459c253a871c5b4f3e5ad76b3c4b8a

                                                                                          SHA512

                                                                                          6daf725dba971bab7dba375be28cda517db647a82d959b8c3300f1147d1be6269e604f45e273e40b4f44920f070dcbf648b091d05ec2b83de94fa8227158e9c4

                                                                                        • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC

                                                                                          Filesize

                                                                                          5B

                                                                                          MD5

                                                                                          5bfa51f3a417b98e7443eca90fc94703

                                                                                          SHA1

                                                                                          8c015d80b8a23f780bdd215dc842b0f5551f63bd

                                                                                          SHA256

                                                                                          bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

                                                                                          SHA512

                                                                                          4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

                                                                                        • C:\Windows\System32\drivers\mbam.sys

                                                                                          Filesize

                                                                                          76KB

                                                                                          MD5

                                                                                          272e9fb7d4c15649d793c5e9f54e8535

                                                                                          SHA1

                                                                                          3dff8612d3123339f1d9466cbee5df79a43513ef

                                                                                          SHA256

                                                                                          b91e2408552dafbbe1977e1c273e78ff2a24f170f92a1f50296812a31f621a4d

                                                                                          SHA512

                                                                                          984b9a6a94f23ee53c0237c75ed96195a0dc9fe358a4acc665c59819b01328913f321758eced19a8e100fed4ca8f24187b54f7e1ed913e0edef19524a8ecf841

                                                                                        • C:\Windows\System32\drivers\mbamswissarmy.sys

                                                                                          Filesize

                                                                                          233KB

                                                                                          MD5

                                                                                          246a1d7980f7d45c2456574ec3f32cbe

                                                                                          SHA1

                                                                                          c5fad4598c3698fdaa4aa42a74fb8fa170ffe413

                                                                                          SHA256

                                                                                          45948a1715f0420c66a22518a1a45a0f20463b342ce05d36c18b8c53b4d78147

                                                                                          SHA512

                                                                                          265e6da7c9eede8ea61f204b3524893cf9bd1ed11b338eb95c4a841428927cccbed02b7d8757a4153ce02863e8be830ea744981f800351b1e383e71ddaad36ad

                                                                                        • C:\Windows\Temp\MBInstallTemp28a5e7e95bdf11ef9b0d4e01ffcf908d\7z.dll

                                                                                          Filesize

                                                                                          1.6MB

                                                                                          MD5

                                                                                          3430e2544637cebf8ba1f509ed5a27b1

                                                                                          SHA1

                                                                                          7e5bd7af223436081601413fb501b8bd20b67a1e

                                                                                          SHA256

                                                                                          bb01c6fbb29590d6d144a9038c2a7736d6925a6dbd31889538af033e03e4f5fa

                                                                                          SHA512

                                                                                          91c4eb3d341a8b30594ee4c08a638c3fb7f3a05248b459bcf07ca9f4c2a185959313a68741bdcec1d76014009875fa7cbfa47217fb45d57df3b9b1c580bc889d

                                                                                        • C:\Windows\Temp\MBInstallTemp28a5e7e95bdf11ef9b0d4e01ffcf908d\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json

                                                                                          Filesize

                                                                                          372B

                                                                                          MD5

                                                                                          d94cf983fba9ab1bb8a6cb3ad4a48f50

                                                                                          SHA1

                                                                                          04855d8b7a76b7ec74633043ef9986d4500ca63c

                                                                                          SHA256

                                                                                          1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

                                                                                          SHA512

                                                                                          09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

                                                                                        • C:\Windows\Temp\MBInstallTemp28a5e7e95bdf11ef9b0d4e01ffcf908d\ctlrpkg\mbae64.sys

                                                                                          Filesize

                                                                                          154KB

                                                                                          MD5

                                                                                          95515708f41a7e283d6725506f56f6f2

                                                                                          SHA1

                                                                                          9afc20a19db3d2a75b6915d8d9af602c5218735e

                                                                                          SHA256

                                                                                          321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6

                                                                                          SHA512

                                                                                          d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

                                                                                        • C:\Windows\Temp\MBInstallTemp28a5e7e95bdf11ef9b0d4e01ffcf908d\dbclspkg\MBAMCoreV5.dll

                                                                                          Filesize

                                                                                          6.3MB

                                                                                          MD5

                                                                                          65a49aa18cfaa688a43a62e2821fbd77

                                                                                          SHA1

                                                                                          2ff08fd8149e1202e580dad63f7ac1fe3130464e

                                                                                          SHA256

                                                                                          7dc3f946efc0cba5e4e6285bb0c77c20e04ae473f41ba58ac1a7ee539168e6ee

                                                                                          SHA512

                                                                                          4e0a6c1491f398ad9ed4a0004b0e6e0c6a29693f7c225d93d567ad356a9a6423b35cafe2ae5dbd8bdce9b034b35055ec1c3e5248a09a3a209116ed1f7e62aea1

                                                                                        • C:\Windows\Temp\MBInstallTemp28a5e7e95bdf11ef9b0d4e01ffcf908d\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll

                                                                                          Filesize

                                                                                          1.3MB

                                                                                          MD5

                                                                                          3143ffcfcc9818e0cd47cb9a980d2169

                                                                                          SHA1

                                                                                          72f1932fda377d3d71cb10f314fd946fab2ea77a

                                                                                          SHA256

                                                                                          b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7

                                                                                          SHA512

                                                                                          904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b

                                                                                        • C:\Windows\Temp\MBInstallTemp28a5e7e95bdf11ef9b0d4e01ffcf908d\servicepkg\MBAMService.exe

                                                                                          Filesize

                                                                                          8.6MB

                                                                                          MD5

                                                                                          2d49262ee00ca948aefc1047d65bca56

                                                                                          SHA1

                                                                                          ae60524cd5d0fc2e8f32b38835667871747db3fb

                                                                                          SHA256

                                                                                          6931bb215c086739a7b2ab089a8bd9cd4b2acbb9f44a32ec1b420f216f6ff782

                                                                                          SHA512

                                                                                          d069d4f20d69aa102438f1779f6222cfef7967733cce8d744bf6121e8e22bfc8dee4ee6887cf13e17ea173a0db4c52e3009fe85b861f5c7622294b63b366877a

                                                                                        • C:\Windows\Temp\MBInstallTemp28a5e7e95bdf11ef9b0d4e01ffcf908d\servicepkg\mbamelam.cat

                                                                                          Filesize

                                                                                          10KB

                                                                                          MD5

                                                                                          60608328775d6acf03eaab38407e5b7c

                                                                                          SHA1

                                                                                          9f63644893517286753f63ad6d01bc8bfacf79b1

                                                                                          SHA256

                                                                                          3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59

                                                                                          SHA512

                                                                                          9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

                                                                                        • C:\Windows\Temp\MBInstallTemp28a5e7e95bdf11ef9b0d4e01ffcf908d\servicepkg\mbamelam.inf

                                                                                          Filesize

                                                                                          2KB

                                                                                          MD5

                                                                                          c481ad4dd1d91860335787aa61177932

                                                                                          SHA1

                                                                                          81633414c5bf5832a8584fb0740bc09596b9b66d

                                                                                          SHA256

                                                                                          793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3

                                                                                          SHA512

                                                                                          d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

                                                                                        • C:\Windows\Temp\MBInstallTemp28a5e7e95bdf11ef9b0d4e01ffcf908d\servicepkg\mbamelam.sys

                                                                                          Filesize

                                                                                          20KB

                                                                                          MD5

                                                                                          9e77c51e14fa9a323ee1635dc74ecc07

                                                                                          SHA1

                                                                                          a78bde0bd73260ce7af9cdc441af9db54d1637c2

                                                                                          SHA256

                                                                                          b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0

                                                                                          SHA512

                                                                                          a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

                                                                                        • C:\Windows\Temp\TmpA7BB.tmp

                                                                                          Filesize

                                                                                          6KB

                                                                                          MD5

                                                                                          a254c7bc721b6e718446f5e2cb353862

                                                                                          SHA1

                                                                                          4b09787f9d821173c508486c858f5a4adb86645d

                                                                                          SHA256

                                                                                          46929fe718e86ae6ddca0a7855282935392fe4cf98b00768cd73b68a3cf00a6e

                                                                                          SHA512

                                                                                          10e00f032ad81d691325c8f4cf264268c59c9c36f2f258e65f2410830ec5e277f5c863116bf00df7c07ae369a5a4eca2935cdb9d1d96501025e5f7c443f41544

                                                                                        • C:\Windows\Temp\TmpAF5D.tmp

                                                                                          Filesize

                                                                                          6KB

                                                                                          MD5

                                                                                          2855cb4a14433aa6c82402462a4754a2

                                                                                          SHA1

                                                                                          70bd750ce3d1f0bcc1ddc6087b5eb99e6f3aa8a2

                                                                                          SHA256

                                                                                          30b569325a385a2622369d725fb32def56229bb94b0879b3344ff01f008394d2

                                                                                          SHA512

                                                                                          4866e10a68b4db966cebec5bca90d663491737d56c9ebe3622ca7aaaf37cf5dcfd0c3df24f121264e5f3793bcb0ebabe82d4b1f7ca777a1ec13ac86407c5b658

                                                                                        • memory/5988-8601-0x000001E1BDED0000-0x000001E1BE3B8000-memory.dmp

                                                                                          Filesize

                                                                                          4.9MB

                                                                                        • memory/5988-8919-0x000001E1BDED0000-0x000001E1BE3B8000-memory.dmp

                                                                                          Filesize

                                                                                          4.9MB

                                                                                        • memory/5988-8412-0x000001E1BDED0000-0x000001E1BE3B8000-memory.dmp

                                                                                          Filesize

                                                                                          4.9MB

                                                                                        • memory/5988-6118-0x000001E1BDED0000-0x000001E1BE3B8000-memory.dmp

                                                                                          Filesize

                                                                                          4.9MB

                                                                                        • memory/5988-3674-0x000001E1BDED0000-0x000001E1BE3B8000-memory.dmp

                                                                                          Filesize

                                                                                          4.9MB

                                                                                        • memory/5988-8684-0x000001E1BDED0000-0x000001E1BE3B8000-memory.dmp

                                                                                          Filesize

                                                                                          4.9MB

                                                                                        • memory/5988-9105-0x000001E1BDED0000-0x000001E1BE3B8000-memory.dmp

                                                                                          Filesize

                                                                                          4.9MB