Analysis Overview
Threat Level: Likely malicious
The file http://web.archive.org was found to be: Likely malicious.
Malicious Activity Summary
Sets service image path in registry
Modifies RDP port number used by Windows
Modifies Windows Firewall
Downloads MZ/PE file
Drops file in Drivers directory
Checks BIOS information in registry
Event Triggered Execution: Component Object Model Hijacking
Impair Defenses: Safe Mode Boot
Reads user/profile data of web browsers
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Enumerates connected drives
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Adds Run key to start application
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Checks system information in the registry
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
Enumerates physical storage devices
Suspicious behavior: LoadsDriver
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Scheduled Task/Job: Scheduled Task
Modifies registry key
Checks SCSI registry key(s)
Script User-Agent
Checks processor information in registry
NTFS ADS
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Modifies registry class
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Enumerates system info in registry
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-08-27 14:29
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-27 14:29
Reported
2024-08-27 14:40
Platform
win10v2004-20240802-en
Max time kernel
475s
Max time network
673s
Command Line
Signatures
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\drivers\mbamtestfile.dat | C:\Users\Admin\AppData\Local\Temp\611A36~1\MBSetup-119603.119603-5.1.7.121.exe | N/A |
| File created | C:\Windows\system32\drivers\mbae64.sys | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbamswissarmy.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamChameleon.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies RDP port number used by Windows
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\611A36~1\MBSetup-119603.119603-5.1.7.121.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\AppData\Local\Temp\611A36~1\MBSetup-119603.119603-5.1.7.121.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation | C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService\ = "Service" | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Free Download Manager = "\"C:\\Program Files\\Softdeluxe\\Free Download Manager\\fdm.exe\" --hidden" | C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe | N/A |
Checks installed software on the system
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_25b1fe3637126834\gameflt.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\net8192se64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\netsstpa.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Malwarebytes\Logs\MBAMSI.alt1.log | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Malwarebytes\Logs\MBAMSI.alt1.log | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c2611fb7-f5ee-d44a-a319-da19068f7d8f}\SET5B29.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{2692084d-cd85-ef41-a5cc-0ea99d383da2}\SETD714.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_25b1fe3637126834\gameflt.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\netbc63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\netathrx.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_1a82423cc076e882\rtwlanu_oldic.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\dc21x4vm.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_1f949c30555f4111\netmyk64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\xgameruntime.dll | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\athw8x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_b06c3bc32f7db374\bthpan.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{a624b953-92d3-7549-9d73-b8bae1fe22de}\gameflt.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{2692084d-cd85-ef41-a5cc-0ea99d383da2}\gameflt.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\gameplatformservices.dll | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{d884de48-5474-e34c-9e93-be35bad1b796}\SETD168.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{2692084d-cd85-ef41-a5cc-0ea99d383da2}\SETD715.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\rtux64w10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_783312763f8749c7\netl260a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\system32\gamingservicesproxy_4.dll | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\xvdd.inf_amd64_51b9ca7697b3e559\xvdd.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\netloop.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_ec11d0ad3c5b262a\netvwifimp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\netxex64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_25b1fe3637126834\gameflt.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\net8185.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\xvdd.inf_amd64_51b9ca7697b3e559\xvdd.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Malwarebytes\Logs\MBAMSI.alt1.lock | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_25b1fe3637126834\gameflt.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\netwns64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\net8192su64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{d884de48-5474-e34c-9e93-be35bad1b796}\xvdd.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\netrtwlane_13.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\xgameruntime.dll | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\net1ic64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_32a9ad23c1ecc42d\c_net.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{2692084d-cd85-ef41-a5cc-0ea99d383da2}\SETD715.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\netwtw04.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\bcmwdidhdpcie.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\net7500-x64-n650f.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\netwew01.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\netbc64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\netefe3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{a624b953-92d3-7549-9d73-b8bae1fe22de}\SET9D5E.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netmlx5.inf_amd64_101a408e6cb1d8f8\netmlx5.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_310ee0bc0af86ba3\netr7364.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\nett4x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\nete1e3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\netjme.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\netv1x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\is-KEAM7.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\tls\is-F7AO6.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\modules\common.luac | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-83A4I.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Window\is-2U9KD.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Primitives.dll | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationNative_cor3.dll | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\System.Windows.Forms.Design.resources.dll | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\is-UG32H.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libheadphone_channel_mixer_plugin.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\gl\ | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework.Aero.dll | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Sentry.dll | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Imagine\is-CONMQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\is-PNBET.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\sqldrivers\is-KT6PS.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\mobile.html | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\qmltooling\is-O5B5L.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\translations\is-D3AKL.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcolorthres_plugin.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-GEO44.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Dialogs\quickimpl\qml\+Fusion\is-SDLP6.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Extensions.dll | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\fr\ | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\translations\main\is-L32DP.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.AppContext.dll | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libchorus_flanger_plugin.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\ | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-0R9AU.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-0T7ET.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\qml\Qt5Compat\GraphicalEffects\is-H4O8L.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ff\ | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationClientSideProviders.resources.dll | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\WindowsFormsIntegration.dll | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\is-DUA4I.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-BAHRR.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-IP9IN.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\THANKS.txt | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Fusion\impl\is-8UF4B.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\is-PCAJA.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\PresentationCore.resources.dll | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hant\WindowsBase.resources.dll | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libwall_plugin.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\translations\torrents\is-KPPSO.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-localization-l1-2-0.dll | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.VisualBasic.dll | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Windows.Forms.Design.resources.dll | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.UI.Controls.dll | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Material\impl\is-32DRA.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.SystemEvents.dll | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\is-9PT0A.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\sr\ | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Basic\is-7AI9O.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File created | C:\Program Files\Softdeluxe\Free Download Manager\translations\torrents\is-D22E1.tmp | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\BrowserSDKDLL.dll | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\System32\pnputil.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem5.pnf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\System32\pnputil.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| File opened for modification | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem4.pnf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Ninite Malwarebytes Installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\5fe4c407-6481-11ef-ac6b-ee255df7db21\Ninite.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\611A36~1\MBSetup-119603.119603-5.1.7.121.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\VideoLAN\VLC\uninstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\fdm_x64_setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\MinecraftInstaller.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 | C:\Windows\System32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Windows\System32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 | C:\Windows\System32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\System32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Windows\System32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\System32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\System32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 | C:\Windows\System32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 | C:\Windows\System32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 | C:\Windows\System32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Windows\System32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Windows\System32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\System32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 | C:\Windows\System32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\System32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\System32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 | C:\Windows\System32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 | C:\Windows\System32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\System32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000" | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1" | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\fdm.exe = "1" | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\fdm.exe = "11000" | C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property\0018800FEEAC3B05 = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb010000005750ac8f8424ee44a7ecbe69557b0eda0000000002000000000010660000000100002000000005e53d6d86ed5b523379e2a10f561769a94d1f7bc084803d7bc869f0e79dae47000000000e8000000002000020000000083d00f1e1695f32887bd4024b0d8e2c210ab4fab0332a6906ccf97ffaa0be8480000000ec9a3fc6647e039199196d28c152c6b9ea4f15c4cc286aa43ad0c317347b9dc3bf0c6325bed8e888c48756814801b41fc459ea8c5d174b2e2bdc4815cb9613b893a07149371e31e55396203d27b16aaf03173f5098d86c4b13d294a859328ae8bd2e5b794a34a7c9ef87aaa357f4ad1e5f546e32598f07ef799894d9968a96c3400000009aa1a4874b13858104244d6c20481ef4593f73322ae4b78d692ef7f08c0a41e6885563b82617e2fb60686200378bf8d2e60a5f661a781ee21bba39f7396abe82 | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Malwarebytes\FirstRun = "false" | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0 | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{BAEE68FB-2B54-4DE3-BECC-4FF62E89ABAF}\DeviceTicket = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb010000005750ac8f8424ee44a7ecbe69557b0eda0000000002000000000010660000000100002000000062662239c2c73428a421f650ab1712f36db4e8b9948ac471482ab08f37f805f3000000000e8000000002000020000000d1c0ed795ae8ee2d9eae7e0424fdfc2019c27d7708c0d9b7a6f370fd6520287eb00300009bf70c0c9f2c38920981911e3739a220377ca15ad317ed5ab712f66fe0bcf786e72a2afb291212b83a7263d6de9decf2019c15fee1f93afc53588783f190f4c3495000e2b76ebf3e75d50d691aa022c220ca65100d8fbe6e98e9ac3b5487f8d51fc281f316c552980446265b5912b5ed22eda741d7ae2d4dbfad1097129ae9cf5612f2982ac9dd6f8f8701f239f67e715bcc8f33a09ab706eaa298738e39e40b6ad65608262770828d861394813f2116e831443fbe5d5fb0d81f243fbbeae2b8e28d98ce21708c8cef5f89237ca3f754bc1a6e7ed319e12559dd30f894efe99e04ab7d3c5c4f23b75e2baab9958f5952d53e6b8ab9d69163a3263d8d32c8ba6e4648e436ca8c9cf44a73d92689696919c543587b164bf3120c52289e8dc0f05e6270ee0a4a824edfc9bfcce93081be90a7f40fffcb490ce98adaa62613c3620b06d6389e98db7d58681fb06fa92368b786db48c2cba4ffcf516ff1473b1039cc02da849896362149dd7050c2f7c1bff5b48f6f5e228e6da45b39f27ea8c6e9f37277cdb47040ea1fe3a1442bbc47ec5a90289638d9dd8f3e5d1609f9b12d870cad22950c3b452feb35b81a0b2b73d15be87204764256d5d1cf2730889a929ffeefcaa9532a34bdce565f330806984a75aca370ffe494308c303817b0516f704839663517a55175288ea3c6648d9972df7a92ab13eac6d0473b4348481b0e598c4b0c84912ad582c600eb4e077f935c8563d12ef691ba3b32ebce997005b50161f1d0ec6fc2707a1c1404fbe4f028187670ed5cf1065d95fc83c9f0265ae391ec015301569cd6eaf73ff1b7272b61307e0185e75a7bae03d3856cd9533120d9078cf89724b177fbdd497489ae4b77e06439c2e4d7b2e483f32cfb60343439a5115996a71088e7b07e4911ff996b46d5983ace4d47e23cc9f43a6556ff27232ff0cd35e509d7580908ec6c5a7ffc7114385e81d635ecab9b57c2bcd151d0c2d4f4e86e66ce40c5966d2735598c475f42daa00f823a7b9e8f31792e07f930fcff699afe438c65f07f1474b37043c6c59d8481ab4303a8d8ac2efeeee0f5e42a3e02837ed123b90fcf89913b328a9fa72e3d0ba2624d53f65f0600936688cb9f4b5d0910760d6fe1b4ef5a9d177eb61e77e3e9bb4da901c6ae1dded0c68c1ae101d19945d6b94d93f86dc8c98861bc5c2a6a47cbe3ccc42e37c4d96f39eec9135f34f1d848b30de032b9db9e50c04525554a3d19c7c17f4b7f33d30521907143f30f607a9c674883080ea1dbd5174ee11b9b5f165c4ec4e88d803a5cfa7ca9a55b0b75202ac531d98e7261364ead997f697b40000000eb581448efc0b6edd9bdf0312edca70e97f585257cfa455c17efdf0cf0319626a10ea22c67ca364e9e39d3e4eeacd02f1cbe9efab9b4549094d80cae68e3ef38 | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.CloudController | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\Version\ = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1097B101-1FF8-4DD8-A6C1-6C39FB2EA5D6}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A153977-1A37-4EF7-9226-9E128FA51AE1}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{738848E2-18E4-40F8-9C08-60BC0505E9E9}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8640989C-20B4-41BE-BFE1-218EF5B076A6}\ = "ITestController" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E3252D1-8C69-4595-B1B8-B20B48DD1812}\ = "GamePlatformConfigService" | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E777BB2-8526-437A-BBE2-42647DE2EC86}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{748A86D4-7EDF-41EF-A1EF-9582643B1C9F}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E3F0FEC-3E40-4137-8C7D-090AFA9B6C5E}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2FB37514-21FA-4B2C-94DA-1562126E9F5F}\ = "_IArwControllerEventsV3" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B2CCE9B-6446-450F-9C9D-542CD9FA6677}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.rmi\shell\AddToPlaylistVLC | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.asx\shell\PlayWithVLC | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BAFDF38F-72A8-4791-AACC-72EB8E09E460}\ = "IMBAMServiceControllerV2" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mxf\shell\PlayWithVLC\command | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9040DF33-5862-4B1F-872A-2FB54951A60E} | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{40D6E119-3897-41B3-AC5D-5FE6F088C97B}\ = "ILogControllerEntryEvents" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB81F893-5D01-4DFD-98E1-3A6CB9C3E63E}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{97EB7268-0D7B-43F6-9C11-337287F960DF}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{cd763b94-bdb3-452c-b5ef-bdc098a2d205}\ProxyStubClsid32 | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0E64B3CF-7D56-4F76-8B9F-A6CD0D3393AE}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A2C9E279-3E50-44F0-8C3B-606A303BA1D1}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{36F3C7D7-BCB1-4359-AB71-0CB816FE3D38}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BC9DC3BC-6685-4005-B961-A6B53B75A12D}\ProxyStubClsid32 | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\ProgID\ = "MB.ScanController.1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{44AC1571-055F-4CC8-B7D8-EA022C4CC112}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.aiff\shell\PlayWithVLC\command | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9BE31822-FDAD-461B-AD51-BE1D1C159921}\MiscStatus\1 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{058c9229-cc28-483d-be29-287093102ae2}\ = "IResolveUserIssueResult2" | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\.opus | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\.gvi | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{04F8CDB5-1E26-491C-8602-D2ADE2D8E17A} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{63A6AB57-4679-4529-B78D-143547B22799}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C510D99-F27D-457F-9469-CFC179DBE0C7}\TypeLib\ = "{2446F405-83F0-460F-B837-F04540BB330C}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49E0DBD1-9440-466C-9C97-95C67190C603}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7C710FA9-862A-40CF-9F54-063EF8FC8438} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D2D1C2BC-3427-478E-A903-ADFBCF5711CD}\ = "IUpdateControllerEventsV2" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{61DF8ACF-EC61-4D69-A543-20EA450E1A84}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08932AD2-C415-4DE8-821D-5AF7A5658483}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8D488C7C-023D-4561-B377-DD9FB7124326}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24F9231B-265E-4C66-B10B-D438EF1EB510} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B2CCE9B-6446-450F-9C9D-542CD9FA6677}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9CFA1689-38D3-4AE9-B1E8-B039EB7AD988}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{23416CFE-018D-418E-8CE9-5729D070CCED}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wav\shell\Open | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5E3E0D16-554A-4654-832E-C9ACD84DE0EB}\ = "IGamePlatformStoreService" | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BD9CB7A5-5C46-4799-A3A4-20FB128E58F1}\ = "ITelemetryControllerV9" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{13A35C28-08C9-4805-9E85-D7ED759314F9} | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F2ED644-9CFD-4F10-B063-15595024151D}\ = "IGameCorePackageService_V1" | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\AppID = "{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9CFA1689-38D3-4AE9-B1E8-B039EB7AD988}\TypeLib\ = "{F5BCAC7E-75E7-4971-B3F3-B197A510F495}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mp2 | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7D04FC0-0721-41BC-B0BA-336A52801B73} | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{72F290D5-789C-4D8A-9EBE-63ECEA150373}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.snd\shell\AddToPlaylistVLC\command | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3E8C9ABE-9226-4609-BF5B-60288A391DEE}\ = "InstallServiceProgressHandler" | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E4B5CFBF-8BBE-4F20-ACC8-9840410FA851}\AppId = "{2964DB41-BAE4-4996-A0A0-D036BFFDC267}" | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{058c9229-cc28-483d-be29-287093102ae2}\ProxyStubClsid32 | C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A0EB1521-C843-47D5-88D2-5449A2F5F40B}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B1D8E799-D5A2-45B4-9524-067144A201E4}\TypeLib\ = "{2446F405-83F0-460F-B837-F04540BB330C}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mts\shell\PlayWithVLC | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\ = "NormalScanParameters Class" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE | C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 920365.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 170957.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 204666.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe | N/A |
| N/A | N/A | C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\uninstall.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://web.archive.org
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6c5646f8,0x7ffc6c564708,0x7ffc6c564718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7072 /prefetch:8
C:\Users\Admin\Desktop\fdm_x64_setup.exe
"C:\Users\Admin\Desktop\fdm_x64_setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-R9EDD.tmp\fdm_x64_setup.tmp" /SL5="$201DA,39406194,832512,C:\Users\Admin\Desktop\fdm_x64_setup.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks.exe" /end /tn FreeDownloadManagerHelperService
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6500 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
C:\Windows\system32\schtasks.exe
"schtasks.exe" /create /RU SYSTEM /tn FreeDownloadManagerHelperService /f /xml "C:\Program Files\Softdeluxe\Free Download Manager\service.xml"
C:\Windows\system32\schtasks.exe
"schtasks.exe" /change /tn FreeDownloadManagerHelperService /tr "\"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"\"
C:\Windows\system32\schtasks.exe
"schtasks.exe" /run /tn FreeDownloadManagerHelperService
C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe
"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"
C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --install
C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.freedownloadmanager.org/afterinstall.html?os=windows&osversion=10.0&osarchitecture=x86_64&architecture=x86_64&version=6.24.0.5818&uuid=e935560e-875a-45aa-910d-8cb04a4945d3&locale=en_US&ac=1&au=1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6c5646f8,0x7ffc6c564708,0x7ffc6c564718
C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9424 /prefetch:1
C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase2
C:\Windows\system32\netsh.exe
"netsh.exe" firewall add allowedprogram program="C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=ALL
C:\Windows\system32\netsh.exe
"netsh.exe" firewall add allowedprogram program="C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=CURRENT
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
C:\Users\Admin\Desktop\MinecraftInstaller.exe
"C:\Users\Admin\Desktop\MinecraftInstaller.exe"
C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --byinstaller
C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe
"C:\Program Files\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E4 --printFdm5Setting=ExpectingUpdateToVersion
C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe
"C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe" scenarioMinecraft
C:\Windows\system32\msdt.exe
"C:\Windows\system32\msdt.exe" /id WindowsUpdateDiagnostic /skip TRUE
C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppXDeploymentServer/Operational C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppXDeploymentServer_Operational.evtx /ow:true
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppXDeployment/Operational C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppXDeployment_Operational.evtx /ow:true
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppxPackaging/Operational C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppxPackaging_Operational.evtx /ow:true
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppModel-Runtime/Admin C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppModel-Runtime_Admin.evtx /ow:true
C:\Windows\system32\wscollect.exe
"C:\Windows\system32\wscollect.exe" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\wscollect_gr.cab
C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SIH" "C:\Users\Admin\AppData\Local\Temp\registry_SIH.txt" /y
C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe export "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig" "C:\Users\Admin\AppData\Local\Temp\registry_DNSPolicy.txt" /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export "HKLM\Software\Microsoft\GamingServices" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKLM_GRTS.reg /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export "HKCU\Software\Microsoft\GamingServices" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKCU_GRTS.reg /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export "HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKCU_AppModel.reg /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKLM_AppModel.reg /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKLM_Appx.reg /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export "HKCU\SOFTWARE\Classes\ActivatableClasses\Package" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKCU_Package.reg /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKLM_WuPolicy.reg /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\GamingServices" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GS_Service.reg /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\GamingServicesNet" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GSNet_Service.reg /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\GameFlt" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GameFlt_Service.reg /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\Xvdd" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Xvdd_Service.reg /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\XblAuthManager" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\XblAuthManager_Service.reg /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\XblGameSave" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\XblGameSave_Service.reg /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\GameInput Service" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GameInput_Service.reg /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\DoSvc" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\DoSvc_Service.reg /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\InstallService" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\InstallService_Service.reg /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\wuauserv_Service.reg /y
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,10660078961221157139,3823371286035147595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3108 /prefetch:8
C:\Users\Admin\Desktop\Ninite Malwarebytes Installer.exe
"C:\Users\Admin\Desktop\Ninite Malwarebytes Installer.exe"
C:\Users\Admin\AppData\Local\Temp\5fe4c407-6481-11ef-ac6b-ee255df7db21\Ninite.exe
Ninite.exe "b9e27b8069782720e5a5d25fd4f0f964b1022fad" /fullpath "C:\Users\Admin\Desktop\Ninite Malwarebytes Installer.exe"
C:\Windows\system32\svchost.exe
"svchost.exe"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe
"C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe"
C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
"C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Windows\TEMP\{e488cc07-16b3-e342-9a8b-b6ef8d5f4aba}\xvdd.inf" "9" "476c57d3f" "0000000000000148" "Service-0x0-3e7$\Default" "0000000000000158" "208" "C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\drivers"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "0" "SWD\XvddEnum\XvddRootDevice_Instance" "" "" "48fe919b3" "0000000000000000"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Windows\TEMP\{5b894deb-9b8d-8848-8409-aed3fe74d67f}\gameflt.inf" "9" "45e2b811b" "000000000000015C" "Service-0x0-3e7$\Default" "0000000000000158" "208" "C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\drivers"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_25b1fe3637126834\gameflt.inf" "0" "45e2b811b" "0000000000000158" "Service-0x0-3e7$\Default"
C:\Windows\System32\pnputil.exe
C:\Windows\System32\pnputil.exe /enum-drivers
C:\Windows\System32\pnputil.exe
C:\Windows\System32\pnputil.exe /delete-driver oem4.inf /force
C:\Windows\system32\DrvInst.exe
DrvInst.exe "5" "2" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_25b1fe3637126834\gameflt.inf" "0" "4b9547ee7" "000000000000015C" "Service-0x0-3e7$\Default"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\611A36~1\MBSetup-119603.119603-5.1.7.121.exe" /verysilent /NORESTART
C:\Users\Admin\AppData\Local\Temp\611A36~1\MBSetup-119603.119603-5.1.7.121.exe
C:\Users\Admin\AppData\Local\Temp\611A36~1\MBSetup-119603.119603-5.1.7.121.exe /verysilent /NORESTART
C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe
"C:\Users\Admin\AppData\Local\Temp\MBAMInstallerService.exe"
C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe
"C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe" scenarioMinecraft
C:\Program Files\VideoLAN\VLC\uninstall.exe
"C:\Program Files\VideoLAN\VLC\uninstall.exe"
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Program Files\VideoLAN\VLC\
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "000000000000017C" "Service-0x0-3e7$\Default" "0000000000000178" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s /u "C:\Program Files\VideoLAN\VLC\axvlc.dll"
C:\Windows\system32\regsvr32.exe
/s /u "C:\Program Files\VideoLAN\VLC\axvlc.dll"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe
"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe
"C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc6c5646f8,0x7ffc6c564708,0x7ffc6c564718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Users\Admin\AppData\LocalLow\IGDump\sec\ig.exe
ig.exe secure
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3976 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x528 0x524
C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe
"C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Windows\TEMP\{df476723-2b2b-e948-a4bd-3c5f48abdcf0}\gameflt.inf" "9" "45e2b811b" "0000000000000178" "Service-0x0-3e7$\Default" "0000000000000154" "208" "C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\drivers"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_25b1fe3637126834\gameflt.inf" "0" "45e2b811b" "0000000000000154" "Service-0x0-3e7$\Default"
C:\Windows\System32\pnputil.exe
C:\Windows\System32\pnputil.exe /enum-drivers
C:\Windows\System32\pnputil.exe
C:\Windows\System32\pnputil.exe /delete-driver oem5.inf /force
C:\Windows\system32\DrvInst.exe
DrvInst.exe "5" "2" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_25b1fe3637126834\gameflt.inf" "0" "4600a9477" "0000000000000178" "Service-0x0-3e7$\Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1972,9796128681566538883,18089590832239631117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\salinewin.exe
"C:\Users\Admin\Desktop\salinewin.exe"
C:\Users\Admin\Desktop\salinewin-safety.exe
"C:\Users\Admin\Desktop\salinewin-safety.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
C:\Windows\SysWOW64\reg.exe
REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
C:\Users\Admin\AppData\LocalLow\IGDump\sec\ig.exe
ig.exe secure
C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe
"C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Windows\TEMP\{f29d3b9b-f82e-a048-9b57-3670b5941c21}\gameflt.inf" "9" "45e2b811b" "0000000000000158" "Service-0x0-3e7$\Default" "0000000000000178" "208" "C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\drivers"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_25b1fe3637126834\gameflt.inf" "0" "45e2b811b" "0000000000000178" "Service-0x0-3e7$\Default"
C:\Windows\System32\pnputil.exe
C:\Windows\System32\pnputil.exe /enum-drivers
C:\Windows\System32\pnputil.exe
C:\Windows\System32\pnputil.exe /delete-driver oem5.inf /force
C:\Windows\system32\DrvInst.exe
DrvInst.exe "5" "2" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_25b1fe3637126834\gameflt.inf" "0" "4600a9477" "0000000000000164" "Service-0x0-3e7$\Default"
C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe
"C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\GamingServices.exe"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Windows\TEMP\{9041069f-7242-0948-8212-bb85537955b9}\gameflt.inf" "9" "45e2b811b" "0000000000000138" "Service-0x0-3e7$\Default" "0000000000000148" "208" "C:\Program Files\WindowsApps\Microsoft.GamingServices_22.91.26002.0_x64__8wekyb3d8bbwe\drivers"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_25b1fe3637126834\gameflt.inf" "0" "45e2b811b" "0000000000000188" "Service-0x0-3e7$\Default"
C:\Windows\System32\pnputil.exe
C:\Windows\System32\pnputil.exe /enum-drivers
C:\Windows\System32\pnputil.exe
C:\Windows\System32\pnputil.exe /delete-driver oem5.inf /force
C:\Windows\system32\DrvInst.exe
DrvInst.exe "5" "2" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_25b1fe3637126834\gameflt.inf" "0" "4600a9477" "000000000000015C" "Service-0x0-3e7$\Default"
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3fb8855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | web.archive.org | udp |
| US | 207.241.237.3:80 | web.archive.org | tcp |
| US | 207.241.237.3:80 | web.archive.org | tcp |
| US | 8.8.8.8:53 | polyfill.archive.org | udp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 8.8.8.8:53 | web-static.archive.org | udp |
| US | 207.241.239.241:443 | polyfill.archive.org | tcp |
| US | 207.241.224.2:80 | archive.org | tcp |
| US | 207.241.224.2:80 | archive.org | tcp |
| US | 207.241.224.2:80 | archive.org | tcp |
| US | 207.241.224.2:80 | archive.org | tcp |
| US | 207.241.224.2:80 | archive.org | tcp |
| US | 207.241.224.2:80 | archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.237.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.239.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.224.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.237.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| GB | 88.221.135.11:443 | www.bing.com | tcp |
| GB | 88.221.135.11:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.135.221.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 95.101.143.184:443 | th.bing.com | tcp |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| GB | 95.101.143.184:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 184.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| SE | 20.190.181.6:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 6.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.freedownloadmanager.org | udp |
| US | 74.117.181.203:443 | www.freedownloadmanager.org | tcp |
| US | 74.117.181.203:443 | www.freedownloadmanager.org | tcp |
| US | 8.8.8.8:53 | 203.181.117.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | files2.freedownloadmanager.org | udp |
| US | 208.88.224.211:443 | files2.freedownloadmanager.org | tcp |
| US | 208.88.224.211:443 | files2.freedownloadmanager.org | tcp |
| US | 8.8.8.8:53 | 211.224.88.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.techspot.com | udp |
| US | 172.67.29.35:443 | www.techspot.com | tcp |
| US | 172.67.29.35:443 | www.techspot.com | tcp |
| US | 8.8.8.8:53 | cmp.quantcast.com | udp |
| US | 8.8.8.8:53 | 6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app | udp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| US | 8.8.8.8:53 | bordeaux.futurecdn.net | udp |
| US | 8.8.8.8:53 | freyr.futurecdn.net | udp |
| GB | 143.204.68.101:443 | cmp.quantcast.com | tcp |
| US | 104.18.35.13:443 | 6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app | tcp |
| GB | 18.245.143.85:443 | bordeaux.futurecdn.net | tcp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| GB | 18.244.114.32:443 | cmp.inmobi.com | tcp |
| GB | 18.245.253.104:443 | freyr.futurecdn.net | tcp |
| US | 104.17.249.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.chartbeat.com | udp |
| GB | 18.244.161.205:443 | static.chartbeat.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | 35.29.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.68.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.114.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.253.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.249.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.161.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ads.servebom.com | udp |
| GB | 108.138.233.61:443 | ads.servebom.com | tcp |
| US | 8.8.8.8:53 | sommelier.futurehybrid.tech | udp |
| IE | 34.250.232.206:443 | sommelier.futurehybrid.tech | tcp |
| US | 8.8.8.8:53 | eventsproxy.gargantuan.futureplc.com | udp |
| IE | 34.251.46.97:443 | eventsproxy.gargantuan.futureplc.com | tcp |
| US | 8.8.8.8:53 | ping.chartbeat.net | udp |
| US | 44.197.36.28:443 | ping.chartbeat.net | tcp |
| US | 8.8.8.8:53 | api.permutive.com | udp |
| US | 34.107.254.252:443 | api.permutive.com | tcp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| DE | 18.197.222.173:443 | api.cmp.inmobi.com | tcp |
| DE | 18.197.222.173:443 | api.cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | 61.233.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.232.250.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.46.251.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.36.197.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.254.107.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.222.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | 6093eccf-6734-4877-ac8b-83d6d0e27b46.prmutv.co | udp |
| US | 8.8.8.8:53 | cdn.pbxai.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | ats-wrapper.privacymanager.io | udp |
| US | 8.8.8.8:53 | prod.euid.eu | udp |
| US | 8.8.8.8:53 | cdn.adsafeprotected.com | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| FR | 3.162.38.47:443 | ats-wrapper.privacymanager.io | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 79.127.237.132:443 | cdn.pbxai.com | tcp |
| GB | 3.8.30.153:443 | prod.euid.eu | tcp |
| US | 35.241.9.51:443 | 6093eccf-6734-4877-ac8b-83d6d0e27b46.prmutv.co | tcp |
| ES | 108.157.97.119:443 | c.amazon-adsystem.com | tcp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| GB | 18.172.153.122:443 | cdn.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 34.107.254.252:443 | api.permutive.com | udp |
| GB | 88.221.135.104:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | cdn.permutive.com | udp |
| FR | 142.250.179.97:443 | ep2.adtrafficquality.google | tcp |
| US | 104.17.119.17:443 | cdn.permutive.com | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| GB | 108.156.39.61:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.237.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.30.8.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.9.241.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.97.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.119.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| GB | 18.245.143.118:443 | tags.crwdcntrl.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| IE | 52.30.53.126:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | pixel.advertising.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| IE | 52.210.249.45:443 | g2.gumgum.com | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| GB | 23.214.129.249:443 | secure-assets.rubiconproject.com | tcp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 34.196.157.252:443 | cs-server-s2s.yellowblue.io | tcp |
| DE | 18.197.30.174:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | tg.socdm.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| DE | 18.197.30.174:443 | match.sharethrough.com | tcp |
| GB | 2.18.109.233:443 | eus.rubiconproject.com | tcp |
| FR | 142.250.179.98:443 | cm.g.doubleclick.net | tcp |
| US | 35.71.131.137:443 | match.adsrvr.org | tcp |
| JP | 211.120.53.203:443 | tg.socdm.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| GB | 2.18.109.233:443 | eus.rubiconproject.com | tcp |
| DK | 37.157.4.28:443 | c1.adform.net | tcp |
| US | 8.8.8.8:53 | eu-west-1-cs-rtb.openwebmp.com | udp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| JP | 211.120.53.203:443 | tg.socdm.com | tcp |
| FR | 142.250.179.98:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | pixel.servebom.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 104.17.43.93:443 | gum.aidemsrv.com | tcp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| US | 8.8.8.8:53 | match.deepintent.com | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| GB | 13.224.222.60:443 | eu-west-1-cs-rtb.openwebmp.com | tcp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| US | 104.17.249.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 70.42.32.127:443 | b1sync.zemanta.com | tcp |
| GB | 18.245.253.37:443 | pixel.servebom.com | tcp |
| GB | 18.245.253.37:443 | pixel.servebom.com | tcp |
| GB | 18.245.253.37:443 | pixel.servebom.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| IE | 54.171.44.252:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| US | 169.197.150.7:443 | match.deepintent.com | tcp |
| US | 54.157.18.170:443 | sync.ipredictive.com | tcp |
| US | 8.8.8.8:53 | 61.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.53.30.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.108.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.69.95.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.129.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.249.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync.go.sonobi.com | udp |
| US | 8.8.8.8:53 | 252.157.196.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 54.157.18.170:443 | sync.ipredictive.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | udp |
| GB | 92.123.140.19:443 | player.aniview.com | tcp |
| US | 70.42.32.127:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | rtb.gumgum.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 69.166.1.35:443 | sync.go.sonobi.com | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| NL | 89.149.193.116:443 | ssbsync.smartadserver.com | tcp |
| NL | 89.149.193.116:443 | ssbsync.smartadserver.com | tcp |
| DE | 168.119.146.39:443 | sync.richaudience.com | tcp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| IE | 52.215.131.87:443 | match.prod.bidr.io | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| NL | 89.149.193.116:443 | ssbsync.smartadserver.com | tcp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| US | 69.166.1.35:443 | sync.go.sonobi.com | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 44.208.132.23:443 | api-2-0.spot.im | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| DE | 168.119.146.39:443 | sync.richaudience.com | tcp |
| US | 44.208.132.23:443 | api-2-0.spot.im | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| IE | 18.203.167.224:443 | rtb.gumgum.com | tcp |
| US | 8.8.8.8:53 | 174.30.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.131.71.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.53.120.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.4.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.43.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.222.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.253.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.32.42.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.44.171.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.18.157.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.150.197.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.140.123.92.in-addr.arpa | udp |
| US | 70.42.32.127:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 54.144.196.235:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | purch-sync.go.sonobi.com | udp |
| US | 8.8.8.8:53 | pixel.adsafeprotected.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| IE | 34.251.46.97:443 | eventsproxy.gargantuan.futureplc.com | tcp |
| IE | 52.49.93.139:443 | ap.lijit.com | tcp |
| GB | 18.245.220.173:443 | aax.amazon-adsystem.com | tcp |
| US | 69.166.1.34:443 | purch-sync.go.sonobi.com | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| IE | 52.213.92.105:443 | pixel.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| FR | 142.250.74.238:443 | img.youtube.com | tcp |
| US | 8.8.8.8:53 | tracker.open-adsyield.com | udp |
| US | 172.111.38.86:443 | tracker.open-adsyield.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 116.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.205.247.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.131.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.86.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.167.203.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.132.208.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.220.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.93.49.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.196.144.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.92.213.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.38.111.172.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| FR | 142.250.201.163:443 | www.google.co.uk | tcp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | cacerts.rapidssl.com | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| NL | 147.75.34.179:443 | prebid.a-mo.net | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.146.119.168.in-addr.arpa | udp |
| IE | 18.202.87.254:443 | ads.yieldmo.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| IE | 54.239.33.159:443 | aax-eu.amazon-adsystem.com | tcp |
| DE | 141.95.98.65:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 72a752349fbc673687235c2466565ca6.safeframe.googlesyndication.com | udp |
| FR | 142.250.179.65:443 | 72a752349fbc673687235c2466565ca6.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 1x1.a-mo.net | udp |
| US | 8.8.8.8:53 | api.pbxai.com | udp |
| DE | 52.28.212.4:443 | 1x1.a-mo.net | tcp |
| DE | 52.28.212.4:443 | 1x1.a-mo.net | tcp |
| US | 3.218.78.156:443 | api.pbxai.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.34.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.168.78.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.87.202.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.33.239.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.212.28.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.78.218.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| ES | 108.157.97.119:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 38ad1d93d96125d26cc850c4bf4c0e9c.safeframe.googlesyndication.com | udp |
| FR | 142.250.179.65:443 | 38ad1d93d96125d26cc850c4bf4c0e9c.safeframe.googlesyndication.com | tcp |
| FR | 142.250.74.238:443 | img.youtube.com | udp |
| US | 8.8.8.8:53 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | udp |
| US | 3.231.180.165:443 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | tcp |
| US | 8.8.8.8:53 | 165.180.231.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0c4a290549fb9d933d154aa1c91823cb.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 161.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | check.analytics.rlcdn.com | udp |
| GB | 18.164.68.67:443 | check.analytics.rlcdn.com | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | 67.68.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| NL | 185.235.87.107:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.231:443 | gem.gbc.criteo.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| DK | 157.240.200.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 107.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| DK | 157.240.200.14:443 | static.xx.fbcdn.net | tcp |
| DK | 157.240.200.14:443 | static.xx.fbcdn.net | tcp |
| DK | 157.240.200.14:443 | static.xx.fbcdn.net | tcp |
| DK | 157.240.200.14:443 | static.xx.fbcdn.net | tcp |
| DK | 157.240.200.14:443 | static.xx.fbcdn.net | tcp |
| DK | 157.240.200.14:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 14.200.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55044506591ec4938e489886c20aec3c.safeframe.googlesyndication.com | udp |
| DE | 141.95.98.65:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| NL | 147.75.81.235:443 | sync.a-mo.net | tcp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.81.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.159.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.rtb.mx | udp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| US | 8.8.8.8:53 | prebid.adnxs.com | udp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| NL | 185.89.208.11:443 | prebid.adnxs.com | tcp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| NL | 185.89.208.11:443 | prebid.adnxs.com | tcp |
| GB | 18.245.220.173:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | launcher.mojang.com | udp |
| US | 13.107.253.64:443 | launcher.mojang.com | tcp |
| US | 8.8.8.8:53 | 84.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.208.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | widgets.jobbio.com | udp |
| GB | 108.138.217.54:443 | widgets.jobbio.com | tcp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | widget-api.jobbio.com | udp |
| IE | 63.32.161.232:443 | widget-api.jobbio.com | tcp |
| US | 8.8.8.8:53 | 232.161.32.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 8.8.8.8:53 | d2q79iu7y748jz.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1avm1cbyhi830.cloudfront.net | udp |
| GB | 18.244.179.45:443 | d2q79iu7y748jz.cloudfront.net | tcp |
| GB | 18.245.206.178:443 | d1avm1cbyhi830.cloudfront.net | tcp |
| GB | 18.245.206.178:443 | d1avm1cbyhi830.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 45.179.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.206.245.18.in-addr.arpa | udp |
| NL | 185.235.87.107:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.231:443 | gem.gbc.criteo.com | tcp |
| IE | 52.213.92.105:443 | pixel.adsafeprotected.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 185.89.210.244:443 | secure.adnxs.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| DE | 141.95.98.65:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | bfc411239eb181ea5517edda2b6b2ef6.safeframe.googlesyndication.com | udp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | udp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 74.117.181.203:443 | www.freedownloadmanager.org | tcp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 1786035589.rsc.cdn77.org | udp |
| GB | 84.17.50.9:443 | 1786035589.rsc.cdn77.org | tcp |
| GB | 84.17.50.9:443 | 1786035589.rsc.cdn77.org | tcp |
| US | 8.8.8.8:53 | 9.50.17.84.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | b7b52.playfabapi.com | udp |
| US | 20.112.55.18:443 | b7b52.playfabapi.com | tcp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 18.55.112.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.33.209.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 88.221.135.57:443 | th.bing.com | tcp |
| GB | 95.101.143.183:443 | th.bing.com | tcp |
| GB | 95.101.143.183:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| FR | 172.217.18.195:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 40.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | up.freedownloadmanager.org | udp |
| US | 156.146.58.185:443 | up.freedownloadmanager.org | tcp |
| US | 8.8.8.8:53 | 185.58.146.156.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | ninite.com | udp |
| GB | 18.165.242.77:443 | ninite.com | tcp |
| GB | 18.165.242.77:443 | ninite.com | tcp |
| US | 8.8.8.8:53 | 77.242.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| DK | 157.240.200.14:443 | connect.facebook.net | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 104.244.42.200:443 | syndication.twitter.com | tcp |
| DK | 157.240.200.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | 200.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.globalsign.com | udp |
| US | 104.18.21.226:80 | crl.globalsign.com | tcp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ninite.com | udp |
| GB | 18.165.242.20:443 | ninite.com | tcp |
| US | 8.8.8.8:53 | 20.242.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.178.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.216.138.108.in-addr.arpa | udp |
| US | 104.18.21.226:80 | crl.globalsign.com | tcp |
| GB | 18.165.242.20:443 | ninite.com | tcp |
| US | 8.8.8.8:53 | cdn.ninite-mirror.com | udp |
| US | 104.18.42.227:443 | cdn.ninite-mirror.com | tcp |
| US | 8.8.8.8:53 | 227.42.18.104.in-addr.arpa | udp |
| US | 104.18.42.227:443 | cdn.ninite-mirror.com | tcp |
| US | 104.18.42.227:443 | cdn.ninite-mirror.com | tcp |
| US | 8.8.8.8:53 | 168.245.100.95.in-addr.arpa | udp |
| US | 34.107.254.252:443 | api.permutive.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| FR | 142.250.201.163:443 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 76.246.100.95.in-addr.arpa | udp |
| US | 104.18.42.227:443 | cdn.ninite-mirror.com | tcp |
| US | 104.18.42.227:443 | cdn.ninite-mirror.com | tcp |
| US | 104.18.42.227:443 | cdn.ninite-mirror.com | tcp |
| US | 104.18.42.227:443 | cdn.ninite-mirror.com | tcp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 34.214.168.55:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 55.168.214.34.in-addr.arpa | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipv4.am.i.mullvad.net | udp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| US | 3.222.53.170:443 | holocron.mwbsys.com | tcp |
| SE | 45.83.223.233:443 | ipv4.am.i.mullvad.net | tcp |
| US | 3.222.53.170:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 233.223.83.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.53.222.3.in-addr.arpa | udp |
| GB | 18.165.242.20:443 | ninite.com | tcp |
| US | 3.222.53.170:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | iris.mwbsys.com | udp |
| US | 107.23.8.150:443 | iris.mwbsys.com | tcp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 52.24.68.61:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 150.8.23.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.68.24.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 44.207.52.251:443 | sirius.mwbsys.com | tcp |
| GB | 108.156.46.24:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 251.52.207.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.46.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.comodoca.com | udp |
| US | 104.18.38.233:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| GB | 2.18.109.131:80 | www.microsoft.com | tcp |
| GB | 88.221.135.50:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 131.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.135.221.88.in-addr.arpa | udp |
| GB | 88.221.135.50:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 88.221.135.33:443 | th.bing.com | tcp |
| GB | 88.221.135.41:443 | r.bing.com | tcp |
| GB | 88.221.135.41:443 | r.bing.com | tcp |
| GB | 88.221.135.33:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 41.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.135.221.88.in-addr.arpa | udp |
| GB | 88.221.135.33:443 | th.bing.com | udp |
| GB | 88.221.135.41:443 | r.bing.com | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| GB | 88.221.135.50:443 | www.bing.com | udp |
| GB | 88.221.135.41:443 | r.bing.com | udp |
| GB | 88.221.135.41:443 | r.bing.com | udp |
| GB | 88.221.135.33:443 | th.bing.com | udp |
| GB | 88.221.135.33:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 52.24.68.61:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 44.207.52.251:443 | sirius.mwbsys.com | tcp |
| US | 44.207.52.251:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | hubble.mb-cosmos.com | udp |
| GB | 108.156.46.32:443 | hubble.mb-cosmos.com | tcp |
| US | 8.8.8.8:53 | 32.46.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.trust-provider.com | udp |
| US | 104.18.38.233:80 | ocsp.trust-provider.com | tcp |
| US | 8.8.8.8:53 | crl.trust-provider.com | udp |
| US | 172.64.149.23:80 | crl.trust-provider.com | tcp |
| US | 8.8.8.8:53 | www.intel.com | udp |
| GB | 23.211.239.194:80 | www.intel.com | tcp |
| US | 8.8.8.8:53 | certificates.intel.com | udp |
| GB | 23.73.139.57:80 | certificates.intel.com | tcp |
| US | 8.8.8.8:53 | 194.239.211.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.thawte.com | udp |
| DE | 152.199.19.74:80 | ocsp.thawte.com | tcp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.thawte.com | udp |
| SE | 192.229.221.95:80 | crl.thawte.com | tcp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 52.41.235.65:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 65.235.41.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 52.24.68.61:443 | telemetry.malwarebytes.com | tcp |
| US | 52.24.68.61:443 | telemetry.malwarebytes.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e765f3d75e6b0e4a7119c8b14d47d8da |
| SHA1 | cc9f7c7826c2e1a129e7d98884926076c3714fc0 |
| SHA256 | 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89 |
| SHA512 | a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079 |
\??\pipe\LOCAL\crashpad_3788_QVRDFWSLBJRXMRQH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 53bc70ecb115bdbabe67620c416fe9b3 |
| SHA1 | af66ec51a13a59639eaf54d62ff3b4f092bb2fc1 |
| SHA256 | b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771 |
| SHA512 | cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0a7ac57b7854fe54dc2dd9e62312064c |
| SHA1 | f6aae753ef02b873f530a611bbeb1c33e9b267d1 |
| SHA256 | fcab3f91fadad660c33bd93e121cf92d06a1a398bc04f716e9f8eb7aabc84705 |
| SHA512 | fa48bf120c1bcd25b64e13f827beaf62253d5a280236a300527e68990a5a66fc58aca39fbbd388f904715da247db2fae6698d796842478bf48e051960dde0727 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a0ee180cd75eaf8ae9b0f6b3ffbc7263 |
| SHA1 | ebce0d11338d36d7953e95de55ce04f965e8aa98 |
| SHA256 | 2378a667865e18006c9a41f9d938ac4ab57102865eac345f91947b2c926eb2ab |
| SHA512 | ca738f3967ff639c031d300ea1744e27a916a5d1ff9069a509533f9d822517a4bac90a24636f978ca4ba8a781bb11baba8277e6d91865082873705957a794d36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 907743b8bccb11a319c540bcebf0eb76 |
| SHA1 | 545789de4089d2d3d64dbed9922801740336ee50 |
| SHA256 | 247a2c2b6dcf9d12a5a6cd9600a26f7b8a3d0059f8710c877e5452e4c2de7871 |
| SHA512 | fa3579eb1716523bb6f28e6e7e2b4b37f3826dc50c633c2056c97a5719fbfe266282f056fbbf3be82a5b9465f04b9bf81f5d9978742264526f3da8394755ed66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 01ca468676cf5c64f5f4d618fecefb8f |
| SHA1 | a0df9f3054012bd6dc0e7ff41ce9e9dfbb9d1f9d |
| SHA256 | 9c67b150b2cda4dd6978a67b6e9404457fb263fe870ef1d14cd9b48857dc2423 |
| SHA512 | 82c784900b6db0e6a79bc716a2ef2a49722e58ba1456ce3c0a81304e412023d5a678b8d9d6f4b0c5496d0646f7ae45f81589a5b24c88841c6de793d735c71c11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58055a.TMP
| MD5 | 3806ebe0327f0847fd9170971e50e629 |
| SHA1 | 6bd88ebac23fc9e7828f477914182a17d3fb9a24 |
| SHA256 | 2bb1a00cb4d4c07cfd0d43453b4004bbbd90cbe58009803ad6553f62c585ba48 |
| SHA512 | 8ad8deecb3fd40900fddbeb83602741e77f847857fca312084319f02a41866634bd6850c2279645fda931f58fcb63bee3440a573fc0d7259fcc8fdd0aa14ed51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d098daf6b510918ae87c75eb8535c27e |
| SHA1 | 35e2582833954a3507f2588ff46560e5f5d3e96f |
| SHA256 | f645d08e2bb7e8b5f058b8ce7f0d2e51a6b654431283cbf208ebf8e264719ef2 |
| SHA512 | cf5b276c1b7c3f0f15f6c1a6be18f4c9c2e3a5f0b5fc09c1a5997fd34d8774b8b0d6948b4581052a5b45c1579b48d0594895e55028fa1bfc6d4c4cbb6d2179cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 399d06b2f3be759ae5feefdeba5913ed |
| SHA1 | 34d28c0e08279d5a3fe1cc9f6e803408d57e4944 |
| SHA256 | e648705af959341d7ede25827b032ba449ce9afb127e6fa56cd685485540d7b8 |
| SHA512 | 41d57d1884b74cc466028279d483e510898ff58c01c9378f94e9045df15a8431cc55c5c643c1a18f9b8568df94a44872c65a050872aa65573b212dd572c828c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 84c140929df1e15fc64463538915f221 |
| SHA1 | 8ba171f1d2328d8213e3fca7aa229d3f0d7dd342 |
| SHA256 | 121a7250e67da91bb93de8ee9ed95097f47f8319c3bd183e4caa0ae1a433f9d4 |
| SHA512 | f1572a2c38fb9fe0f27cad6dd093a01d63c391e168bfbfdd3b2a79564573b28db724f71af12603849e3533d0b9ca1df95d16d15e8355f2a2d7698d47057db774 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 11fb97d7f768576ca7c0b0d0a66f995a |
| SHA1 | b5f985dbe991df309350fb6653d3f583f8d04a1f |
| SHA256 | 0461bbf60b8f57f5eca72957c78d983cdf644d77cb8493e95b8db181b18fe8a2 |
| SHA512 | 0ef632f106806172128af43a0a9e0354be0660d26733cb5acfe9226c14f84f11300133847c1af6414c1b0eecbe438a746d1364a372498a400c3b310de61cf791 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
| MD5 | 51a2d1b5116e249abb74d876cdb68915 |
| SHA1 | 6baf293834a0b222c3deb5d72500a66ff53a3e93 |
| SHA256 | 1f4cfa0779a35dfc6a738e6ff5927d9d2e782ae7139a1da974a4d1ee61728d75 |
| SHA512 | 20acd5b290bc99ea289eae6ff1ce87ff27075b24b648e71df71171c048ff602e84c799158c4d794efd14631d66d2b7b4d7704b65ed128dbd227fe604f5989863 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
| MD5 | be09cc782fbab1c0d55dc6329fd0fdca |
| SHA1 | 640d9c639cbe1efc77ef91449dca92889396ff8c |
| SHA256 | 123d6df0d977487378daac3e336f31076e295d17473a573c3ae389a0bacbdf4e |
| SHA512 | 23348f79e3f83618f72186e5c5f98f7ab68bf5ed37daf6f87d44cc9e0685902bc439458e1e1a6faa49aa9962f625176e93da42ed138b91cd93a8b4fd872ac888 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | f4523d8f733bb07e94aa22e3e967f0ce |
| SHA1 | f2d5eb2c09d6f0f5b49231d9e90f56266b345fef |
| SHA256 | dd878c0f94c02709e1f1edcd6b7f7b7292c829b2a48dd6af8f01d49da8fb0edd |
| SHA512 | 3529b0410ea4d9ee26f1c6eac1e7f66c34dd5749652637efc92e3f021d74b648a98910e88c05f1e3028a6f28914ffd19e1d8a737ac44e63ad68e7fc30bf339d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | cc6faa75ff23fa36cd0e5cc0ae73c8d8 |
| SHA1 | f414da30a40128347ad303ad0ac545eb0bcac6ba |
| SHA256 | 690cb17e94263cd6bb0ba2710f1f29f62d7238e782e525e7f54f5beb97e251fd |
| SHA512 | c6ba481201b3041efb3f5f09235c5f42721ab5b176c0f73e0f672e9c33ab5898d9552c423cd33ba6fdeb93f83bd2aef402e386c4056c6975a2b3aed21b32e5b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | b303c5ff6532b284aa0a42200149f75e |
| SHA1 | 343abe9dfe0fa38b6dc334f22bd3fc10d05e0a3e |
| SHA256 | 8c1936b5aa429c0545f9b883d259072e37f3be71a3f9f3b59a706f1436c87125 |
| SHA512 | 7f6a591a4c13ba59341efe8f6ceb9a5f573b13b191323a980f4295365f6dc241aca821f37f41b6bb1850b1ce0772d529d5bee42f64f3c0d34d1da7f74b0e02bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
| MD5 | ba564fe03abce36197b88e1f2210802b |
| SHA1 | 1ea8fb0fc84e49cfa3de383393a6f32ce5f74651 |
| SHA256 | 94d1473681cf6dd6f7d6128007bcab45d597ac75cb0132f2fd73e9c82617bbea |
| SHA512 | 67fbf8ffb69e3b331d0349b9ccec87e1a6f162b93cc07cc45ee5ab3b28268e4293e5ab284783b348c207630d8d9e20f8bc52a6b7a22d29016d8f1cc8144aaa86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | 2d6058c6b32501966368d670d62140e6 |
| SHA1 | aa5c18cab000d29ac24010d3e790e4a02aee0ae1 |
| SHA256 | a911d000decc99c2446ff4531a0f86b083e4243f4c36f05d6fe3134170881965 |
| SHA512 | c70f41c326024bb6e7b668b95fa0bb80316ef318cc1bbf474865393612a58a8702d588546032e52c1aecc5db88bdddeff712864e48387d5f051a10255f03d99e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4cce0b8e9e421f609d83c9f0777dd594 |
| SHA1 | 09a1d8bb073216f126c5f9f993ab17b1df30190d |
| SHA256 | 6bf1dd2b88e17664b69a76929d7d7e8aa68b8b35fefba3bce06fd6f3f654a9e9 |
| SHA512 | 787694b617d014944a704efcbe90376a0248e23a5f8852023f78dd9e84b499e726ace3134ae073074e6892644b67ce7063706b8c1ed07bd40d6a08d90e417c62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047
| MD5 | 4cdc37a463c2e3ec5212f8e14e30bb71 |
| SHA1 | c11bf70d2eadf73d8c7f9e57e526fdffe5ff3ea7 |
| SHA256 | ade72b1909f84f252f21ef524985169db489e7cc8e6da12e82f88baedcfec596 |
| SHA512 | 73d0119d150de2910f10ba37100503f42038fbfb6c16ce5afda5c947fa6aaf737a7412555a09c1ab772176d2ae55e2b1b65102bddb9c80e19174bff1a7c86ede |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045
| MD5 | 191e263a68c72b72a53b2664119c585e |
| SHA1 | 027acaf076414e6c138a80ecd6bf59555168cf7a |
| SHA256 | a49d347abb1ce536d7af3a957d0dfe9e2829014e6cdbcba8514d713f169edbcf |
| SHA512 | 5c0c5080caee668561e5b6bd62afdcd5d2190072e55e0140cd2258410381d28a7a4ef889b48f9108b0afdd4f2316cf5cbc244fb980a3544e84f21785a4407af2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1887b031618bc4362f371cc6d1bdc6b6 |
| SHA1 | 824280797e96bf37f3493820ec431f15010ed391 |
| SHA256 | ecd013c8923d5e29090b2650e20d3c0c17665508e976a519ebc09dc713ce6931 |
| SHA512 | 1ecfccdd65faea139e180969dcf3393ee745f1532a728df21f066e94217c56935e45939b12545777bef6cfbb5c6b53ca47c3bc28b4ac6a260695a38ff7dafbe8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
| MD5 | 273dd08a613844891bb43d64f73ad3c0 |
| SHA1 | 2e8534607cc8dccf6eb518e659c1d1585c28a639 |
| SHA256 | 527f1451ae6a087423ead81c010a123635b063d443d5f347ed880f882ae00805 |
| SHA512 | 63d51eff3a59494267777f5b4f5de24694780e710e591eae291234ea5a7d19bef3f67410a170f3f47b5f86bc029515fc4084fe57bdf609877a5dc175d9b690c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e
| MD5 | f08afe5ab5d63edc4e6e4142884b4263 |
| SHA1 | c9e81caa40f90f028931aa230ffeced59dc003bb |
| SHA256 | 345818ee65feef76d40975df2e2e29683b99c8968e3ac9e7146490c7d69001ec |
| SHA512 | ac9491496383f808e5833b5e66cf87da57af45cf58a589619ba99fd88ceb2049c098aeb014f4c317c8f2425e557dcd31cf3e331388e7e0229f131aa6eb99debb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040
| MD5 | a85641dbbc2e737f08a83875d8e7706e |
| SHA1 | 6e4acbef413babea2733c3c689ccfd7788e2091e |
| SHA256 | c274acf372114f67c76a61b7df530b657e371997ba617b000363342c0abaf3db |
| SHA512 | 9b967a390c47d29be598ea89691f9944927ce2335bd4f296402055b9432941707e2a22672e55d5d6684adf0f2e46506749585b51c53b05631e316065af3916c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041
| MD5 | b1e91fd0980d6ab32880d2f84550fc7a |
| SHA1 | 73affbf0deb1391fa00a7db41fad818e2eae796e |
| SHA256 | 85ea7dd8cd02ee72f90c387cb0ab8aa260107a0ceae9772f12752b795de5dfbf |
| SHA512 | 5cac3aeacd14c1a33cc2beccca53e8b58a75280d43d25a67d513b106d7fbedadd9814881123ef524a3ec8ffdb0493c5a70c9fa92d055a40037f5cc6cf855ac0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d
| MD5 | 87d93dc3147b388c7cff165e1491e735 |
| SHA1 | 8da327fe6b239cc2d6ed1985d066362418ae11ca |
| SHA256 | d348fcc510375a274ba569d9183bbebb2d84e0fa4b1e3d0d200c04cc3f1f48ab |
| SHA512 | 1e08aedb17c55b4be2679d545a4f2afc474679eec5352a0821ab4b7aacbe4182412fbcefae886e463621539e9a7a5b5b2d062ac5c779fd52363d309dd5575639 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c
| MD5 | 04fe5010195b5d6f04684b87143d3472 |
| SHA1 | ad7147df5f327aa4232eff11fe969f5975fe39c1 |
| SHA256 | 190099055a7f286b45fa7b6d3e81afa7762b9aa433c0be7a4f6ac61e6b75303d |
| SHA512 | 31f793ea120311dba6fc5199d370b364cd9fde0e32c361cf1574e447cf4d7d98385f2dcf025a39100a5e7a72b23482c02bcf0b8c93f8b343f5a239fc1379e976 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b
| MD5 | 5351bfca15cc66142ed9ec80a4feaf1a |
| SHA1 | f452986eef5514a12d37d7ca0516fec22b21ed99 |
| SHA256 | 6b16e889b7052a09f0687608cba8c8a06f7a71e4e2770ade6fca9b2e494cc67c |
| SHA512 | 01931dbb6e08552e8efc8e098659716f5bf667b52758cf7d4293a168929d8620df81dd074663d273dd2c34fb3acc09c7534096680c3915689927f7ec5cdddc99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043
| MD5 | 7d56fa2df8608abb9163f7fb2a17de7d |
| SHA1 | fdc5406214aa92251240c5db08934f00c3c59e52 |
| SHA256 | cee47f31dd1f847cbe7d2b6add222d5ebb9b4e94537d022b68c4102edfa3d482 |
| SHA512 | e97e8a4eda1d2a3247d9074f162a09be5eae672ccda19ff0f1fd0188c0327482f9697ecf0b73b3ed94a42daca823f3298dd2a2a21efdcd2afd68bf3215ab6e39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e
| MD5 | 681684b98337ff2d590ec8145f8f95d4 |
| SHA1 | a3d12dd3e20be6520c06bda3c188ab58478370e6 |
| SHA256 | 6ed6c1fd7cf2572a27b0de9b5797bda243394eef1cce39c5583b9aa8e9b6ca26 |
| SHA512 | 0743b836ce01b920723eb59e79ceffe2a068ec1dfb55523ac7850ebd9c432788677f0327c9ce8b27aa60d9d8e9294b08bdda53c20651f38f1cb0be073a859a2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9af9337089e4081_0
| MD5 | b71cdd4a8adf32d946a8514f2513a00f |
| SHA1 | 1fd1bde6ba9432e9611e04477bf30ac3e3825098 |
| SHA256 | a721c6fe557a53c180a57f03309bc8ce8eb67047377e62fc32bd7d97985a14fb |
| SHA512 | 28cc99a9adc590b875a531a6e5012a7e600242dd21ff4415c1c743b45e61eed5e9f2b50138d827c8c1aadc05e14ab9c98087162ed8cde4895255b002ed11e64b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\422a0e2dab5d558f_0
| MD5 | 66ac3043923a124e507da16183133d06 |
| SHA1 | c36c4f0d6ff877313225f979cb1a42094129ee93 |
| SHA256 | d52946661a6112d83b02e50f2883acb3926546bc0efa8c188a29e79196ed2f2b |
| SHA512 | ecfa919f6bb28870c0477fbb15f4c6f881a484ad76b817e752a3fd241b8b0571ab3569f1d77252fc3d408e8d646219993c5cdcf377b36ce1323c028ac4bdd517 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a8f5f7f80097026c_0
| MD5 | 442e979381b40e9b75cef6b8b55c0021 |
| SHA1 | 0397ce5abe5cf7e69157907cb4e0cf56575d0875 |
| SHA256 | b51ea21a4f084f6d90010f5c27d26d2543b2b7d73cbc086ce11877bd42b64434 |
| SHA512 | b9fcba0eb6a2a1e65b7a38cfeae2887f4f9c7cbccdf6c1c0fe93d3cbefc5779488386bd996de75f6c14d0a115007d5abec0d3e8bfc3ce6aad654deda599325ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14e10ca3f92a98a5_0
| MD5 | 2b7e53c302e2dc866a68531d39f98a8f |
| SHA1 | 0b276ce55b9c52d7fc83f9381df79901da1edf2f |
| SHA256 | 065e3fbfb417e5775db89425d5c8165877ff0c2ff7e78a4d4666a87049a2edf3 |
| SHA512 | 7b08d59fd66944070f853d7b7d1d9321d3996048640283f16ee524d040e1893b58a695d4226f9b41ff05c9a8809d224c7a97d438559bb92e1d1d329567d9ba3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f74e0c5b064bca24_0
| MD5 | 62b68f15b173d7dc0dbe6ad24659f91a |
| SHA1 | 6c675343c955bac572497df1ee6a258912f8df1d |
| SHA256 | 2773d7ef9c9766cbcd1b473f57c08edc1ed944cc9a8ffd39480f518029947e1c |
| SHA512 | 3999a22bff52f914bb686b56c7386fd032d2b361471599da7290f9730882d60e3c39eb638a5fb8c98574e804eedd99fd65de8630dc1d528a6f8061ae620c5620 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d08126aeff01bdd1_0
| MD5 | d74f743e1b52ebb59f13cb571a6a0046 |
| SHA1 | 0f0f0e113b97ae01c639591551785f0804e6b85b |
| SHA256 | 17af707034aa4abb01a7de807755d9cd177d69e90477fa4ab2350e900c938f87 |
| SHA512 | 9087cdb3fcd399fdd1ed3a23165fce4b76a6962ed0463a459097e6df851f417fc85df5cf5c34b11afb7ec6f3d8dbd325c835b5f67512cdaaf6cd10d9fa668a82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b0c796b45a6d70a5_0
| MD5 | a3fe150437affe93e0857173a3f4a250 |
| SHA1 | 9166073cd0199ff14b8d7d25d23b6976440c08e5 |
| SHA256 | 86dd79d18707071c4cc99e70fa19794f154cb75ffea3b08f7243ea912d6c7068 |
| SHA512 | 1fb0644ad03634abc1252e6fa692c637c8d7828e46a82b91559c1c95c8b4b99398daf5390d7ab20f0898e3766dfb277ea5547814cebc34d3e070e2bd233e9d23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\98799f4f20d3323f_0
| MD5 | 1fb13edc26f1128e1d05811161199a9a |
| SHA1 | 0b3862f9cb2a3fc2b4fe206d3fee835aaf3455cd |
| SHA256 | f221b34f02e4bafad24e5d3a1852992402c6234eee9bf1c84d9b111e06025422 |
| SHA512 | cd116051f3e19abfee126c7e3eb2902a3f597619203b6242a9eb058e749202ba65333415f20e74cde9d538e6057bff6c6bcf7eb52fba054d07d1a69369327358 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.techspot.com_0.indexeddb.blob\1\00\2
| MD5 | 2961985f3deddf360ae819ec99ad82c6 |
| SHA1 | d19191a69cfaca750d5950d4fb92a75870906ae0 |
| SHA256 | 310ead3cbab3fe89020ee5eed112bb2bc7182176f18a524ce6a1e7b63efee3d0 |
| SHA512 | e902cf96a9725db3b40ddd93cddcb2a218e0307c400f12a089ad43bb126f3986095e60e13fe665ac2dde205369663ec12297dc8a3e1621bc38d6fa812f75ac39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f
| MD5 | 9708e5224c10eb91f435950128a72070 |
| SHA1 | cc66f87dad487f1db80dc78942a7016d26725ae9 |
| SHA256 | 834c60d1648bb2b2c84ab278eb0690ffdbd6f9dfa393d561eb38aa026dbdef8d |
| SHA512 | 8a7a126e028f6def7f03d4fc69831c2bccabebc48b7d97b816eb263a817934b8db1beb9baf1763ec7421640ef594e0a7fb65ef21cbfdadd90c3c88332f4022c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3bff5d43564983c65434c108f57660fa |
| SHA1 | 24f403f9ccc25b0520f910071cee4bad90e4f942 |
| SHA256 | 138479c40f27c49bc66faba01c3ab07077838fa029699bfd2920834227295f31 |
| SHA512 | a9cab81a44ab5d001064fe6cb7ad4605667b99f0ecd24eea9d20809d3fe7ecb10873af3a8356cc2058da669afc39402d1f4f04382cd056335864a008d2b332b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5f3181a640afa7b0b140c167ec1fdfa3 |
| SHA1 | 945bd479716469a2b18d91f8438a95e1ace589ef |
| SHA256 | 5e0e804fa0944dc643fe222c5c5d1446d1d2e56a0defe0ee02007f0537a2bca5 |
| SHA512 | 74f113f40e583f8de7577542bf5d5686b811905606c131ea64d6404b59581e6f3bf8579e7d86b735d5d1d4bb64ffec02e1d7fffc5fe13dce0ee1daf81dd4e148 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e
| MD5 | 6fb26b39d8dcf2f09ef8aebb8a5ffe23 |
| SHA1 | 578cac24c947a6d24bc05a6aa305756dd70e9ac3 |
| SHA256 | 774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059 |
| SHA512 | c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5f06880b26501ddf466bd9a918735c23 |
| SHA1 | c266463340dab1bbf3d5b2fc01e06c8aefb924e4 |
| SHA256 | e5b7ad104d789f3d8fd7108bb33e6b24a2caf0733b7520f3e9eb5f5c8a142b3c |
| SHA512 | 8f5370949f9181a7c17ddc1cad1289a186ef40f2e22911d6e79d04e0b5e008cf37a06f43c0aed281e4b487c4452dca334ed988fb7a885753a5beb50425e65af7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8490503f-0949-48b0-8611-2306bcfcdcd1.tmp
| MD5 | 30d3187d5bc03d496a70635f28b544f0 |
| SHA1 | 0b9ea04d1dfc9b7a6d1b4320d937a001c9792e05 |
| SHA256 | 637d152261ff3d56d933ee64c5120d697ea1a197e52d9cf229e2001f8d7545ac |
| SHA512 | d66dfe06e9c683a1f4e11c0aa2ae2eca95ffd75f8e8be133c41ae590d43e6e54457d15a4eadd9bd9610e01fbc3e924fe39d645c4299b565552065dbfc48e09d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ca856ff40491659c7772c3eb6f704c7d |
| SHA1 | 84ac4a98f2b2af400fcddf00f34203e1294437b2 |
| SHA256 | 5cf718ab9e9c713b5baeeb04ed92c98466639f0c0ef8bd09059606c1f7d36e8b |
| SHA512 | 3d7ac5947293dcbc762712c206ebf046d4bebfccb47923b51b792b373e9f77e17a90c416ce75b4e41dff634dafeb310c436174bf3877846543260a5152cb9b42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | abf3c5b7b078265e39f3036ada17d9c5 |
| SHA1 | cf362eeb52c27259d8d284b9823b6499feca4ba7 |
| SHA256 | d556b91355759d931a51edc1ffc6462e01f0a0c17d5df0a3960a52fd69a7013a |
| SHA512 | 833f37b1f1c7ed83e2a71d74551b8a02c509c861178e90c1875a28b15db5cb3e4beb00434ae383d00502d118d256d30eda057c62f6172f0ab6a1e9e62158edc4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\57a68b7534ac6b24_0
| MD5 | dab9385a69fd96adb646f25feadf34e0 |
| SHA1 | 266bc9191650837b8dc1c1396c044807ed8aebcf |
| SHA256 | b837ad414f933e02a3498916b555f88ceca83d355d8213c62c1a2dc2e63b3091 |
| SHA512 | 8a853fdc25ce4fbe0cfafcec3235243504ffa98206a1bec67da93272a5a4848da89c0f3158980f063cc97159fd5b4d1342b4819d190edadfdebcc791276854ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | de168edaec9d6ddf84092f9abcacd46d |
| SHA1 | 7d2aa339ace78c2d2b0e3660604c2c0d51be79f9 |
| SHA256 | 72f5febd636db86a77afdadf59b54ebc98bfbd0f672bcc49999c595749966e00 |
| SHA512 | 7f469ac9e75016b7e5998e497dd0b1ab59eaeafc745d18faffbe9d53ab7754e004a2c090bbdb0bc401bb4e97159fbb3eed1b2ffe2564453dff0eb169508dc24c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\412f73756540e146_0
| MD5 | ad9722c01177cbb8fb45d5c3f21d71ea |
| SHA1 | 2a04923fddbed25a4634b496a90f7ef19b291872 |
| SHA256 | 6baf24a96f72acaef5b3e95dd488724a19f4e97452f96f2e6c33cdb837f22423 |
| SHA512 | cdeebef7d152bd21d327ff82e3d54078fa54cd6d34385b39a1b6f5529b908a196fee8b8b8067271fbad04dc778dcd90c0d909a897e7a4a6f6db2af4fdcda0151 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e058b975b812cdc_0
| MD5 | 07210fd94a0270ab1197fb2ae78fdad0 |
| SHA1 | 665cac798d6693ec079030cfd4264c6d69279bfb |
| SHA256 | 6ae4f57057f15b3ce2d029bd214a1d9755a4e35009de9765cb5a0c4629c783ad |
| SHA512 | e51fb004b2af0482b4267a1d482afa06400607290f6a6b41f06284a541ac1f429b68aa5f25663fc2e18721a021af20d2962e993f9d676cc9495f631bc4e6ad32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c5b3e154acf23549_0
| MD5 | 8ad307bdc8e28422ffe6907bc3a7906e |
| SHA1 | 8f14f247f17a260f4998374bf470fd8463c94f26 |
| SHA256 | 64630144d51ea514c90ef214e463bd3ec06f6eaf1e31b9d266857446294ee303 |
| SHA512 | 4513277c6bf8eb3d6f82de251d54a874fd84850d8fd2bd7fb94845da2548ea2ac39ac6377c26d4b1cf562937097d2dc38fd722b89627c16070c4025777758382 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\027d34b85f81cc26_0
| MD5 | 5363257e40972592de5e4f99ed1745fe |
| SHA1 | c5708f3124f2e6c8a51c65e1066fff296dd9b4a2 |
| SHA256 | cfbef6d9f72f5f4a6fda3796b0c6045c14d4c1c946ef6eff41edb5427e4e3dcd |
| SHA512 | cb7f92d832ff587f9e2df52419f9ef5be04981492b342bd301cd36bb8243182a249182a4a7252bc3a23cd8857da61425f0d5453afa189c9870d3f6731abddfaf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a7f96a08636aab1d_0
| MD5 | 2a0df3ce887cbd95822b68bc8c08021d |
| SHA1 | 04d12e1a9adb638e731d2c12d5cd2c15b990b86e |
| SHA256 | cd242de37bb63e4217d2af4191f9066ef55672c06a32959bff9c96f3745934c5 |
| SHA512 | e979dc7de28f55f9e63898491a7b6ca66a346a18e02d0674da69d1830399fb8ec97d43413b609340ec4fd1ac36b328c0d91684b6f3ebb23497b6782d4e6e69d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0ef160c784372fdf_0
| MD5 | 6097d0d012f98add0d2141655293246c |
| SHA1 | 034578df549eb4ca015d87f78160ac3be90b57f7 |
| SHA256 | 4a6e00eb086cb5ed20018b2e3c2f404f1d01773fc1531a7fafcd26b96210aa5f |
| SHA512 | 5d3d4330b63628371827f88ed0c20584c575592a6a02565ad230c42f99b612a3a455a24a3cabd8a164e28209bbee47ac722a9fe308f5769fd5403094f116d99a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3c70cc807c17432959a75d739f2262c4 |
| SHA1 | 7969eaf0028c69cd2493e026dcb845255ae2a3a3 |
| SHA256 | 3c808fe55b0fde249b7d9acf80f8d9fa50030ed2c016c36e52c8cf97892ebf4e |
| SHA512 | 781cb055d0454604d02d5bf6c48405780f252366b1c53f3b5fccb0e3b1b1ef8c6dea42b9d2c96e62fa20e09997a875be94676b77d8ad6bcfbb48077005b646b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a
| MD5 | 6b04ab52540bdc8a646d6e42255a6c4b |
| SHA1 | 4cdfc59b5b62dafa3b20d23a165716b5218aa646 |
| SHA256 | 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d |
| SHA512 | 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c
| MD5 | c03ff64e7985603de96e7f84ec7dd438 |
| SHA1 | dfc067c6cb07b81281561fdfe995aca09c18d0e9 |
| SHA256 | 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526 |
| SHA512 | bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059
| MD5 | 1aca735014a6bb648f468ee476680d5b |
| SHA1 | 6d28e3ae6e42784769199948211e3aa0806fa62c |
| SHA256 | e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a |
| SHA512 | 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000010
| MD5 | 913728da90cf90d8e78af59c60b47c3d |
| SHA1 | f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e |
| SHA256 | b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82 |
| SHA512 | 3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974 |
C:\Users\Admin\Downloads\Unconfirmed 474048.crdownload
| MD5 | 941b2703dc769f8c1aa20a7535028a23 |
| SHA1 | 48e8f52f1957ee2731f4f6150542692d4fa3f0ad |
| SHA256 | 5f287f5fac2dd83db14696edee635373fd5f3a4d3968a10528255409c1fbb29c |
| SHA512 | d78cbaea27cc7262b969be54002a391296cf3869258b2edbcdfdfd93fe08c326c690aebdff79807cb4f05672c6e133301e232ce1199196e22d848d3d93d4f9c3 |
C:\Users\Admin\Downloads\fdm_x64_setup.exe
| MD5 | dded481da831784a00d556a1280c124c |
| SHA1 | 48b40f82f66dd678f1c2f4c1298eaae2875f75e6 |
| SHA256 | 2937de2eb7763851d644e637cb7d7375fd69b218beeaceedc46254ac388203c7 |
| SHA512 | 78dd1b42e918e9670edaaecd1765fb26e349ab7a5bc7b4dc3b85bd387f073a8ac0a4abc6b8a50d5b3cc6cce753cc8745b26bd47b42953723b21b949e7956cbcd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f71709c69674bbd23a166ed02f20b8f8 |
| SHA1 | 8bc7c786880a0e7d6d89db600d2ced756bb54252 |
| SHA256 | 3d7f816c2379b58b6e881092fd65b59684a64c0605c2488346350cc018462b36 |
| SHA512 | c8c215330386274fa9d050fe007e02f4c52f02b0bab6f116136c31f5937a26400ea4d419d19a82e3d16e80e91378a6ee717f29799419597f568cb23a9d346c9b |
memory/5744-1453-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 98e11a420efc88d65756c47ca93813db |
| SHA1 | 79dbac03abe102a4d09e10b6bd189af69ccd8233 |
| SHA256 | 3f0b843fc8105f6b4dd962bdb3e9b017f5eabb04f804645e79ae60f1f2caf6ab |
| SHA512 | eb2fda9c8d0e254c8b94781294a4ef0c181fa799a68283c8dc94704ed7df16a90f93e6c5dcbb1bfc57dfdc791910e19d3351668b837ddee0f9fc5747ef7721d8 |
memory/5744-1478-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e722e08cd2d716d51510c5f0b377b66a |
| SHA1 | 65dbce032859058bb752998b5de77052f935ff5c |
| SHA256 | dd37f625820728b6c4833e89850cf83050d973e91d8e164431c116ad5dcf4f7d |
| SHA512 | d57f61aa6ee31c52b757b0ccc5cd8053989e3ee434e2d236fcb96b5ff97118310a8289339b840e4b5ca6a13c166c9177cc8951d519102b3068f9ae3ede29b4c7 |
memory/6244-1488-0x0000000000400000-0x000000000071C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8d06b38fb5d380ff0cba7016b3131eb2 |
| SHA1 | 3f7198ca9022e377e8312dff70adc022d4ebfb03 |
| SHA256 | 2d657c388245364586551dd2106b7811e9e496c7c4a218ec049eb6f3c12adce6 |
| SHA512 | 74eaa4de5f26dc3341be2db2bc4c791f2758490f0920b078b00f4a109256a4ed1b194dd1dcc9c8c06a213c029db035244c1de651ba8e36a4f64d2712482b138c |
C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Universal\is-DA039.tmp
| MD5 | 63340c8fcb71734ce4bbac29a86821b5 |
| SHA1 | 0cfd02b3e95fa482cbd4bd83b0f2d9214acc9709 |
| SHA256 | 78b5fc58e6d881d16351e92d32b8cadea6b14fbf8c20c1bc7e56d02946467ae8 |
| SHA512 | fe035bb77a32d0fe9d4983d90c65d4c2600a019ac20743dbec409f29ffbfbecd8bca2d15abfffb2e71b77e3c105e248627a176942cdf9d7b98ed9113e6f73ba0 |
C:\Program Files\Softdeluxe\Free Download Manager\qml\QtQuick\Controls\Windows\is-TRRL8.tmp
| MD5 | 2006d4b7d0da455aa4c7414653c0018a |
| SHA1 | 6685b8360b97799aa4d6b18789bf84a343e9e891 |
| SHA256 | a96c7bf5832767bdc9d91e2290a3920aec3abfbf2e3814bce38b49483f16f84a |
| SHA512 | 703804e6fab0cf44317b7292c547a1348e2e7395e4b71367c32c3b097bcfb3344d3296179bf4ba33a4c752ae58a3873af57d8cdef35a34564205356bb4e6fd84 |
C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
| MD5 | b6eb17081c138903a98f4daddc5356ec |
| SHA1 | 95338c82ca76629178c342fabbcaf9fe8ad707cc |
| SHA256 | 88553acc42f9e638fe19771e0cb2badbe28f569583195d9306c8a8ef6343e297 |
| SHA512 | ef9242cd41585318d5daa47ac8cffc956672549f4ce9238db6227fa64ce800a7b64a25cd7b7175e3b1769f29fbc37e4b18c28375159eaa3bf294c1a48588e01d |
memory/6320-2952-0x00007FFC57C30000-0x00007FFC5825D000-memory.dmp
memory/6320-2954-0x00007FF730E90000-0x00007FF7315BA000-memory.dmp
memory/6320-2955-0x00007FFC576E0000-0x00007FFC57C25000-memory.dmp
memory/6320-2953-0x00007FFC576E0000-0x00007FFC57C25000-memory.dmp
memory/6320-2956-0x00007FF730E90000-0x00007FF7315BA000-memory.dmp
memory/5304-2958-0x00007FFC57C30000-0x00007FFC5825D000-memory.dmp
memory/6244-3053-0x0000000000400000-0x000000000071C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d8b18550369ed313c885fb362896ae2d |
| SHA1 | e97e54ceaf69ea4e5bb50b543f3616b9f1dbbda4 |
| SHA256 | 4ae4991eea4a6a99c84070532417eee3aab203527f639fd0a76d668b6b1ca3f6 |
| SHA512 | 38425ec6e05a01ba2e3176db72d931593dde986e20961af6a987e0c1b6d1f4068616d2cdceb8c6230042e57addf1b46715d77e51e5f97508aae1e06aa709fa98 |
memory/6820-3075-0x0000000000820000-0x0000000002876000-memory.dmp
memory/6820-3076-0x0000000007590000-0x0000000007752000-memory.dmp
memory/6820-3081-0x0000000008220000-0x0000000008228000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7c56008da241f4fdb66284bc97f24d82 |
| SHA1 | 6a3975b3bd72a542b8603af6d23e2cf8f9a253a2 |
| SHA256 | 22d70d16780b749cecad18475070baaa464db4df854a0dd9e16d4899f43c87cf |
| SHA512 | e147cbeda1cc74dc1dbcaf05a34858469588331a3f6308a3db453b382d770f61dad9ce6fb142a53bee189f9ebd5f884ddc25f1bb26057cec2d9ca41f6a8e0a73 |
memory/6820-3094-0x000000000AE30000-0x000000000AE38000-memory.dmp
memory/6820-3095-0x000000000B360000-0x000000000B398000-memory.dmp
memory/6820-3096-0x000000000AF10000-0x000000000AF1E000-memory.dmp
memory/6244-3098-0x0000000000400000-0x000000000071C000-memory.dmp
memory/6604-3100-0x00007FFC57D10000-0x00007FFC58255000-memory.dmp
memory/6604-3102-0x00007FFC576E0000-0x00007FFC57D0D000-memory.dmp
memory/6604-3104-0x00007FF730E90000-0x00007FF7315BA000-memory.dmp
memory/6604-3103-0x00007FFC57D10000-0x00007FFC58255000-memory.dmp
memory/6604-3101-0x00007FF730E90000-0x00007FF7315BA000-memory.dmp
memory/6244-3105-0x0000000000400000-0x000000000071C000-memory.dmp
memory/5744-3108-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/5984-3137-0x00007FFC576E0000-0x00007FFC57D0D000-memory.dmp
memory/6604-3145-0x000001A9A9250000-0x000001A9A9692000-memory.dmp
memory/6604-3146-0x000001A9A96A0000-0x000001A9A98A2000-memory.dmp
memory/6604-3591-0x000001A9AB3E0000-0x000001A9AB3E1000-memory.dmp
memory/6604-3589-0x000001A9AB3E0000-0x000001A9AB3E1000-memory.dmp
memory/6604-3590-0x000001A9AB3E0000-0x000001A9AB3E1000-memory.dmp
memory/6604-3618-0x000001A9AC4F0000-0x000001A9AC4F1000-memory.dmp
memory/6604-3625-0x000001A9AC4F0000-0x000001A9AC4F1000-memory.dmp
memory/6604-3624-0x000001A9AC4F0000-0x000001A9AC4F1000-memory.dmp
memory/6604-3623-0x000001A9AC4F0000-0x000001A9AC4F1000-memory.dmp
memory/6604-3622-0x000001A9AC4F0000-0x000001A9AC4F1000-memory.dmp
memory/6604-3621-0x000001A9AC4F0000-0x000001A9AC4F1000-memory.dmp
memory/6604-3620-0x000001A9AC4F0000-0x000001A9AC4F1000-memory.dmp
memory/6604-3619-0x000001A9AC4F0000-0x000001A9AC4F1000-memory.dmp
memory/6604-3617-0x000001A9AC4E0000-0x000001A9AC4E1000-memory.dmp
memory/6604-3616-0x000001A9AC4F0000-0x000001A9AC4F1000-memory.dmp
memory/6604-3614-0x000001A9AC4E0000-0x000001A9AC4E1000-memory.dmp
memory/6604-3613-0x000001A9AC4E0000-0x000001A9AC4E1000-memory.dmp
memory/6604-3612-0x000001A9AC4E0000-0x000001A9AC4E1000-memory.dmp
memory/6604-3611-0x000001A9AC4E0000-0x000001A9AC4E1000-memory.dmp
memory/6604-3610-0x000001A9AC4E0000-0x000001A9AC4E1000-memory.dmp
memory/6604-3609-0x000001A9AC4E0000-0x000001A9AC4E1000-memory.dmp
memory/6604-3608-0x000001A9AC4E0000-0x000001A9AC4E1000-memory.dmp
memory/6604-3607-0x000001A9AB3E0000-0x000001A9AB3E1000-memory.dmp
memory/6604-3606-0x000001A9AC4E0000-0x000001A9AC4E1000-memory.dmp
memory/6604-3605-0x000001A9AC4E0000-0x000001A9AC4E1000-memory.dmp
memory/6604-3604-0x000001A9AC4E0000-0x000001A9AC4E1000-memory.dmp
memory/6604-3602-0x000001A9AB3E0000-0x000001A9AB3E1000-memory.dmp
memory/6604-3601-0x000001A9AB3E0000-0x000001A9AB3E1000-memory.dmp
memory/6604-3600-0x000001A9AB3E0000-0x000001A9AB3E1000-memory.dmp
memory/6604-3599-0x000001A9AB3E0000-0x000001A9AB3E1000-memory.dmp
memory/6604-3598-0x000001A9AB3E0000-0x000001A9AB3E1000-memory.dmp
memory/6604-3597-0x000001A9AB3E0000-0x000001A9AB3E1000-memory.dmp
memory/6604-3596-0x000001A9AB3E0000-0x000001A9AB3E1000-memory.dmp
memory/6604-3595-0x000001A9AB3E0000-0x000001A9AB3E1000-memory.dmp
memory/6604-3594-0x000001A9AB3E0000-0x000001A9AB3E1000-memory.dmp
memory/6604-3593-0x000001A9AB3E0000-0x000001A9AB3E1000-memory.dmp
memory/6604-3592-0x000001A9AB3E0000-0x000001A9AB3E1000-memory.dmp
memory/6820-3752-0x0000000007E00000-0x0000000007E0A000-memory.dmp
memory/6820-3892-0x000000000DD50000-0x000000000DD76000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe
| MD5 | 8a4e72a29c08ae2cd13bc8ec414b8fc6 |
| SHA1 | 26f8d73bc6f5ace5cec6e3652fc6410a71298498 |
| SHA256 | 6513546697c3c9deb50d8dbb0cc9aa0be55487538ed482ec16b6264579de1539 |
| SHA512 | 77eba566c65de1327bcacadb1483f538b4e5da67c3607398d745173ade25e987f59524a5ecf065dd5f95e26654cbb5a48dc80fae995d5d2dd63c63b2cd98fb98 |
C:\Windows\Temp\SDIAG_52a7414b-6e5c-410d-8874-9dabc91c6a7c\en-US\DiagPackage.dll.mui
| MD5 | 84d58b706a4a16e582a140f72110b7f5 |
| SHA1 | bb7a3f254dde61f948417eabdc5a0883d102d873 |
| SHA256 | 4b012aeaa40324691c6af926d5bb27409232fe8c484fd295d64925fc36f31060 |
| SHA512 | 9f520c9d00586d9fb8a87b904d75616ca18b6dc3badd1db71ee85236a6bba459d56eee6ba29ae8cd2139fda8e5df961b232ad87a17fb4dbe61dd4422d804c508 |
C:\Windows\Temp\SDIAG_52a7414b-6e5c-410d-8874-9dabc91c6a7c\DiagPackage.dll
| MD5 | 458bc0d439cb0d955120ae319c6ed91b |
| SHA1 | b8899daffcbf912462d7e089d126d664c1a40216 |
| SHA256 | 9454ec899ff78ff14c4c5137ba23d99dfaba079c629afd790640d0f07724201c |
| SHA512 | fda4a2641db70fabc10d73dc28dc13f3b85140a382e032fa7a46abd5eb72e076f96794ccbc0f344a0cc88222fe27ee527a3587eed286e3e3db338824950369c0 |
C:\Windows\Temp\SDIAG_66d56760-0e4a-4caf-9492-940dab2b1a2b\en-US\DiagPackage.dll.mui
| MD5 | 2ad9d1abe41ad048186f196b58fd8e9a |
| SHA1 | d9c66f6ef89ad126ef2bbb36e0bcf6fc8a0e34af |
| SHA256 | 9b9acb69e01f79160d368cdcd8a4dc81f18da6398f920b6f663938171f5f718c |
| SHA512 | 4c4e1e5bbe173dfd37c65fff64a029883b2f719a360a9f5ee0772b304a518839605528b97b1ac0319b79a6d7f284767ad6c04b3b769559e2b14600c467947d61 |
C:\Windows\Temp\SDIAG_66d56760-0e4a-4caf-9492-940dab2b1a2b\DiagPackage.dll
| MD5 | fc7504df42668c2918657d1b9a3102c9 |
| SHA1 | 5f9a70a31678e2e8b9a10849ea8657702d0cb53d |
| SHA256 | 159c4d4621f4ce1f4da14246401d85a00b40c0090fd0b2640446a896127ac646 |
| SHA512 | c844f9e5ba72eddc6aca73e09214bf8372ee5676124077983b78b10b9830a5e5eabd9c9fff2650858836f995ea79b1f0502609a428797b838ac7cda3f627c0da |
C:\Windows\Temp\SDIAG_25e3026a-438f-4acc-a1b9-713ed4da33d8\en-US\DiagPackage.dll.mui
| MD5 | 44c4385447d4fa46b407fc47c8a467d0 |
| SHA1 | 41e4e0e83b74943f5c41648f263b832419c05256 |
| SHA256 | 8be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4 |
| SHA512 | 191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005 |
C:\Windows\Temp\SDIAG_25e3026a-438f-4acc-a1b9-713ed4da33d8\DiagPackage.dll
| MD5 | 580dc3658fa3fe42c41c99c52a9ce6b0 |
| SHA1 | 3c4be12c6e3679a6c2267f88363bbd0e6e00cac5 |
| SHA256 | 5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2 |
| SHA512 | 68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_edvuteqx.hc4.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/7660-4842-0x000001F5E0980000-0x000001F5E09A2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 12f12db652255d7ac3f55f481b50c56f |
| SHA1 | 8c3aa029792ca6b1f19302cf8cd9c87271d43ecf |
| SHA256 | 0f0a9aa15f74324f88163a501a87d573bc0a8b96d6f6a5bfbfd2e5be7c4c8c5b |
| SHA512 | 4f0672d4f477640cd5a1425ac647db38afcc61c65205914fd2d65b86740d7cb9cf8631ed10239e585c18bd30137db06c2d7f3b14cca0f10a0e47044ae9a7a6fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 845dbe196052a74a74a8348a20790fc1 |
| SHA1 | 843492637834cf1d5c295a41d6aa5ca19975afdc |
| SHA256 | 6206aa4fb788e4db633548797b0ea2f07036ad2379621ab9056134611399c590 |
| SHA512 | 582808019a0493f3c6e25784a1a6ce29b0f1356f4620723019e3413583f46a16d180b61f5fa770612bc69d3e4b0cf418d49b2b031b13f06ad0ede24d1f24582f |
C:\Users\Admin\AppData\Local\Temp\REGBDB8.tmp
| MD5 | 5acec2efa94951098cb1b322324c1dea |
| SHA1 | f543cf2acc2e30cffe9c27ed0fb8fefe47021180 |
| SHA256 | 4b8c95f3882d9ecc0f3eb3655b44f4ebae56b7bcfc8487af7c8144140d713e2d |
| SHA512 | b65f95e8b9c5abab040f55d9c89a888a4ffa622ce9333fd0055d8b7ef7ac83b6cbd9db2164d4419836d2fc3fddf8d23af80c5315a0e6fc30d05b30e6d6e40b77 |
C:\Users\Admin\AppData\Local\Temp\REGBDF7.tmp
| MD5 | edcaaed49057b04d804ef38622dcfeca |
| SHA1 | 200458ae3a380983860136acca9b18d62c5bac76 |
| SHA256 | b9532ca922a984f207d3a82499308fa038e1d78169b534b8d7fc116aefe5a05e |
| SHA512 | 052065767b3bf96cf1314dd8c42940ace0d256eb7f536de0b642f5816dc0b5e6db3ce9a10450e9564b7c932e9261a9d78ca7929a4537646cbf7d5ee8c363b5fb |
C:\Users\Admin\AppData\Local\Temp\REGBF2F.tmp
| MD5 | b3bac87b38b0fddff2b30fa8af27d462 |
| SHA1 | 3caf9899b2f728d4d045288395c18a6b661b61dc |
| SHA256 | 330bfb02d3c0f2f2320710216bed0e230de94915a80e064232fd44e208dc3604 |
| SHA512 | 7a9cb5de8180323c9abac74a7156c4d3b62843d22302ccd76e12465f2c7c7024e06b51fd14cd8614ebff60142f1b5522fbfc46b24478fa9350e67e5dfe9349fb |
C:\Users\Admin\AppData\Local\Temp\REGBF4F.tmp
| MD5 | d12e2a78fdf4f5bcecf89da730803410 |
| SHA1 | 5de06e390c52279cef3d4a1ffaa983a3b1b40022 |
| SHA256 | bf37953cbc8b21d7fa57d95f5a0fa11536fa0dbf9c1a18601d9048e39b40c33e |
| SHA512 | 01e9f98f82566fa5c8b77b6b9a3a5a3a933bed5b5daa907c5889a5d33e818074ae6632a6ced3ac42dbf1735249a6a58ed76fb4d77c2492545abe74bcc3ede1f3 |
C:\Users\Admin\AppData\Local\Temp\REGBFDB.tmp
| MD5 | 3bc841f214e8406339938eb7449eeca6 |
| SHA1 | 00d9db9f0ef3b42901d011259210a95516bb1e79 |
| SHA256 | adef95159b858b77f09200c6c6f50ec084effc9b252397b4aba868b29304145a |
| SHA512 | e418d9b48c00b0e2a5bfe050ab6e60a2bfb6f49de58db521ee16b6bee0f732d45818d1ed74c45dd7018b54f3fa9098186cb1d48873407157f3b6a07d2d6a5b2f |
C:\Users\Admin\AppData\Local\Temp\REGC1CF.tmp
| MD5 | 8ab51cf4a9144c4221706769245890f5 |
| SHA1 | b80a73f3ca932ad956482d6feeb0d89ad3826546 |
| SHA256 | 1ad9905ecd2c35ca22acfac8828ce2b32f22a225f7974c3f70bf026eaed72b61 |
| SHA512 | 62916c4f6f3fffba199ddcc152b40ed04262fe2f748912b84eaa18b4a867221e9be40fa4c712af5e12d6e46771a267b686902c72ad2741067da3831eabd9d82b |
C:\Users\Admin\AppData\Local\Temp\REGC27B.tmp
| MD5 | e8439c4e8015208e2f4282657e423ecd |
| SHA1 | d7c5a264eefde22b2640dd349a4c5bdd49e2bd9c |
| SHA256 | 5ea92e4430ae7476d77839bc8af9a62a27882f51594972bf858abedd77ee94f8 |
| SHA512 | 2b4b87406438c9086030ab1f70f381b002bb82c8b03e7b2c3b519c3eed6a8d650d1c974816c1415c51eee84ce681f312569624bb91bc276bbbcea5b6165d2305 |
C:\Users\Admin\AppData\Local\Temp\REGC2BA.tmp
| MD5 | 5b20f739acefbfc6237c04f216466883 |
| SHA1 | 738af05cf8a177e14726ae4c4affc6d9b94da6a1 |
| SHA256 | f787f543d052d4000d007bdcd71bb6b7024293f2ad2d543b02b4121b1da3ebf8 |
| SHA512 | c82cf736af02ffe5e76b88d802e7800787826bbe5cbc59b64b4f77f9ff1168f9ed43a9c68e3a9d13407e38f16822755660d359b42ae339d0d2bac754f192651f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e6250e2812cea17311c77f94c22efd9d |
| SHA1 | a85a9642a4c5a9ab3bda5baf8b9360ec8cbe48f1 |
| SHA256 | 9d9c858b755cd1cfcc66c53789308253c6fbc51f145ce1885b25b1d33a246d9c |
| SHA512 | e7719120336d245d1aa86c479e05c02845c870b06410887e0c7ca553af2abb24ace14aeefad920c0df5e7dfcc85055068279ce0504ce279db98315449d1b8bc2 |
C:\Users\Admin\AppData\Local\Temp\REGC431.tmp
| MD5 | f90a03d152e8202c3eb57c6e6eb710a8 |
| SHA1 | cab5b11304ebbb9a1ca9c191fbc737082bcb49b9 |
| SHA256 | 89eb956a0ac5a7ebd558eaaebe485c87c40c47baf1954b272b26b0b8724a6352 |
| SHA512 | 2e3e8c359ee1b97e5a01aff6192fd39236f14cd75812fb9ec2488e938c52db294c859062d89b84f6593d3c492d310fe6b514df235b52dec189e7b62e02bd86fb |
C:\Users\Admin\AppData\Local\Temp\REGC460.tmp
| MD5 | cca36a379e81a944c607e4f4d544c565 |
| SHA1 | d09aef7d6cf0bd140f121a85ae2b92307119db89 |
| SHA256 | 8975303228de2bf10d7a55bfbd591bce14e4a124910265eefbeb58229347268c |
| SHA512 | 8a851c8054c694dcf0b942550de764915f0c860277f910fa0fa6d66962f7e6c7a7c8498a0abd55e51e6725fb585820a957c079351883429242e4c0abf7f79158 |
C:\Users\Admin\AppData\Local\Temp\REGC4CD.tmp
| MD5 | 9a6b92b10fa585333d0291ac3d87537f |
| SHA1 | 9536e72a6f059ff86deaefac6676305fdb23530b |
| SHA256 | 713b38ef078f28703e15256cb30ccdf5e496256f9b0e92768d0a63be39c3e825 |
| SHA512 | 28605010c1a45e8d08e1b4ab82a697694ed977213902707a03f6da0570b37cfdba00002e29ad072273d3353e18200d763e2f05cc504c36fec53778288ad5691a |
C:\Users\Admin\AppData\Local\Temp\REGC50B.tmp
| MD5 | 79d558a3f5a649a98ac348ed8a0bf6dc |
| SHA1 | 5cc1a6a3339b3104af499a8d44fc426d54021e85 |
| SHA256 | 23237d250e185d524d26dbdc6ce16adffa9a0b65af35fefac3bf0d01004d5bd5 |
| SHA512 | 6ff24db910fd94551806670d922c31802e4f49dc68e1fc31d33cae1269822c6324563672804f0eb8fccaf2191281d860f74f243b0effcb844ebb3ec8044f85d0 |
C:\Users\Admin\AppData\Local\Temp\REGC52B.tmp
| MD5 | b0223e1939178bf83ef084f4d98d27fa |
| SHA1 | 5d1b1aaa0e159fb6ab3370c473f38c7910b28663 |
| SHA256 | beb092700ad0e8e12c2d46c23b5f56c78fccdf25291f92fbf9f56f205f59f10d |
| SHA512 | 707d24203e0adeaa521d62f3e7b4bf4b73f17849294a7f33e8dc89d563c942a7cebc08bbd1d55d9ca3d46be835983e9310386c2339cea930a50ee862f97f01d1 |
C:\Users\Admin\AppData\Local\MinecraftInstaller\deviceId.txt
| MD5 | e2bc0ab01c20625dd412ac01a5106b37 |
| SHA1 | 2fd896ea9676f9d39ff2ba25b8e7f889860342ef |
| SHA256 | a34e80ebbd473a1bb3b79bedb5295b4cfc9b91e68a6dae7fa1f76ea3ec3f7087 |
| SHA512 | 059d0fcc2a0354c74e710b9e449747d1c61e58287e1b7698cca4694094e6e273f0e56ca7fd1b54ff63fa4d938eb24c7e30f822e532d8706b308f94e91282e485 |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\2560293460\2024082714.000\results.xsl
| MD5 | 310e1da2344ba6ca96666fb639840ea9 |
| SHA1 | e8694edf9ee68782aa1de05470b884cc1a0e1ded |
| SHA256 | 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c |
| SHA512 | 62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244 |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\2560293460\2024082714.000\WindowsUpdateDiagnostic.debugreport.xml
| MD5 | fc684dbe604104c1abbec891901e473c |
| SHA1 | e6479a7ac3023b06383fd3250beb205d9ea511b8 |
| SHA256 | 6f6142bc8005619648e992beb85438ab0414cdba32820851dfdeb467c89e47c2 |
| SHA512 | c82e8c9a2bffe34e79d384897f31e48799954527386b79d2d50ea5614f1f92e5500bff0b7cfcfdb3265c2ed4e1c8894ebe827bebec56f294e56fed17d03510a5 |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\2560293460\2024082714.000\ResultReport.xml
| MD5 | bfa806cfc1a93a794099492a42c95961 |
| SHA1 | 5b7b3b2e070b5bc9a2ac2a23ab9c149a171ed0f3 |
| SHA256 | e8375e35bd4ede3143286db489df448cbc92fce425bc246084385e5d5d1586b3 |
| SHA512 | 506a71f5d8d2efc9edf5a3af79ea3654851feee0401aa305051988e5a136ad00195a3155833222499beb5a44bd38888e0bb79c12f0c74105c1be8744e5a26680 |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\2560293460\2024082714.000\ResultReport.xml
| MD5 | 66cd4902c3247d67627cc1ca8526950e |
| SHA1 | db4a3a07dda904952ac16b604be27378daf0355b |
| SHA256 | 9b553925101f1a309767b319d851bac0ecf1d1fc629455b386d593fef1cc59f8 |
| SHA512 | a4efa1acab9323b2e675265993dba57826631785da8709275672ea102f73035a272fbb965304e5cb883cd72884a78d4af12f929d587fcbd304d85a3d236218b9 |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\2560293460\2024082714.000\BITSDiagnostic.debugreport.xml
| MD5 | 7abb4011c41ef3917fa70a819aea8dee |
| SHA1 | d0e627dc10f1dbcc75caebad83fb69510ae3fb37 |
| SHA256 | b646618780fd1c9b852cbbebce46af842ac99bbc3496b041b3fd9d8acf13304a |
| SHA512 | f86d62943ce5a31421a186c53d1ff169e60f3f9d576a7eccc887591864c693eccf2c44fc6c0cafaa820cce97f0d4abe8d3f35016ffc5612c8c5d435c6674f028 |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\2560293460\2024082714.000\NetworkDiagnostics.debugreport.xml
| MD5 | a935e5445186ec34fec5bd4a8040fdf2 |
| SHA1 | c8edb07849ef19a720ec057c6159cf122d9eaf87 |
| SHA256 | a66b7c2d858336f5d75fa6f4dd6c6347bc7b2e5ba725cedda1b9aaed1ea45ac9 |
| SHA512 | cebd60ae2bbf7a4c54860b73c98126209ce8615ae75135a665dd2c8a3c74e828832693ef01252597b0bceb172d522e2fd7f2b80398819033ad8bc904a117eff2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | ed124bdf39bbd5902bd2529a0a4114ea |
| SHA1 | b7dd9d364099ccd4e09fd45f4180d38df6590524 |
| SHA256 | 48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44 |
| SHA512 | c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 60f8cd04587a51e31b51d1570d6f889a |
| SHA1 | 88574c41d0ab81721b275252464da5c7927a4835 |
| SHA256 | 27cb4390e32a97375dd4987ae000406933bceba5199f17893711e782333b81cb |
| SHA512 | 84c12448ac55dd819749fef9be9919111a3df4bc51e66d2fa9f7376c11c101ed1349cb36aa119aa873cdd6c0c91027e201fbe23c2c83b89bc900a4d9077bcc52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 8ab35848768f30a7eb81d525d18ce96d |
| SHA1 | 7833667f5d08d58837c0a9d01ea0a15c6b3759e6 |
| SHA256 | 4135303df903224b2d6bc416bac09060665f6b35ae845571c6442326b921f18f |
| SHA512 | 6877caaf873bfab09ddd31dd86aa557ac8e0066fcee7843d68258933c31051a589f3c4943189b22a42795f2d975b66ab8c641187ee6ee4b4e48d552a7cda8487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000082
| MD5 | 2257803a7e34c3abd90ec6d41fd76a5a |
| SHA1 | f7a32e6635d8513f74bd225f55d867ea56ae4803 |
| SHA256 | af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174 |
| SHA512 | e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0bcf1d5c10020bcf4d49c9f16b2469e1 |
| SHA1 | c4d53531a0915b4e95184a8642e9745436225944 |
| SHA256 | d024599d10f1e108fee47741655895ac50ce95596a5d704dd50cf333980a8a9d |
| SHA512 | 9276521e6fc420766d69db25593d54ab7d69344c03b5295494652d7bda227d5d7cd10856622cc7da5787a436fcf8b252173545468e20b14d9739bfc693efa707 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 5aa6440a7b466a17c57394d2335c5a1f |
| SHA1 | 7b797bdf61af418aafcf6ae7725fd73b11e7a3f0 |
| SHA256 | 6a367135f0ea4a4bc516e235d78bd457c3112992b7eca917ec4ed072447f3f1e |
| SHA512 | 815fb50c1b0026776976b514ee1ff20505ec0da2e7dbaf5f6c0ae47bd631a3932cd56fe2a029195025dfacea30c8ee04cde66b7e6495ccb0928f909ebd5edc8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\578e0ccc-e6ff-47e5-bf54-feac9a83a09f.tmp
| MD5 | 70eb7b130b5614a353f9eeb6141b4e60 |
| SHA1 | 9ccbaddd81b719b4ea98b5406ca0f3e758bc1a11 |
| SHA256 | d9aac4a22e4301c5beaaa5bb8b13d5926ede8f4adb2ea68c7a7340e80f4f5c6b |
| SHA512 | af4f203d892acbd3c41e15820b274d50065ed1cdde9e6b46b3a063d24b654c0c1d736f9230e040c7b4b0492d7271f7617c87bfb5ffd7895143c5cd5b4dc4403d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ce4d2912c1916d6b7cfcccb1f685b29d |
| SHA1 | 7d430bdce0414a63ff6b52fa14eae4ccc8fb2658 |
| SHA256 | 4ab102b198d00b399935a57195a6049242b91578d40460f337422102d0f1d74c |
| SHA512 | 4506f4837ca23371f28fbe0c8f95d61c4edce162a88c00f519633e38320877884e3884b70ccfb54b8a8a945d3b4e69cb618a40b2a4b075dc1fcca79c681f745c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 987a14ae3854490b05c488fb790f5e87 |
| SHA1 | 0c4e9d8690cd8e18b6e8c37e7b1be372e1e7cdd6 |
| SHA256 | 4b0b2ea8323a0ec16eece40a583106a09e038c35b0df3ea9ac93b8e9245c9c5b |
| SHA512 | 27719504d5d5e8eaddd68eb4f5278c948f7e7e7b8fa527d122b511718a6bfa374a5d05894eb1ef9b8f098ec4d0ba2488192dc3d715c1d4d8465ca0465f00eb6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a4d37.TMP
| MD5 | 743f314dfdbe9fdd83dd55b7261d1444 |
| SHA1 | 43f90d3dc89c72d1b963d14f0fdcef36f815949a |
| SHA256 | c183726c7469283ccc32102597b4e727bbcfa5730a9ae909ea93c916e0a36c03 |
| SHA512 | 7c91e74d13c7594f72e4afe1ce018a638631f98b84bff392d89b0e536cff1c43f87043fdf71a9cd19a2232063401d457febd73646414c61c487e2efc761ba1a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 471b03c5c145a848b7a2dd8f4e40b86e |
| SHA1 | dd299356e02a2fd43c07217ea3dd25513fb87e36 |
| SHA256 | 9139290a0c9ce91734f8d461f958f3d9ecc7e720c4e7ff0b9aecb46b3eabdcbe |
| SHA512 | 64e0ad3421e6e6a96209b3965123cab930fb66d06808c5f1ba3d8cdb1fb5be19f2cc3b9a40cb48bb359db9e1ef44964f3c59c349722b6f406c5dc3b767b084fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 412516ba353b25df17562c5d3095e145 |
| SHA1 | f95ffe7df2406e78f1f147b424e6d773c5e236a1 |
| SHA256 | b59bcdf331bd86dd9b411b59de6b245a81bb8a54b233dfc3d1f4c46eadbf76f0 |
| SHA512 | 938c556263949250ba4ad2172e942c198ec7b5f40fc1abe9d19edd6410f47a6ef25328b140a701bffca6b40ec9f80d8d0241bd1b5ba0c09e3094373c48b37118 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | a549cd961352b1e429ed4edff65f8290 |
| SHA1 | d281ec43cae21ea4e061d7d0183c23901b707114 |
| SHA256 | e02112c2f0eeac2e07715c9056701013c32727447cccc5a37b1cf08c8cbc84ba |
| SHA512 | a239d6ba6df29de06e1ef3ae90fa66292a6b034257cb42241fa748ecf2a09d0eb27e5dd8390904326f596c5553a5546eae3e3d42a89b91980f6cd37ad6dbc7c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6169d61312ce6667cadb042e020f9331 |
| SHA1 | 78def4feb41063ac8a995971cac04870e14a9cbe |
| SHA256 | 5e1c9fad90e774e8bcc49e85d1fbcda6768b5358b9d0118abf1779106d0075d5 |
| SHA512 | c6873b3029b3575499e4fcb75975f5e71a44629729884ec1f98d058765ca9f8837832d47a885bacf1bf176e907183ef3fb1750d3de779251b314e5b55ad51c6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 209af4da7e0c3b2a6471a968ba1fc992 |
| SHA1 | 2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f |
| SHA256 | ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403 |
| SHA512 | 09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | cf604c923aae437f0acb62820b25d0fd |
| SHA1 | 84db753fe8494a397246ccd18b3bb47a6830bc98 |
| SHA256 | e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4 |
| SHA512 | 754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 4b354e670be70d8e6f4be6822c614f7e |
| SHA1 | f0c61a81f793fc471cff7c1d374185fd32f85b37 |
| SHA256 | 5bc667587dee79e80abf70820f31c32d05fb7768909e305985464a1ef4028376 |
| SHA512 | a1810a78896ddf69884fc2c0e76bf714039ce7a6ca1eb6bf9cc3663f8225f81ca219190c203b020cba368e7b517faaaa214c24d2953af5c3d228824449a8ae6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 41168de74d1be5c96fd3d7f3952edc2b |
| SHA1 | 36982075e0a7522b9efe2a59f878ba408eb62632 |
| SHA256 | 48032588e91b4653f293d5ceeb6589112e6fe73cdd89a78eba0832627c25825b |
| SHA512 | d006bd9624c353d4b62fa3a0b79ca6d8f19926a5e0c6a94c086389a54dbf529d8c211ec55646b5c45d1078356c50b7bdccd8b44969b5923b5ef08c5353d8f661 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c8472fc25d2f522672f80296dcfb32fe |
| SHA1 | 20609da300cb0d5707f3fa09259e3fb6c74a02d9 |
| SHA256 | d9eb06e97eca549103f832c3c37dd83050c7e1ca46760fd6f9708b34a919f516 |
| SHA512 | e2310bb2ada6249314758bd36f8710ff85efc74c0f7a3b8ba392052422c883ce4dd6453104734ff619e0f40892e54c1fe4d1bbb0a301326d52f1884488fdb100 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 07b5b99561f5144e8354929c86fedcdf |
| SHA1 | 91ebad41a5fcef369a02e5665b7a3aeaec9b39f6 |
| SHA256 | 85c376df3da4901ae117fbd2bc1983ca35686b2fc628d9d71a926230d8208537 |
| SHA512 | 1b7ce9a3f04ccc0a98f6f64b3cd1844dae12899e94f618c470f479c1174b2f2f998f7d3fc29921a6caeeb413fd6d12fab4783efb45c8f38a27fac90e7f13263c |
C:\Users\Admin\Downloads\Unconfirmed 204666.crdownload
| MD5 | bb20cb3e184fd2f68f0673580500b9e7 |
| SHA1 | 6e1a63d5ef1b0ae45e0e0cf6863a4b2112c072ea |
| SHA256 | d4848f28292f5795e8aa73e924d62f5b0325ae970d6e610b5386fd2866ccf5b0 |
| SHA512 | 0f50b3644b52bbdc44e820d7a406d188e13531036e3c6e71fd55b853b4b6a3b02c9966ec325309c006439d20a451eee8b213266131337c075277415953c5c587 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c7976fa639435e84a177669c72814923 |
| SHA1 | 9e33577910a95fac5ad0078c7fc0f92f6d46da18 |
| SHA256 | ed09d5d8f3e9bb86d8a119f13186a9eeb31041bf0d8b1ac41941a5b60210f0f9 |
| SHA512 | 93fee7e0cf1bb97bf8c304527d04d161cb7f06ed6ae4a6a61c8bb9e415073ee628d172fe5d0d41f3676e1e09fd60bd85a90be6d4d58d2fedc4a57a80de8f12a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0b6f6e798501f87d57775c741e59d15b |
| SHA1 | 3ade281dc4208cb5665e5f22a48dee0f3a97ba69 |
| SHA256 | f8f15cdb617a296649209196a80d964abc612f5d04b69b64a453b2c335c7a404 |
| SHA512 | 6691f4a01be33cf95f8f9f357305f3a70704e59dfb5173903b6404ae2612f14366e1d80c85116f3b173d587f0c3cddc91b847af8fe15e163121d3ab191a580b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 06e092a653dd532d8f840441ee27f108 |
| SHA1 | 229bfaead4df88d7551f65b74ff00291aaba01d1 |
| SHA256 | 39a3e2a5e7f00989c2950b87dc63208c4f44e98806e5d6feaeeca5f9c1a2fa74 |
| SHA512 | 7b679ee016cf5cdbe48ba6a73c1c1a4d81f792cc81fea57b6f1ce7adcf6c98cead738771d76b23bd2786da347c7e0e483d7825c91d8a02ef8d98e4d69c207f37 |
C:\Users\Admin\AppData\Local\Temp\5fe4c407-6481-11ef-ac6b-ee255df7db21\Ninite.exe
| MD5 | f1db4fe1d4559183cd1b35a257c970cc |
| SHA1 | 57d3904540930c3ebf80f30b6b6097bd055b6940 |
| SHA256 | a5f912ccbde324b7c5f5d81076ccda813b2d80d311f4c854d358b85b02094d56 |
| SHA512 | 7ca2546d31b88d701d195adf62e10209f3216033692348b4f8ff54e254baca7c1e72dfbae66ccd5e684cf53900cbed3f5a05ddc24adb251ce752541fb1f56c69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ae607ed0b0b032c7cd55a03cf63d890b |
| SHA1 | 53fa4d5c4422f1b117902c5f5e20275885169804 |
| SHA256 | af6f4ae0f89eefd55f56653c080940458d288b938859bab06bd0b14547f432b5 |
| SHA512 | bbd5ec4b21bac363406a50b0089df81da3662c1734558fef4183f57dd8c3497e3c046cd663e4027c5c6d5f5ce00dc4c3bd89cbbba0e7527f726778c7a741892b |
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
| MD5 | b8957716abbce875a776e5be7fca9302 |
| SHA1 | d6778ba09e743186042effdf8a63d76d5a5c8520 |
| SHA256 | fbfff2f14baeefd1b5485488f62bb1be12664b978a95de4bba134ac96905e933 |
| SHA512 | 171dfd9bd3be3356fc4e077a1652ec2bc74f2ab9b87430d953fa224854daae601c407b4ec7df95e6bfa1ed39f67d9d289633848bec59876c509c9a36dbae5951 |
C:\Windows\System32\DriverStore\Temp\{d884de48-5474-e34c-9e93-be35bad1b796}\SETD118.tmp
| MD5 | 3f7d0798fa33199e799a91e87dc632da |
| SHA1 | 78e9b8d66cb3147e5663a90e83c8a38d166b9b87 |
| SHA256 | 7db6fdc2752f9b8884e19b8af9aa23e7f5db8fb525badd75952b753e93923122 |
| SHA512 | f2884d2b17b31442c16773fda2a4fe07ca4860ac749b8d5b765f2d4887c9d2c047826255fd474838f90d31fa5e5bc0fcbb776fd10e69d18e510e06f16fdcb44d |
C:\Windows\System32\DriverStore\Temp\{d884de48-5474-e34c-9e93-be35bad1b796}\SETD128.tmp
| MD5 | b25c718c1fdaa59c0d2cb1347b8ab5dd |
| SHA1 | 459752949af2cf0e8b370d0bcbf32fb5effa0abb |
| SHA256 | 617642184092f455fc7ddfe31c7de53db39459a283019d816f8c9a6574dbe501 |
| SHA512 | adafcc0d6c2db9f3a73cf21aaa26cea5cb02717fb97195c1287e09837c95ec8953fdb47f2d2f6f3651f497ddd8e798cb4d026191cfa85a0cf32cef646293b164 |
C:\Windows\System32\DriverStore\Temp\{d884de48-5474-e34c-9e93-be35bad1b796}\SETD168.tmp
| MD5 | f774906ef43b913502a0c43ed3ef1f52 |
| SHA1 | eb8189f04b8ad345f6c2cddaf75995f2e5c51250 |
| SHA256 | e34bffc4c15f93c0d1b89a328ef805f4a6cfa1edc9f32e561365c3acb1e787b6 |
| SHA512 | ce39d6ea2c333f58b4c048d7e71276db8aa57fa58357e6c03e19c1016891f90f2b614afe4b9614aabade2237cc529d0bbf453d75941e09d98d6442b8e0f48382 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8b4ab0eed690c82e577b3d05d9d31e3a |
| SHA1 | bae1d084c8489ee89f2b97723b2ebc5fde40b45e |
| SHA256 | 1b333b80cff3c898660abb71457f6e2a9e99d517878ce33ee771d6b491c02974 |
| SHA512 | 1ce12777c76bf61f3290a4d86db7785aefd08a992352435f6ab1e17cbff1a2bd1ce05f7db23d02948be2078011bdd6745d783dc6acd1192643d1065dede8d0b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 65277c48c0fc2e5d65dce2b618a13b08 |
| SHA1 | 377c847f18d0cb26c5867564ccf6bd1afda1cb64 |
| SHA256 | 043c8f5c72558414b82886161b913c9b60c2f35fcdda1fc3c7a42330446cee40 |
| SHA512 | 5e8eef5fa1b3373c6d27ee458a31e25eee900a56cadf30bdafadc3de4b7dfbcb74a4a560081be2fce99a6d8a98d0a12281a4cbd46fffafd9972b45ffb6d719be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c714d30bb4d37d7abfdf5523bd86e5fd |
| SHA1 | c8c72df51ad8e9b4de96797a07632c753d1ba25e |
| SHA256 | 518248bdf79d3e9e79290d5d44edc2c765738bbb65df02a8dbd9e22e441c3bba |
| SHA512 | ff2750a11f476f2df5772f83c782eae49bd6dcb77f51ac95f399f4233e49300d5a472c6600e68109c43a5c5764fc0d1a17d1ff1ec35766a6de956cd9b56d2e03 |
C:\Windows\System32\DriverStore\Temp\{2692084d-cd85-ef41-a5cc-0ea99d383da2}\SETD715.tmp
| MD5 | ec55ff59890db29d01aea48070a62266 |
| SHA1 | 76ecbd14b6b0e6dc143e6e7cb51e4e4a12875899 |
| SHA256 | 1657a5c6ae6674d8d7f0534d1b5d729f7253a78935decf9cdb2f6c41098bc6ef |
| SHA512 | 4b933d5c596707dc7c4da0981839c8307cb52e6aa12f382a4a15ac0a74602ce4d3bb1587350ecc680ff18c0785c9ab8265d402c4ca8b2864cd3a3a484ec67620 |
C:\Windows\System32\DriverStore\Temp\{2692084d-cd85-ef41-a5cc-0ea99d383da2}\SETD714.tmp
| MD5 | 1ec0263011cb6d0b6069c3255abc5adb |
| SHA1 | 1ca79cc432cbda91380cabe67a740c5a408462ae |
| SHA256 | d9a7d1c495660c0b7eaba6fd57d759e387be7f291aeceed6b5e8bad28063659b |
| SHA512 | 111f65003fabdaac578488e22a30bc7a232650541f138b5847c08cad9ff55b96af1b138f27f84602764aee258a3145c7fa486db2bc0833519c0155a270b84c79 |
C:\Windows\System32\DriverStore\Temp\{2692084d-cd85-ef41-a5cc-0ea99d383da2}\SETD713.tmp
| MD5 | 793989c73db1ed24a218f045ef43e2ad |
| SHA1 | f9b0deb8bfbd884093bbe25e0200f460bc98917e |
| SHA256 | 158f89b26732c9a49abc5efbf38643a17c525826cde2447bfc386db0b15315eb |
| SHA512 | ce3ca3a4f66b36abe8c23cf94059da297bfbba0c8e0d9df5ddf0356072f9778dd5b992c7e1bce2b2ebde77a652338522dc0b871779594eb3a7582dfde3740b79 |
C:\Windows\Temp\MBInstallTemp75d64a11648111efbc0aee255df7db21\7z.dll
| MD5 | 3430e2544637cebf8ba1f509ed5a27b1 |
| SHA1 | 7e5bd7af223436081601413fb501b8bd20b67a1e |
| SHA256 | bb01c6fbb29590d6d144a9038c2a7736d6925a6dbd31889538af033e03e4f5fa |
| SHA512 | 91c4eb3d341a8b30594ee4c08a638c3fb7f3a05248b459bcf07ca9f4c2a185959313a68741bdcec1d76014009875fa7cbfa47217fb45d57df3b9b1c580bc889d |
C:\Windows\Temp\MBInstallTemp75d64a11648111efbc0aee255df7db21\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll
| MD5 | 3143ffcfcc9818e0cd47cb9a980d2169 |
| SHA1 | 72f1932fda377d3d71cb10f314fd946fab2ea77a |
| SHA256 | b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7 |
| SHA512 | 904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b |
C:\Windows\Temp\MBInstallTemp75d64a11648111efbc0aee255df7db21\servicepkg\MBAMService.exe
| MD5 | 2d49262ee00ca948aefc1047d65bca56 |
| SHA1 | ae60524cd5d0fc2e8f32b38835667871747db3fb |
| SHA256 | 6931bb215c086739a7b2ab089a8bd9cd4b2acbb9f44a32ec1b420f216f6ff782 |
| SHA512 | d069d4f20d69aa102438f1779f6222cfef7967733cce8d744bf6121e8e22bfc8dee4ee6887cf13e17ea173a0db4c52e3009fe85b861f5c7622294b63b366877a |
C:\Windows\Temp\MBInstallTemp75d64a11648111efbc0aee255df7db21\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json
| MD5 | d94cf983fba9ab1bb8a6cb3ad4a48f50 |
| SHA1 | 04855d8b7a76b7ec74633043ef9986d4500ca63c |
| SHA256 | 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a |
| SHA512 | 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998 |
C:\Windows\Temp\MBInstallTemp75d64a11648111efbc0aee255df7db21\dbclspkg\MBAMCoreV5.dll
| MD5 | 0ccbda151fcaab529e1eeb788d353311 |
| SHA1 | 0b33fbce5034670fbd1e3a4aeac452f2a2ae16eb |
| SHA256 | 2a6ac5a8677bd1b410420183169b9ca9ec87dbb78ce0f11ebac2bfa022df7c70 |
| SHA512 | 1bf9b8849b27491ecadfb4caf4e61926f9a0a8479c247a2281ba2d7c1ae0587251330ee29cc053630047e279ef6b52d3a125e21144b9688f1328f101bfc3c2e9 |
C:\Windows\Temp\MBInstallTemp75d64a11648111efbc0aee255df7db21\servicepkg\mbamelam.inf
| MD5 | c481ad4dd1d91860335787aa61177932 |
| SHA1 | 81633414c5bf5832a8584fb0740bc09596b9b66d |
| SHA256 | 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3 |
| SHA512 | d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830 |
C:\Windows\Temp\MBInstallTemp75d64a11648111efbc0aee255df7db21\servicepkg\mbamelam.cat
| MD5 | 60608328775d6acf03eaab38407e5b7c |
| SHA1 | 9f63644893517286753f63ad6d01bc8bfacf79b1 |
| SHA256 | 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59 |
| SHA512 | 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7 |
C:\Windows\Temp\MBInstallTemp75d64a11648111efbc0aee255df7db21\servicepkg\mbamelam.sys
| MD5 | 9e77c51e14fa9a323ee1635dc74ecc07 |
| SHA1 | a78bde0bd73260ce7af9cdc441af9db54d1637c2 |
| SHA256 | b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0 |
| SHA512 | a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186 |
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat
| MD5 | a58601a3ccc71c69736ff3f16e3faa50 |
| SHA1 | 4ef363a438a28e0c966f055f89788c9292b8e091 |
| SHA256 | 3edae4348be02e88de39aed7fce3aa4e781afb6b7728121777066ef9b9b17555 |
| SHA512 | d23ae01eb0824a7e1865f9a7389bac349373a90ded9e46937f331bb44aa4e9b275efd795b346270497fa67f2afb9624c8a088cf923e3029090ddda11c8ad6ca7 |
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
| MD5 | 44cb90ea083b7bc3e45a26ccdab7547b |
| SHA1 | ae98b313fa7c4f584d1a9077a656605ce79f4076 |
| SHA256 | ebc35d0c495d460e5f18ffd5a04813323d063963485eb63bd84de38632a4cd75 |
| SHA512 | e6baa2dae9b0e5f838e04000b83cb76e9c54bfab0af48e3163f8627ca5ea2a72ab962be8a46e097d9e5aa09163139aeadd26d4604c54c3c6a875bc029fd9f9ec |
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat
| MD5 | dfc81f506c5cba82d533a0828d2c46b7 |
| SHA1 | 28399192b912c55ccae4291551be15bbb1fb12fb |
| SHA256 | f5076f41420169b67bd85561fc37eebfd4a4489ebafa098a3af077b920e9d0db |
| SHA512 | 81821a31cb5513558ef04dab23735e8cb1f3ea7d03dacd587cf65e67641324e400cd4469556840808d85bb2fb75fdafafd9599bcaa8dc52146f0897a2ae6d96d |
C:\Windows\Temp\MBInstallTemp75d64a11648111efbc0aee255df7db21\ctlrpkg\mbae64.sys
| MD5 | 95515708f41a7e283d6725506f56f6f2 |
| SHA1 | 9afc20a19db3d2a75b6915d8d9af602c5218735e |
| SHA256 | 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6 |
| SHA512 | d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08 |
C:\Program Files\Malwarebytes\Anti-Malware\version.dat
| MD5 | 72774c0987c94af4beefa21735bc9cdc |
| SHA1 | 2fe1dac092018dc9c1c621b2f2baca358e51579a |
| SHA256 | 14e9855b14a7239680454da5d00bff7b7312f83dfffb51c729e155350fdaf659 |
| SHA512 | 45ba0f03260d1fe4c61fd51a4ea32b69a7185f139b3296183e384d19225ed11d80346d890895970a566b2847ff1bbf95a55c84d489ae02343c9489b2f9b736a6 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | c4d6adaae19b9516701f7a36fe1507b5 |
| SHA1 | a4a7777f20132b7be67316793619cf85a27d18a8 |
| SHA256 | 9245df29aca039f5eba934d62813bf5e93c0b45a2d49aaec9e315473a2e1a18c |
| SHA512 | f7fd53ebcf9d40ebf23a544a5db65f039ae68d3ed280554f5cac4507b0dcef6a53311018584704a7198f8abb77215a1e964252109b376b47ba6a687e80ab2ad5 |
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
| MD5 | 46f875f1fe3d6063b390e3a170c90e50 |
| SHA1 | 62b901749a6e3964040f9af5ddb9a684936f6c30 |
| SHA256 | 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec |
| SHA512 | fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557 |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
| MD5 | 5d1917024b228efbeab3c696e663873e |
| SHA1 | cec5e88c2481d323ec366c18024d61a117f01b21 |
| SHA256 | 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8 |
| SHA512 | 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a |
C:\Windows\System32\DriverStore\Temp\{c2611fb7-f5ee-d44a-a319-da19068f7d8f}\mbtun.cat
| MD5 | 8abff1fbf08d70c1681a9b20384dbbf9 |
| SHA1 | c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6 |
| SHA256 | 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658 |
| SHA512 | 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f |
C:\Windows\System32\DriverStore\Temp\{c2611fb7-f5ee-d44a-a319-da19068f7d8f}\mbtun.sys
| MD5 | 83d4fba999eb8b34047c38fabef60243 |
| SHA1 | 25731b57e9968282610f337bc6d769aa26af4938 |
| SHA256 | 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c |
| SHA512 | 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | e5546677b233dcb22490a9e743405764 |
| SHA1 | b7e8e50995239d556587eff2475053d1acc04756 |
| SHA256 | 908303d20d550a71dd723b55c00c32d59766b48fab6d1a784538fc3af286542a |
| SHA512 | 4c1ae3dec01f690417d0f068dbbf619f97e58cb9ab2c970de4068da3c43535821a11636e4f4b9076f6352811201471a2857f51e602f1417959f4fc367b152cb1 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 02e8533f38424dc76e62a1743338f604 |
| SHA1 | ed3f76b768d763db0a297ce8bed6a2c4ed8dd129 |
| SHA256 | c99f4560e195ca9767ce71805edec819302f7e79528f9fe3fd0e0ab879727fba |
| SHA512 | dcc6e7f89e9f8348979bc46c372b0a3ceef0434a9c4ce101d4eb60824cc54865289c6214536f0cc0bfafd6f12a8321fba9d97fa4935f30ef4aa815af138c9f81 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 427c69fdb5ac89ec4348f48b44acf5ef |
| SHA1 | ace87430d8e3b0da9e1bd9f2d93ee526b3ec2536 |
| SHA256 | 4ad67e9f5927ea3271a2688b3bb14ed103682ab1d785e18be4c212f1dc2864ea |
| SHA512 | 20242fecbe17ff846b0f7f597e0415a590947a177f56e5d3037f30be55e1d9d95c62abb4b5557c5d188365e425cd99f3c6023e29a7ce7a53614f1a79d784ba26 |
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat
| MD5 | df919ab85e2811a3b02654a05776a96f |
| SHA1 | 6fc55bf2b629ab5b5278ceae458159e0715a0bdb |
| SHA256 | da3a42dac412aa16f23739f68220161fb9e55d0296f6ba72500ed86519eb0bff |
| SHA512 | d43b91351aa8849045c291e1b52dfa654c36947de50228e30c64894e6e76c22caee4985cfdc3177d11647b692de86f7380538138f29b813a978e7e13c12ff27e |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 78328d02d39aa8a3060548b92d7a8a16 |
| SHA1 | 241530e97ed92b6a97d697dcfc7cfb3d3d79db4c |
| SHA256 | 21f49163f00ca93ef3f15c46c204cefbc5c21d929737900ce246519ca291095a |
| SHA512 | e1e9a556a9fd055710225ccda40a5991e8c0c01c74bf8956c38de27da6d1c72ff90dd677f8945bf1709ffddc66b4cbc80c759d7bfbac5f83db8e037015779b85 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 6601adb9e5b898ad7a7aa2fb234ed2a9 |
| SHA1 | a514a8fe60592d9dc8ca220a9b59a2e9ed9a777b |
| SHA256 | 4e2f4aaaf2d62c48fd13f266e4ddd0b885ee2d9040b2405fb2749a1817b4117c |
| SHA512 | b3582ca2de6fb4882de3b6a141eeb2c61a14755087c5df650bcb94d41d825226e549a6272d7f8381976c266178dd5744a03e5e94c84eb26d88b422b6040a953c |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 728678af42320b444fd7856feaaf8723 |
| SHA1 | 73c6b3aa4acbf01ac9d46d92509c6c26f9fdae8a |
| SHA256 | 27e6e402d38cbb783a95ff958abb732768f59e9f900f56d239e2192f60722616 |
| SHA512 | 983cb4a63ea4224f3c93010014336ae69c9684ac8f4d9c130e4a351135e24af9bee6d4a30915a78a0c52b972bdddb960a0a7be62b14bdaa371b83fbda7795f9a |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 1b87eae4867e93561ebc3ef38b74d2f0 |
| SHA1 | 17d8e8659218bc8939929d7a9b2a1605d54c2fb6 |
| SHA256 | ca31a610ed3915b707b6d28ebeb76ccc7355022dc668351d979a9d9aa9dc1ab0 |
| SHA512 | de3856e29beb60392c4a2175c55396465242b9be10bf307cd005b9526c159941ff418ec009615446a42c0d047a2daa4bec993346bf24b70e67e71ae14ae67352 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb
| MD5 | 2f7423ca7c6a0f1339980f3c8c7de9f8 |
| SHA1 | 102c77faa28885354cfe6725d987bc23bc7108ba |
| SHA256 | 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55 |
| SHA512 | e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb
| MD5 | 546d9e30eadad8b22f5b3ffa875144bf |
| SHA1 | 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d |
| SHA256 | 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f |
| SHA512 | 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb
| MD5 | 77e74b340bbe6126492d3e26f48701cf |
| SHA1 | ac82d244f1e9c7ea6171f17a1ed8e5a579b08ddd |
| SHA256 | 102435f3dd0fdd065f54fc22807fcf4c2780ed8f211d602f17a1c7439d95cc83 |
| SHA512 | 43580a98768dc30dce95cbcbb23170184725d88280c824a400146c71c3d616f045c1406a1184fd5c246ab17d6205d6871457bbe9b710470efbab82a56151d2fa |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb
| MD5 | 4fceaf23fa1018d7b1c014c761cbbd2c |
| SHA1 | adc1b549ff0bd225138848e82f4a80dff65c4b1c |
| SHA256 | 3f9abba40df19e9c37b3696843dc48c41e126042550b7d0b6ab1fcc09cc4db7a |
| SHA512 | ae2eb2df2be75ff2e7e93ae4fbbbbc7e63278afab11efb3a7e962f519df3af997ec6566d275babf8b0e485693ad5209348ced1293d0ca4b206c806bc215f5eb5 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb
| MD5 | 8523093415e17ae9626e6a2dc40a5379 |
| SHA1 | baba32c08f7ca026c13624e5c0556933b0247fd2 |
| SHA256 | 3d76fdbdbe374fb42d3efaffd5703c7df04dfc9ee3639c85364f024c6ab610e7 |
| SHA512 | 348d7b1cb71bb2069ac71b593bb58eeff78f465ab537995c2efb124cd267c8272ac14973d00b9455c435d17ce1686b138c500eb72bfde8ac384f0200e28782f0 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb
| MD5 | 96217b2fb8d578961146dd4eb0d955a7 |
| SHA1 | 3847f996a58f037ac0ea9b434e411a43062288b1 |
| SHA256 | 742e143ffb9d236067e082710b7b4976d889861187d3294e4ebfe98c8468abbb |
| SHA512 | 592e3180646b5d98f273cc0b6f59385fc0e3403b812c12eeec0d3db52edbbed5d3ed5a4762e36d95913c2f7a0bbdc0d87b00409799360d7f9268ec9ff0cb7698 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat
| MD5 | b9701d07b388db3e584acae78af90410 |
| SHA1 | 8d93f5f502d5c596333f105782a912da92321e70 |
| SHA256 | a1833011f07f79849d8726b89eef963da8ce922ca65ca331e000ed9d1dcdd8f8 |
| SHA512 | c67e9ba549891511541feb06169032bddda1df2da50a3634031a7910c38a41f367101e27c3591778f03714938d1511fd3049a0e28ea0ec1d272291ba4516e924 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll
| MD5 | ad5afe7fe3eac12a647f73aeb3b578bf |
| SHA1 | 29c482e6b9dd129309224b51297bff65c8914119 |
| SHA256 | 7d2c7bc745e07d54f1c26c06d7438eb40ec6f5d17dfa15928b67d447f4c63747 |
| SHA512 | 5be9f8384cc22bb7d69d8e532e7025675db16777b2d01ca1819a6e3d8c7daaaaa23d842d338d55d74eb9973e230a8f9a11ce7524667fee09b18fbdcb5a49289f |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe
| MD5 | ffe5a249402aecd1d0b141012ef5b3cf |
| SHA1 | 9fe9b21390d35a0f82097fddaf1ee18e91fd2f2d |
| SHA256 | 1acc1c8c918e0ac6cdb4fc41d96339959d42a71947a02f573686ee091606ac57 |
| SHA512 | 1f7427472ca3f8a9abf06d761595fadca59b77ccea93477e6d71546a1385d654817cb356585dc05499ef87f61c504511399620852e95a46601f31fc6fa05f2d7 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll
| MD5 | 956b145931bec84ebc422b5d1d333c49 |
| SHA1 | 9264cc2ae8c856f84f1d0888f67aea01cdc3e056 |
| SHA256 | c726b443321a75311e22b53417556d60aa479bbd11deb2308f38b5ad6542d8d3 |
| SHA512 | fb9632e708cdae81f4b8c0e39fed2309ef810ca3e7e1045cf51e358d7fdb5f77d4888e95bdd627bfa525a8014f4bd6e1fbc74a7d50e6a91a970021bf1491c57c |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
| MD5 | f802ae578c7837e45a8bbdca7e957496 |
| SHA1 | 38754970ba2ef287b6fdf79827795b947a9b6b4d |
| SHA256 | 5582e488d79a39cb9309ae47a5aa5ecc5a1ea0c238b2b2d06c86232d6ce5547b |
| SHA512 | 9b097abeafe0d59ed9650f18e877b408eda63c7ec7c28741498f142b10000b2ea5d5f393361886ba98359169195f2aceeee45ff752aa3c334d0b0cc8b6811395 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat
| MD5 | 10f23e7c8c791b91c86cd966d67b7bc7 |
| SHA1 | 3f596093b2bc33f7a2554818f8e41adbbd101961 |
| SHA256 | 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc |
| SHA512 | 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt
| MD5 | aef4eca7ee01bb1a146751c4d0510d2d |
| SHA1 | 5cf2273da41147126e5e1eabd3182f19304eea25 |
| SHA256 | 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f |
| SHA512 | d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat
| MD5 | 666e34366ca0c0083a093dacfa865443 |
| SHA1 | d19b0c3871de357070fa2c444cb1483543daeb8b |
| SHA256 | 7ec167983cd7f32a1864fecaa619bb4eb68c1f9825945d133b6e5993cce0e158 |
| SHA512 | d45f9ef1dbafd40d1af86f629096d4a95c0f39efeafa1677e295403e6dc1dc6db560b06ea7ec00397d7edaf3b299e0694dcb6a2f31ea7dffb0aaab00d831c036 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin
| MD5 | a8e4820e175f7d9c0f37c4f63bdf44bc |
| SHA1 | e0aa265a99ceb65255ead59d54ab2e044c7f63ef |
| SHA256 | 4c2d5ddb9c89842b4c0aa4289c62aa67d7480400b95b0bb9be5581576b680a6b |
| SHA512 | 68a717c19a8f3532ff8bf3fae6d28a081939618c0f49da8c2cb8c14a9b563cc8dfd3b22d1d0f0e3aec8bd79207f46f3ecb0c49f5caf4fee2d570a5d1917df0df |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm
| MD5 | 2f38b1e456428a7c83293fff2645e848 |
| SHA1 | 218eae4b71ed094b9be6fcd9be70dd688b66b113 |
| SHA256 | af1d502f33db2fc8b036ca10158e6f25ef93fafc5318b635b54cf8fbfa8e1b9d |
| SHA512 | 58d58ce4d8eb7db9fd6f9ee09acb2ea45db4b7daae141a4fe213ce6b397b1ba81476aa9388d00181e39374fa9745b87a0537786c1834e3e8e8bfe60721cfc531 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr
| MD5 | 6a55503397286fa75cd76deb05275183 |
| SHA1 | 2182c5b01c9a0753aa9076fa426776204b51d78b |
| SHA256 | dbd19def4db62b799fd07ebe5e2e58c1f7d7b9b54c79576ec8fde84c19c91429 |
| SHA512 | 7c9f41db09c503b1ab3610edfb2bc9c8deaf8dee9e37a794c5f7203bef64923422ea406bb1db07035a9e71514241402bbfc794e789ee9f6f94e65e26f4dffed1 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb
| MD5 | ea723bab46afe71a9c8bbc9927cb0106 |
| SHA1 | 1df1acc120461f4a928add659aa631cfe68447a4 |
| SHA256 | 4ddb19410afc7828030d68fd468593d90da44c4be8fafe1ddb721c63e06df6c6 |
| SHA512 | 1e635032060435443e44efbfc95b20f30604500ba09ff5da0365d6e175ed933bf512f602e7c42ababfe84fdd9539b54ffe4d4d3aff238264844e92fd1e6f0e8e |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | dcf4045ab6d7107e2c2f93abae5b7425 |
| SHA1 | e61ddc7d72cadee6a8effd3fd4b9ef507927f9a2 |
| SHA256 | e447a6dd98c134ab8b1b5b3590609eebc2a5cb3b2e2e3f8a01cb8ac0430ba1b7 |
| SHA512 | 4943bade4e0a8a4e9740d801fa8333868d1e2dde18e27e8aa9854add82db1a974416ef0d87f94791b54de48cffdcf80a9a6a1de826188a98047abc38b8bf4a0b |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 3e8bf542c5175789400425c15ac04419 |
| SHA1 | 1d8a2997825ac48474375faba329496cc8a8f5a1 |
| SHA256 | 99489b606df780ea3a7a639d0943e59dd9280144226e8085e210d52f2f614ada |
| SHA512 | e385d2c38f2d0b8cfe5b8b20f983efc3867920c98d6d61661f87f37029d7d8e814932a11043ad37f24d7d08a460d0a4bdc4668f474733cc9f5228396664035d8 |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | c12ce9365b309acffd992f1eaa4f61ba |
| SHA1 | dae3840025d76f5589f7463f0f91c51e9b2c9d14 |
| SHA256 | 31fef9a087551e0cae38ec3210d1b63347ef9098bf6bbd28f0d8a6b2b7f6c0b8 |
| SHA512 | fca8138506ba20b33d6e26bb32b30e47a6df2051fdefc63b13edbae165ceaf919e209d0a75d19d64113607634e346db8942da2b30e53c7befb94ebfe55ad4456 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 9d4948d03ef0106cb9e9a487ad9bb0a8 |
| SHA1 | 5e50b6ce8a9e87c2e79ed81df8ed0abe37a52a5d |
| SHA256 | fcb0b13daaf5495377189855eec10b7e2720b5d4ae54906d993a51504a9a6fc7 |
| SHA512 | 1aa02b4c98213cc658d699809991245a0fad133580066409acbb079a6d25787a0252afac40aa108fe39f5273e19c2aaf64d666fc962ead15fed2daefa832bf79 |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | 380924d5a052606f3ee2aa0092f04a43 |
| SHA1 | 12abbfbd33f21334102fb64e37cb9f539b4a91e7 |
| SHA256 | c6fecf29a1cf996a487fa91b89a7749ca1fb8a54d36a1a9eb837120afd4eb939 |
| SHA512 | f55757e6d9c0254bf8dd6be5502a0fb850023736426b8ec6922e1a77e19bc106627b08967af109c3e8f6101fc3be4147dfe87ab1361c17a677b9a0e609d3e891 |
C:\Windows\System32\drivers\mbamswissarmy.sys
| MD5 | 246a1d7980f7d45c2456574ec3f32cbe |
| SHA1 | c5fad4598c3698fdaa4aa42a74fb8fa170ffe413 |
| SHA256 | 45948a1715f0420c66a22518a1a45a0f20463b342ce05d36c18b8c53b4d78147 |
| SHA512 | 265e6da7c9eede8ea61f204b3524893cf9bd1ed11b338eb95c4a841428927cccbed02b7d8757a4153ce02863e8be830ea744981f800351b1e383e71ddaad36ad |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | a9b94a274f9a57d34e62ab1bb47a19cd |
| SHA1 | 109e2b925eed8c4875b23d835cbcb2572b2c8188 |
| SHA256 | c1a8b59848d96118126d57408f53256f44c501490a6f6d934de3333fabda35d6 |
| SHA512 | d7782f2b12754a56b18381f481cd96ac116f6063a96e139376dbcd2a9c0891b9b5d2d65da6d746a599e2889a3c4d3e8e7bcdc5b47046a7bc2c0d3086bd1a0044 |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | 440ae43cd9f55f68fbca0d1f7fae4558 |
| SHA1 | 22ab4052dbd5dc4a6aa4c88e4b0ede6a579acb09 |
| SHA256 | be98039d8dad3b919168e5ff65be94c38ff384b0f6a21d39bca08268087c0c63 |
| SHA512 | 2e069000f124fc428f53c0a497c8ef5271803a8dc26ee344859ff39c3bc392c132c2ed009d89e3a6aeb398f51e3a000a891165c3b74d080bb85df308bd1d910e |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | fb2da1d3f8599a2f4bdae0fdc4f6ea34 |
| SHA1 | 2fd80b87943a6f08817b6f3f822f25467328e6df |
| SHA256 | c03ab6a3e717c2da701729d7bec4230f42468be7ef562e4c12da09d807d71ad4 |
| SHA512 | 43a97add4b7daa6475069db93f456ea76c6ba612cbb85de61d0ed676efca282166186073df44c9b5a9dcfbb95032f71c59a59682f72d9d9f15165d43be145e8e |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | bf3b074acc17f4d30b3e535c44bef16b |
| SHA1 | 6103e33114e93bed5456ff4241db9ad7c1197ac3 |
| SHA256 | 0f604c55ced03dad04836f3aa0a2557e8f82195035cd86af923db3e80e099473 |
| SHA512 | 7586906f9b300ad22ec4f7974b61c2067909a174a13920e04abad8be18e8e3293ffe68f6d6556e29e59b163efa75fc8816717cf07312d59319130dead07c3c89 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 32d2f8bfe60ba013ce4ddeb9ce47630e |
| SHA1 | dfd1196a6ad4ef421d68d087b4012e5018030ce0 |
| SHA256 | 29756a1d1b5f91d0a3b6999525f2f2a052443aa4fc93ceff552fe931c91ece76 |
| SHA512 | fc8c798d9d65edfbe900d195021ea5c4d2bda951628dc7d6272aac1d0366cc29ef5481cd262bac11535df71ece79ccf73f7221a64b8716b4c2d21702b7975126 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | e13b376bd2b5407efd275172e1c96417 |
| SHA1 | b8423eb14268bea76bcd047cecc5bb003673e61c |
| SHA256 | c487703c0d2d14e8a522712da64eeda1477608ba933dcd207874a001e72dcf57 |
| SHA512 | 5eaa6b4b1f440269b5f7623e79afb7ede3ff16fc4551e16a2d27a37cb7ddca6fdca5d9818aeeef3b52222e62b286b40e24792df1a973e8a101720db658ec4754 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 701f837a4caa63de35e7171182327a63 |
| SHA1 | e6181e13b1e02d7caf5b24d28e2329b00b631071 |
| SHA256 | 618d1b117836f1bd421a099abe0154bb6ab24c19c7d91f3439fe6e693c428b57 |
| SHA512 | 9c11e976f7bc5cff737d116a05be196523ab035209e9620e7285bfb37e53a35eea6b3bb4ac46ae8f9d46d7d54b1de43dafcf73204fb448a8b13ce1c454ed5b15 |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | 5f70da06c43a3f32159bcd1783603c22 |
| SHA1 | c6bd2dcc796df3d4d1d10de33917f2bfdb60d23e |
| SHA256 | e29965faddf7f636c37a906b5fd28fbc39de605ff35e89b03eff292413d6e491 |
| SHA512 | b1ad8c495ca6d183e761acee50ce3b7145a5d53d874579f84b7bfe1a15e34dff5b58ae000c4b60e6662fe16961784115798d9c0676702b6360672e97e72c6089 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | 0ea4f4e9aaee8763f6ee8cefc19fb2cb |
| SHA1 | def999907c1b6d554a4b61abcf19a6f253ffa507 |
| SHA256 | 2577b1f3b6cdfd9092371bde09d7f3c86e05b93016c3c3767037761a57fe5d54 |
| SHA512 | a77d783ab2db4c7cf17ddd1ea7948fc3dc998fdc6e6d4348ce5c6185a758421f718d4a22cd10c79d3e8b3a3d533186a7f3a1b6776d106622045c7ea67e47340f |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json
| MD5 | 1ff1a96ba4c5d4e241c6c26ee91c22a5 |
| SHA1 | a154b52d7e0d865855e2635fe4a5dc1ab0064b0b |
| SHA256 | d5ed72247790dc048631c75e5f3002db16af4f9a45aee84edab87becfd3b774a |
| SHA512 | 1cd70796c256d12d8c176ddc87b297edcd28b9ccefe7bd7402016572fa02ce68d1a1c26791e198102de52eed0b7b38c82f51e851e8b4c72453896d6b0cff16aa |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | a3ca7d241bb555dce78c7ab701740a06 |
| SHA1 | b99ca8a1d5fe62158f15225a0e432662ac3f8f70 |
| SHA256 | d26b9cb994e35608d38732b2e0df0cc1e268969ae6ae6d82bd4cc5e84547ea50 |
| SHA512 | 6931d6ad9cb3b9e079c6a68693bba9eee4611c4b43bbb493b4c2c62178134d42fcd21ab1355f38e79edfd23357506b6b2bbdf8413e7280536aad052b318efdfc |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | 45ab70646e07b79c422a53fb7fe16783 |
| SHA1 | b031910f64aa897488144332252c783203f242f9 |
| SHA256 | 6087e0656e23e65a3bd174fe5b9ea792255de8f2b3f12d67eceed6a96a04a2f6 |
| SHA512 | 8ca08cecc0ce50bc22f93faa0ab9d48347ab594d5b1a8cbbe5fec2dd88a0952197ddbf4569c6cb7e38b302b29e9a7e97750a16c0be481528ea6dcb0dde036b09 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | bb936db1382bc051e2e600412fe52133 |
| SHA1 | 5d6dd68680a28df6d40a0c5eecb016825719d978 |
| SHA256 | c47cd6130d6e6ce3d64f5932afa3c52b238a2708503011087f80f6a0330bf0c3 |
| SHA512 | 04184396ed21fad3bf6fdc023468079040853fbfa1d25454fe1392f26fa3b5a7123ae1b59177fcefc59bfab5c302302d3a6b2f02bdb34268122c43542c6e4a9f |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 4b0e60dc1b045bc475502220e9142fff |
| SHA1 | 0b4b2a20f065ff7dcd0c654f471f8367ea23aa0e |
| SHA256 | 1a6e3ead276eae49a03197f01bd0741090a8ef68695ad9a8e62348e259d07dcf |
| SHA512 | 9dceceb8e7ae4a4bfd6d54635c1420471c8d07a65e81d125b7dfa2a398945fcec7c0ee3e5ec0a874ad85cc74edfd5d1da2b6e1d1e95a2e9172962e1190423485 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | a3769137662542c8ca8690ad5e0a1b05 |
| SHA1 | 19b53afd1241de130391b8653bd4131e82766223 |
| SHA256 | d03a718bb37ffdc8bbf4c92efd394a20e6f30c4f756b86050181446c926656c8 |
| SHA512 | 551111b421c00ad4f2de23b12f5514551eb3d8d8215743f310436214cf209a763614f4f47c89bdf1c8d0bb81a98e86ae020a29237c31690bffe67e30af08b04e |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | decb8ed8a7a029aa677fcf3eaa0009e8 |
| SHA1 | d3158613c7b3dd23947aead4c1ba645312584110 |
| SHA256 | b9a73e4d1639e9ecaab80af34a322b948e06c588fb4c6c963eda134382971aee |
| SHA512 | 568b04b485ca659aca17460c4527910666cea2ed6275d8376f5dae6312759fab39accc2553a881ef6b59f6eb4dd63ecef5068e8436d02205fa32db9ee2ceaca4 |
C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe
| MD5 | dfd900def4742b3565bc9aa63ec11af5 |
| SHA1 | c1cefc356045ccf20ebc98f6c48b2a85f0d32465 |
| SHA256 | eae4a33cfa155a9f5f520816b42dc4f4012d5c7c916dc756b3de025a3062a461 |
| SHA512 | bb2b4daa121dab894ad036648eff6f81e9be97840b4be7ba54b7df0383cf863b157d6088814a0d63c7523751f8c68d9b5c1f247512d7587348750c1b71ef3b3e |
C:\Users\Admin\AppData\Local\Temp\nso46D6.tmp\System.dll
| MD5 | 4f25d99bf1375fe5e61b037b2616695d |
| SHA1 | 958fad0e54df0736ddab28ff6cb93e6ed580c862 |
| SHA256 | 803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647 |
| SHA512 | 96a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130 |
C:\Users\Admin\AppData\Local\Temp\nso46D6.tmp\nsDialogs.dll
| MD5 | 2029c44871670eec937d1a8c1e9faa21 |
| SHA1 | e8d53b9e8bc475cc274d80d3836b526d8dd2747a |
| SHA256 | a4ae6d33f940a80e8fe34537c5cc1f8b8679c979607969320cfb750c15809ac2 |
| SHA512 | 6f151c9818ac2f3aef6d4cabd8122c7e22ccf0b84fa5d4bcc951f8c3d00e8c270127eac1e9d93c5f4594ac90de8aff87dc6e96562f532a3d19c0da63a28654b7 |
C:\Users\Admin\AppData\Local\Temp\nso46D6.tmp\LangDLL.dll
| MD5 | 20850d4d5416fbfd6a02e8a120f360fc |
| SHA1 | ac34f3a34aaa4a21efd6a32bc93102639170e219 |
| SHA256 | 860b409b065b747aab2a9937f02d08b6fd7309993b50d8e4b53983c8c2b56b61 |
| SHA512 | c8048b9ae0ced72a384c5ab781083a76b96ae08d5c8a5c7797f75a7e54e9cd9192349f185ee88c9cf0514fc8d59e37e01d88b9c8106321c0581659ebe1d1c276 |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | a0219e79d47c10346bbe8d9e0f0585a2 |
| SHA1 | 4112da5b610d4cf4ca32a71aaafc24c9159fd451 |
| SHA256 | ae1a321e1d81fea5220afd33a5c9465fe0515038a5a0ad784daf14ec57df59e1 |
| SHA512 | 4178ee17ddfbe7318febd0991fcb70de6bdd732ef5081210e63f1082e54c6bb0b705506ed9cd41ffc13f07a6c904f091b6a4a09ae76ac6564a88d739203c38b0 |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | 0abd5fc32d7c9bd365de30cf1169d251 |
| SHA1 | 5389cc888b8b761564ab0135b954ce60d32d0199 |
| SHA256 | 5aced11bc1055c2f658f86e2171a2f88ae1587f08b6428a64df6b1bd3c7318a0 |
| SHA512 | 3c97356af48cde087d3ef0d65e6b9913fe3c26d037ecf4d7a95fed42a00023c513dada9669a4d42f16034de75bdb136fc257fd876d7f466240522a258e20f8b7 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | a56a844fb54dbd75720088a835124a0e |
| SHA1 | 94d66d417c4a331890fc1bbcb2ab2e5d3a2bfe05 |
| SHA256 | bc2690cb68cfedb066af40dc532158236d42e67ac847c51d19a54fc4acf8ce54 |
| SHA512 | b9e1b8cae9a9f12b990ca594e19c2df75ac956c04de2458b335a7de6b1aacd32d3897d1c0f0a1fd1c0364d9deb1b394aa2c6d8d7b1897ec36619f0cf6386c02b |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll
| MD5 | 52c4aa7e428e86445b8e529ef93e8549 |
| SHA1 | 72508ba29ff3becbbe9668e95efa8748ce69aa3f |
| SHA256 | 6050d13b465417dd38cc6e533f391781054d6d04533baed631c4ef4cea9c7f63 |
| SHA512 | f30c6902de6128afbaaed58b7d07e1a0a674f0650d02a1b98138892abcab0da36a08baa8ca0aba53f801f91323916e4076bda54d6c2dc44fdad8ab571b4575f7 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 393cb7447de3449bc4f762f6e286b0ae |
| SHA1 | f4ee9f085f9edd1e880dacd1e15bc2ec6346d80c |
| SHA256 | fe3985889a8a6315341ca31e84eb84dfacdc499b0f5eb33d3e3670f3634dfc44 |
| SHA512 | fc148ecc7fb6d85cb2feb4e613e706d62bad9dc5094ea2e700b545cc0b7e030c7f3cd4db1678fb2ebe59e7e7b0f362d673a3028bfded20753ff0dcf8fd7ddfd3 |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe
| MD5 | 9761279abf322b5679210cdc11ccba78 |
| SHA1 | e3956b256a2d34f2326f9956129a2d2c098dbe01 |
| SHA256 | 73514832c7e23866058fc434ff282be593357f086d84550299c3ed3bc540d221 |
| SHA512 | f1ecd3f05dbd1cbfa3086ff4c21c957ab720f7786db32a3435d9333508112a767fed8f289a33c7c7799931d9ed1dbf248aaca6bfb444e351b763341f3b435c89 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 43a891ef64d99b86a11742fe2547fdd5 |
| SHA1 | dc92b12d56a7466f477fe213bd9e7633fc0ce700 |
| SHA256 | a7d63d2f3a8daf8895791c61f266a91d483d55ed95ab99ad4d6d67d4c9944b4b |
| SHA512 | b03d435288ee19ed7d18a471678416983cf665ba219d0b847463f9b92dc986d84186c6af910f2558c869d582517911937d6c9cd87de93474e9102cf59dd115e6 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | c17540cad0d0419a6691c977d32c5783 |
| SHA1 | b0aa65840db6776ae613c9e6bfb21f1676ea8d99 |
| SHA256 | e1a052f3a714926c30328f8698fbb2f97e79886d5213117d77446dcb4d17616c |
| SHA512 | feb000ac14c3114bdc5a4f7177f38d25345bec279c235e2391a27ef45b10eb6c37f472d5c8be02196c49ed7858d936c3214ae4ddbd618bdbc8faa5a26ae6f42c |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 93136fc3cc11ed71de3d5cac8dfddd12 |
| SHA1 | b673ffa0bbe310ac258dd7978f00cd021e2e45a3 |
| SHA256 | 17ae1c52d094b08b3907ef2d8eb2989c8a3e6fda2aacf249aeeeff0d65131715 |
| SHA512 | 0c96c3df6a19331fd1f5f6a8477142c28409b70f69ef250d0cfa139781e48b859f40799dc7524835219a23740882988494acff5750d7df152aa4bc4256a476be |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 98743acac29efb0e43188843e6c030b4 |
| SHA1 | 544537982a19e830eb892dc7c41b535dc218a19d |
| SHA256 | 400ffe887507292c7f6d1cb8a043e3ab923c29de31ad38613b36a14876061c4b |
| SHA512 | a773291c8810d56670d4260d2344632f1ca117bc0d338f10a779a747957ef13588fdb79c8e19c3cec6b4bce5fb7d51dc71c3054c00c96d1c545c06b302f53fb2 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | f94c78214e4031820b4758bc9da2c05a |
| SHA1 | 2e5ced738dee007bbe04ac0c4cb6ca983c98a794 |
| SHA256 | 34c62e1c3f1ae9298d0d0c6807cda848ece4a1bf191b6680432d566c51a9c0b4 |
| SHA512 | 4258a8983c785ccb3d5e2dadb3c3c1d666784d7cead6e05d7335271568d1f0ed23f9afc477d57db7e9eaaa97e7b46b5bdf80bf7a8cdac5732ff89faf957699ba |
C:\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll
| MD5 | 43ac1c20beb5002fa077cf957f4acd1c |
| SHA1 | 26d293956846ad24faf3c7269654a58885256c5d |
| SHA256 | 1367ed1b5a3eea658b136d7e04598cc8fa9652bebd2e301bea0042c108ff1754 |
| SHA512 | 3526000c38985e8da22d245ab944545ba8bf5a4ff2611c45c4602259c86b800307330dcdac9ebb1a0c3e12c3b3649825686737d4417d2580f3f5e0bdc05ef39f |
C:\Program Files\Malwarebytes\Anti-Malware\expapply64.dll
| MD5 | 76a6c5124f8e0472dd9d78e5b554715b |
| SHA1 | 88ab77c04430441874354508fd79636bb94d8719 |
| SHA256 | d23706f8f1c3fa18e909fe028d612d56df7cd4f9ad0c3a2b521cb58e49f3925d |
| SHA512 | 35189cc2bf342e9c6e33fd036f19667398ac53c5583c9614db77fb54aadf9ac0d4b96a3e5f41ec7e8e7f3fe745ae71490bdcf0638d7410b12121e7a4312fae9e |
C:\ProgramData\Malwarebytes\MBAMService\dbclsupdate\MBAMCoreV5.dll
| MD5 | 65a49aa18cfaa688a43a62e2821fbd77 |
| SHA1 | 2ff08fd8149e1202e580dad63f7ac1fe3130464e |
| SHA256 | 7dc3f946efc0cba5e4e6285bb0c77c20e04ae473f41ba58ac1a7ee539168e6ee |
| SHA512 | 4e0a6c1491f398ad9ed4a0004b0e6e0c6a29693f7c225d93d567ad356a9a6423b35cafe2ae5dbd8bdce9b034b35055ec1c3e5248a09a3a209116ed1f7e62aea1 |
C:\ProgramData\Malwarebytes\MBAMService\dbclsupdate\igV5.exe
| MD5 | 00bb4872fd3c456f23b2b00a679b3890 |
| SHA1 | b2f98fc663e37bbfda7398079d4d483d862256a6 |
| SHA256 | 1bbaa5b2a9e7423568aaaf7b6c2939a6ea784e0b8fb5e428b6e7423927e0c9ca |
| SHA512 | eda71ee5c4bb9490e9a303347180e94425f2228476a45d983ee4ce5ff1c84b60c359ad29d545b0bcc8dac0aafc6cf0d4297560bdd2e68587aeb0137de61f19ae |
C:\ProgramData\Malwarebytes\MBAMService\dbclsupdate\sampleV5.dll
| MD5 | a8de0cb6e0103dc9dc9f1a7f4f35f819 |
| SHA1 | 27674efbfcc8975b4a372742b141ddce47cb540d |
| SHA256 | 87bc58ad3b68b87620c543f54f1e5ecbbb49b7468aa7c271a6d9ab95ac9beefd |
| SHA512 | 6688449e115b0403e08cb24c61f961c74c27cfd6609af360c251eb446d294e42ab1323e34a4e3992020d8c7fd0e8002fb7b96329cdf9c486910508d81429a072 |
C:\ProgramData\Malwarebytes\MBAMService\dbclsupdate\version.dat
| MD5 | 14a8b128d0e43ad65d84a9ff6a8b4a0e |
| SHA1 | ed8ca0154f30ec274e4a3d2f00e9c89badd7d84d |
| SHA256 | f4497629e5beac9959e5a3d0d4113edb91aaead237f4bf2daf46561a4e1f52a8 |
| SHA512 | 33686c5157ac83b92f479f27afedbe6e19b68a0f1e91cebb93d8214298e46792b3c542c12290fe95f49e9c151027109f77a314e03d17d534d7eb82787f6a8964 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 4a90e1e860f801038afd8045ec2ff160 |
| SHA1 | 2272a9893a9ad8411441bd18ca57a39de8c7ea06 |
| SHA256 | e1026de7ccc115ede6ede1a97908fd00bf4671ac6cff90a5094f291fe729bc87 |
| SHA512 | 8a7e3d52024bd83de2d94c831e48ce937e6e0c5cf232d90e9e7fb191af25e572e225d9378fb45fa37fe43130a413fb19292fa603756893847f62584946ba5a12 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb
| MD5 | 3ab85bfb962b28acddf17008856fe9a3 |
| SHA1 | 96666e33d07f4d258c7d85930e26e5737a35308c |
| SHA256 | 6b60cb9033b9a2c29ae2c27d3a2f0399b99aed55dc8fe19f168adbf8db736612 |
| SHA512 | 4c1b52b3b56e9bafa4a74aaadf277f7654987fa48fa7a88c462e54443dfbda8427d11ac2b4491d786253d40bf1401021af1ee898f1b67422217fe36ef81ddc2f |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb
| MD5 | 29e8b161dd1d0d78736cafcdec9aef26 |
| SHA1 | 65410bd5644b150fc79fac84d266b24142807f39 |
| SHA256 | 8aa9021d4fe0f4927f04b4eba91469d6872189b2aee2582054c6d558531bd5ec |
| SHA512 | 0312b7b4aa15d0e1cf573fddc70affb9ea67b2897e0c57c3bda6c2e5c7f95a26a2ed0348a6a366963146dec17dc01953ce80607955516a531324384f10ee4abe |
C:\ProgramData\Malwarebytes\MBAMService\clean.mbdb
| MD5 | 29a0aae311fa67526a3349de8abf69b2 |
| SHA1 | fc740e0e8bd5df212ac1c2d8cff320ba5d921167 |
| SHA256 | 97b80969fc7399ffed64382eff45b11b3f8ac96dbcb695517062a4ed0eae7999 |
| SHA512 | 7963b31e39845968c8a1907be12a587cd38415b1441546a1054a863fd83ddbb6beccf727057eb59f8bb5a7e6cbaae01131bb909d87a34ab90ff1217ccda43c0a |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm
| MD5 | bdc43ea8cb84f4269090e670a29a0d74 |
| SHA1 | 33161c2cd67411de2f8bc1252ba89049ea1fef59 |
| SHA256 | 89ee6c9d936d04aef56cf7f0e4c1bd9a3b9d4b5dd0da7a3e0d58250169248bf7 |
| SHA512 | abbf1f6527833ea3337452294b64025ec199fe4f596010cf7e5acd09a899eaf7a742be96942ba66b10fe1b50def0907eb025408f85e7a8cc2e9e6ff5872f9529 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr
| MD5 | 1422309c0da90e0ac81844816bcc78f3 |
| SHA1 | 8bb6e9c2c4f66b6d0d076bfe56f6e25c8ef0ea91 |
| SHA256 | 60fcd8a74e242023423b941a8fbfa0eac058e4de2eb46f8772638559aa255b21 |
| SHA512 | a26fcb8888c8941cc1a002493b0a7c0479d26b063d74503bc0bb5f58083a77239ad96d082648b3512ddcbce3877c9e3101440c6e4248679ff844c48e6dd85dbc |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb
| MD5 | 6adb2549e2c02b92f8e2ed2b4f0e8703 |
| SHA1 | 189d4bb4e245b25b2af76f202eb7bf1ace4e9024 |
| SHA256 | 0b8f17030af6bd8a170db0466009ebd16824a681afadf6ff4a64e96a25910c90 |
| SHA512 | 6511bb5fc97142157b4586feeaa01de1089c30c8cb1b060542cd36370d25ec65551be1cde9f07ff3b9069d550a86a31d3fbe6a2a9bd97126ebebd37dfff132d2 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb
| MD5 | 2c109063f0a989a3bbf1060e79b4ed83 |
| SHA1 | e277e0d6802c973dbcc190090563fda59c1684d1 |
| SHA256 | 02943df89758cec001ddfb8c22e919026e05b30d68b3506eb9cfc5b6125a3ac1 |
| SHA512 | 435f19ddbedaf08c30cec09aabd8a0fe7c518fed88769d636695e5eb27e7a08821e4c3ec9647762ff11ee68823e7a094eceff2777db27415437e0a09caae9fd7 |
C:\ProgramData\Malwarebytes\MBAMService\dbclsupdate\mbdigsig2.dat
| MD5 | 6228a93a889aeb9835e57561fe0cf6da |
| SHA1 | 67ddde2c505769cd84e78ab761e10bfe7b0eef8b |
| SHA256 | 71ef49d54d088c61437d7373d9db45446b110841e165b91a1fccfd909bee1648 |
| SHA512 | 56df1792e57ae78df6b9e5ca9c2f5487857518c1174132a8876d450efb25993e46824525b635dc0aaccffa0f2fdb6bd89727b35a97c40e58d8c44550679bc3bc |
C:\ProgramData\Malwarebytes\MBAMService\dbclsupdate\dbmanifest2.dat
| MD5 | 3207c7cbac8b808f9f1048d7f3f247ae |
| SHA1 | 64cdb74e5da0c30fc48ff38244b4c92e8c183804 |
| SHA256 | 55774b60909638b278a70cd7a522ec0881c9675b4d78ed7ac9f39c9467ab40ab |
| SHA512 | 7c3b661fca7e7ef112eee76018a41dd6c97cc5039c582aca8a03aef34e24d92cf97a06bb43412e0bfca6a92e7db94490eeb79d8d49831f38c18ade72e0553f46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36f14c6d84591a1b011119ea272806ac |
| SHA1 | eafd311b2466e7e5550bfc99338bebbafb97e44e |
| SHA256 | a843b7834bd9c5ecddbaca0e7e59b1dbe87bdcfef205fc612a436c8d30281046 |
| SHA512 | 30c3167bed3aa166706f38d99a8e9eb803c308f7f67d744cb0a7773b656020b8a90735e18daa34a8de055cce53064f83fb9291fb4bc8e6ed1501a2bf69b73e44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dbe46f82a661d0ad699e8e7e742e72ee |
| SHA1 | 4dde6bc2ec575d4411eaf2fc19a13597f3cdfe87 |
| SHA256 | a9613834feb68bc16aee4ec20a98adbc19aef47e94d3af5409203cf965dc003d |
| SHA512 | a1557deb1a906a2d82b0d821fb6a777cbba9ba87b4ca240dff8bd24aa5685d22b47b06810a103c7587e23183e985b7c5b1f83ab55fd417017da361530e69f305 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a511e01b3d62b5ac80720d1f8c32b1be |
| SHA1 | 5fe870656bb7c81ba0b6ba360cad76f462f131ec |
| SHA256 | ac15f3160ac3ee91ad073fd3f8e99ad638dc5292b6e4b8358061f079b8c2338e |
| SHA512 | 05f8eb7218c95eb97bd3b9e691d508de05a57550f7d119311d0c13939d8601e3e21a967f1e7efd37818d01cac5c89d7c79b5ea95025c5a4d70363360a3713ec8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 99635dd7ea1201c78356aa1c6e4e3531 |
| SHA1 | 3c5c5f9134485b07f2ec235dc14ff0e1a1d91531 |
| SHA256 | e68128248dc52daad65b5094a5f3b5b3d795f588cb75db026fd21f38733c0e4b |
| SHA512 | 04ffa25aaedc478b0c08dd26f170d8d6bca9210f9f4731e1dbc03cf9b755c534972c17ec272784dff9508d31545280adc6e0237579db76ad69a7156a939d6b44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8a008a4b873ce56165f185386a40b83b |
| SHA1 | aa63ac38c20d7c51557b4d780fe1f86be63a6da8 |
| SHA256 | 85631aff8ca4263e4db22b272b31b41afc2d11e3625732f9ba78d1473fb3580e |
| SHA512 | cf06dae5539a1e292a2c7735a9ecf4ca5be947279463339af9e475614a7ac04374ebe41e0763fd9cad95c6a62f3a79fa215ddd95b91f07a56a9928421116062f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c91ed1e568d9929fd287c1282b1bd311 |
| SHA1 | e860574851949417cd288df8d13551e098868056 |
| SHA256 | bc17ef1a00960f8b2ecbcdf03723e168f7cdf3bc2bcf466fbea1a464d2c9496a |
| SHA512 | 8b385c3f68bce845db63db24b52d35cfe841a8be07fcfdb063020ea5c5d4ca3d6613a48f174479e74ad8145684b719240e6f7d94b745458bb54c1048c52594cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9d2ce889f0fc3dc19fc65ade7633355b |
| SHA1 | 35597f82b47771a6869476f63c0747ef673eaf2f |
| SHA256 | 2c66ff4051439e065af26cd7a108a61c4919cb144602646100d59573f1c36130 |
| SHA512 | 52d94e3d7ce035e6c9b3c4b488e4747b91d4750d0cc09f537010065330b50c2d8c6facb93cc62b7550e91fd725315f4ce6c0fbc507e5197dc09798b874d338c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3dd982a6ceec8e17ffd0a38a00ac461f |
| SHA1 | 27650ae2150ae1599cf478c0c687c6cbb5bec340 |
| SHA256 | 5591112f1062a3bf790b04a3ee99c194f8f0f512787f073a20ae0336082afe5f |
| SHA512 | f82450aa80365bbc30c44dc432e8592ca0f820b897af8f6d9fc6ebecdf7cfe5214131c138b61b1d7b8895e45e1b57309162f04316d24eea46dab63f8947ba12d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000af
| MD5 | 8338f22536c85c3e762bb471633783fd |
| SHA1 | 2a0f4283cf8037f66bfb84001b90497028e98e23 |
| SHA256 | 402aa30f83399e1f58290390bb8474cd00af911306e46d67a4dc53598cc9deea |
| SHA512 | 77ad1e0e7d2d3b34c71a656ec8fb4ab178f1162511a527220d139dab3a163c032adbfe1d15cc3c2b51166f26cfdf124dda7697937969a806c46ebd06a24af43a |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 66d29fc6916b9750fc65e0aa0fdc8d95 |
| SHA1 | cb0bacedda3361d1a11c7ba95019635216262de7 |
| SHA256 | 3f55d11e37ba2fc46a729ace1a21965ba2fa56b231ad952a8efa64c0bc8dab50 |
| SHA512 | 09bd042ec5dd9c02e34eb09b298cfa048b685d92d1150d3437740507601303e2d16e9bfff0a3c40e80d761f951c9eeb776559bcb74e6c23c8417c794474f39ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5137bdfc3f26e6755c4b513e9916b03e |
| SHA1 | 473c4f6ae0c863c9450f95e900e80960fe35b337 |
| SHA256 | 46aa82ce99d16d18d23189ff864e44424be1e706418c6d312f5efe88572a5958 |
| SHA512 | 81513de678f4a0adcdf37e17612f1552601d24d638e5144e68f518ac3fdaf7bb42b83849be28897430a62c3e1fa4336b29b933a64b0eae0078b3b6c632e2dadd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 667b33e79993d26918ef97371c1068c3 |
| SHA1 | 50574bcd146f7e7c9e6708fed31fcca5f5315d46 |
| SHA256 | 2dd5db12fc129840652cbc5f406b6b363ed334020383470dbe0faf5562a4a07a |
| SHA512 | 38d9dd7f256dde7fbcc0dbc32456af1e6d05221258626d730f74f7547a38b1c8edf701915b71690974d092479f6ef75fb7ed555af28396ed9d14df223592e06a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c519dfa1bfd18c53cc7244d0f1201d1 |
| SHA1 | 573d49941f9963945c1561825c6000bc646e8aff |
| SHA256 | cb7f10dcfa481962800bec0af7c9edaf4963959071860e7c5db30d0bf7c6a143 |
| SHA512 | 6eb20b9add0b8093df83427cbb73aae137fe980e8507b90b4294bacce281be2a51e71dfb48ef5b3e9229424ef6e8cfe72d09568d5f85a7beb55268ffbeb34945 |
C:\Users\Admin\Downloads\salinewin.zip
| MD5 | 19a966f0b86c67659b15364e89f3748b |
| SHA1 | 94075399f5f8c6f73258024bf442c0bf8600d52b |
| SHA256 | b3020dd6c9ffceaba72c465c8d596cf04e2d7388b4fd58f10d78be6b91a7e99d |
| SHA512 | 60a926114d21e43c867187c6890dd1b4809c855a8011fcc921e6c20b6d1fb274c2e417747f1eef0d64919bc4f3a9b6a7725c87240c20b70e87a5ff6eba563427 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b4707d81e131c5cd4e73d216005d74bc |
| SHA1 | 793d9d484a8e031c63c5e8c74ace41911c075264 |
| SHA256 | 36a4138b9f7e0c4aa67c5ee8d553ea22a67b24ac2733850ef529181c424c8319 |
| SHA512 | 3e2d80404382c4e88df2f44cea36ecf1d3bb15f3c937f64c74b3932c979a400f8641ff01d6f0241b3227e6cd182c1a7c671fdd7e255431478e1ca89debec99c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6b0adc4855fdc2bdf20ceb72b73406a6 |
| SHA1 | 1aaebe7e4f72d387a24b67c3f918b0be2fd0552a |
| SHA256 | 7495053539e0f09961e1e4ca60a60c9c6a044d5a4d6d7e7d5ad6c980c49f2f16 |
| SHA512 | 76fe24889a6495f770dc2efc4a6f51772034042acc5fea2471380e6e973fe8c7d396f53a9f51c1291fd18fe88bf1a3f7b3bcdc17fe1d88e15263ae193cc05e59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f910ee2df478bc7b22c76ebaddcdda4e |
| SHA1 | b4e0e33696a82c70cdcebae92c4c5f7ac9acfaf4 |
| SHA256 | 873bfc500bc534fe89b87a4bcbac398ec24d1e11864855ac3b68327163105c03 |
| SHA512 | fca81e28d032b162f298c4ef47738f764e317264affac225c946bd5823325f94f395d1083ac2bb243f0b550a0d0c15a294e7e73e143debd6b568295fe2420519 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fa92c5a55c32ec6a940a2f81a56039e9 |
| SHA1 | 2bfd6ad9aae9f9d4dd5e916f8007cd43170f66da |
| SHA256 | 1cad209dcf314e53d7927314b204ce868b1004953b6418d88cd20bf75516ae15 |
| SHA512 | 2198f9a606ffa1b82e78ec41fd09fc977b682daa26e72d2d7e524378b0742f98fa6be028206b4509d834132cef5c0cd367bffd72181be85c30ab7258cd2675ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fc4af1dc71f36393148086aae886c67f |
| SHA1 | f7913eb4ba057827423f40b0f1cf75af780790be |
| SHA256 | bae845121e969127abbc98a702558ed2cbce5f3122a714a8ea7803c8818d4fe5 |
| SHA512 | 99743b7fc037074068c9fbff2c49b9faf117518858c84ee6eab61c863112539a0f9ec34759e03d0f42be9d5e3f7a79079db87135035b1f2611b8a51704890020 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 1829637ad3af675219ce5e554f2cf99b |
| SHA1 | a230471069f1662c979a8cb5a594718bee96182a |
| SHA256 | baff3c51328a96c4623a704dff9da8323fd80ea67ec62eb60467dad802a18b1f |
| SHA512 | fbe99b219feaee91283da3b14eb3c8215483b79e5952c480b5f21b22b1ad296edd6868b620fa55be7cd96d29b0fddd02c472091c3568d80dbb07a4b97d2e623f |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 55d33312e29e29707441f7e41ca04b08 |
| SHA1 | 2c4de0423a34e6c9fd417c300832ef91972b01ed |
| SHA256 | cc0b1f0a3b7e5a90bc366241c0734ef2fe5861b758c6ff51d0fe8bf74f226c75 |
| SHA512 | 550f4679ad43d3e2ca095e6b16f44aca871f331b8098eb994dc4ed45ee020ea310b3a886ad969386bcf3f3a40c573ee078c0dd849481cdfe7664385c5be62f8b |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 7e9f668b1fa42364cdb4468541cb3853 |
| SHA1 | 177cb8a12d5aee07ef448853294649408796a715 |
| SHA256 | c1ff5e0b417f8dd9ddc5a6a357ce8b273d79a064b245ab915dae26218c1162f2 |
| SHA512 | 1e321450dbda2842a1dd6f46c78dc8ed7ab70e4f7f3ee5edb4ee5713f0fbd3da625e0cbfafd391a9eeb3bad1d5dfb670d3d30bc082611addffb0d7c353d11830 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 0e6d1f1e48cbc972ed3a834ba5560a39 |
| SHA1 | 894af0bfde3ad22b1394fd92bd51bf9e7e366aaf |
| SHA256 | f0a70295e9ddbe235877e7159fc55ff8170944fcac7b8e570fc46e546e84ec5c |
| SHA512 | b35ed672a7eb7b243df0842eea4d33acfb098334bb7213d676a80528982044073f1c80eb851900ff94c489f8a7059d9caefd67681545c335ca40e0c547379e61 |
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\98d2a108-6481-11ef-8f89-ee255df7db21.json
| MD5 | d4cf972289f2b2f8136d646781f566a5 |
| SHA1 | 769cfee79934ca65dbb9efafa0787fa1e46d66a6 |
| SHA256 | 717539ce022bc917bf0089057686a84c2821a5cb90dd22967db5bb8d1a61b097 |
| SHA512 | a43216a1a490e08dc1078787bd447b1aa88d29ea04959ab0e75b81ab20e5b9e91adc2a03da9c4d4573b71070b68023aaa1d094dd1e78b5d4bb5d3b4c7922f25f |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 86fc6502e3024eab6615cef3951e9d2b |
| SHA1 | 5c6db3403da218579daf8b508496a83f1afb3a46 |
| SHA256 | 813bad3ee077c44e22d94572af8aad00e8a80eacc181f0b3f20ec803c6e9466e |
| SHA512 | f95b169d1b17f614d8de050f2d81c66aaba210ae13ac591164e33bfff3d4daf22232e92a8bf69bcb17fddafc5b699834704ef18c1feedcfceca14d309a3d265f |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 903aea52b7ced4e86bb0e10d68761ee5 |
| SHA1 | eeef74a7acd1e3c7f93aaf55501b6fd62d03d0e4 |
| SHA256 | fb509dd2d77ccdf35a6c24967850b83e8f02362d9a7d318cd1fad008d260de7a |
| SHA512 | d314cb1d676219cddb5dce08ce5f68cf19c96df93348c5951d18de5b31d0d87e6affd1f084c05866fdc0c39c579a176bbec9dad00cc52aa79b1d995b7bf2ba3e |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_10CFC0D4C45D2E76B7EA49C8C22BEDFE
| MD5 | 5bfa51f3a417b98e7443eca90fc94703 |
| SHA1 | 8c015d80b8a23f780bdd215dc842b0f5551f63bd |
| SHA256 | bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128 |
| SHA512 | 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399 |
C:\Windows\System32\drivers\MbamChameleon.sys
| MD5 | 817666fab17e9932f6dc3384b6df634f |
| SHA1 | 47312962cedadcacc119e0008fb1ee799cd8011a |
| SHA256 | 0fcaebe94f31fa6e4d905b5374733d72808f685fa3bcc9db9a8a79bd4a83084f |
| SHA512 | addc9a5b13da4040a44d4264cbfe27656b7d7971029a0ad53c58e99267532866f302ca8831a3f4585bbe68d26ec2d11a6b43de9bf147b212ab1f05eb4ed37817 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 5603b8c6ba6bb40e1be02cc0b3c9ba64 |
| SHA1 | b145e0772a2e13a802e559ca958848a4782b62b0 |
| SHA256 | cb30de5c182f0ae31f185ebaea98221af2a4cbf22790e259b178ea5b946174b7 |
| SHA512 | 8224de1a86dcf44062499c136b332743fdbedd410d93de2b50cb79b29db50e2f4e9a87c94c15f13368a76c73dc5ca7f7ad274f14dd73fc323d5b6aecddaec27f |
C:\ProgramData\Malwarebytes\MBAMService\MBAMCore_b.dll
| MD5 | 1c821a4def87a187f8ad9faf1098036a |
| SHA1 | 2f1a592a6b27160a26b992036774e7ef150b07e3 |
| SHA256 | ca0a05cc444c333107f9402274d0f8927c9f90f1e657757b627a082b3b00620a |
| SHA512 | aa8342e9d953fefaa25e842085a1fb6c962d4ae5aedfea293b047d504bbd15410bb7b51b15b08880a39542dc2134ef1c9b793c7049f6f837ab8c3e8913399da6 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 8b1639755d0a762ef173a162b2c941d5 |
| SHA1 | cbd3b6fe1076ee182db64b8d6822dd99d8565608 |
| SHA256 | 5d9a5037dbb7ca592cfd13de5b02bcf05b68a2398c8bc5678d40a9a673fedb4b |
| SHA512 | e2818b3c42003f671531567f1cdb6e4fa084a59b8a3edf1917a25744105ce394c38e65fff289d4791148f71012d04a55072f8602acfaa3ffc4aa5ee549704ef5 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | d2e1cbc80d2a4d021f3d657cd31223ac |
| SHA1 | a6d30277245a458bfb9f14d7bfae7e18e16e0c8c |
| SHA256 | 05b2258a9bdb14aeb8c5c5209d08fe7fecd22a0b9b3cd53b0095ccac9fa263cd |
| SHA512 | 3aac0cfee305b108c3ca5130fee551aeacee230cdc7b812af1179feb81d5f9f2c943836a5dbb303a142ed7894c6941fc9983bfa21da7e709c8ea5d217c199c93 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 3ffc527011103ef774b5f4c3d288c9e0 |
| SHA1 | 31e9c5352a3155896c3b3c48c941c01268dc5b61 |
| SHA256 | 5d1365a3ad27278bca7a465954d6861390e25a8255c495346672a32e142221ad |
| SHA512 | 467a98243f63ecffbb6e01d67c9f9cc9d8bedd6d70bd67955a1700b280c42863ae604741cc88e8b06e688e0473bd92ef825500ac5a07aafcc9e087f22f7fe24a |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D21.tmp
| MD5 | 3b337c2d41069b0a1e43e30f891c3813 |
| SHA1 | ebee2827b5cb153cbbb51c9718da1549fa80fc5c |
| SHA256 | c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7 |
| SHA512 | fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 87da47c4e4e0726874c30ec467de176f |
| SHA1 | 52ffdebb486a25089fd22e36afb7a9bb4444ea73 |
| SHA256 | d0796d1d07ae167d4e911d36772297f06db20712ff0ed766de46c3f26ac59c3c |
| SHA512 | e4d7bf0a1125dc733b4e64b398c07cb66db0c81f4a5a8b53325dd03084efa14f978994e452f08fb713c336222b38ce61362cb492adeaedf23f6a546b5fa22006 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D28.tmp
| MD5 | b5d0f85e7c820db76ef2f4535552f03c |
| SHA1 | 91eff42f542175a41549bc966e9b249b65743951 |
| SHA256 | 3d6d6e7a6f4729a7a416165beabda8a281afff082ebb538df29e8f03e1a4741c |
| SHA512 | 5246ebeaf84a0486ff5adb2083f60465fc68393d50af05d17f704d08229ce948860018cbe880c40d5700154c3e61fc735c451044f85e03d78568d60de80752f7 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D2A.tmp
| MD5 | 804b9539f7be4ece92993dc95c8486f5 |
| SHA1 | ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c |
| SHA256 | 76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b |
| SHA512 | 146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2 |
C:\ProgramData\Malwarebytes\MBAMService\AdsInfoCls
| MD5 | f29a979b7cf9ec1682faa415c7683667 |
| SHA1 | e2f9b751161f8e4983cbc14a2ece969e384e74cd |
| SHA256 | c230595cf704996c335a29d1aa21957322149663467652231fd0b08139d90c8b |
| SHA512 | d766a9993fc40e09ed26a547f8aeff97f2b92e559ebb49ec561ca33af07d73e58ed3e68a526475570d84b2457e0235c4d188007ef929c49c033a859f2ab67715 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | c1f0ef130a1ace533cae014a50145985 |
| SHA1 | fc0b23461ff9d4058c4d7c6ef6229661ccb31555 |
| SHA256 | 8532261d85f3578d5b7f30a1750c90c42af9f31169fbb7fec0f1b8b01dc0d607 |
| SHA512 | 27125a6124292f694dd2a6aba347f48f25562d1e7cae25f063a74ae1c49122c08182bf015d26f50b1b4b0ac7b60752de1c19457dce597f97cf4b7bcde599b4e2 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 80aebd66330ce15c9b848036fe50a05e |
| SHA1 | 666517efc7e0bf7a2f4a9fd91b8c443bf367272a |
| SHA256 | 955d37b6867c123b7363a8609a7ebedb009b85bd72482b36894e9ddfd52f9873 |
| SHA512 | 4dfebcf70061731a6d54b8229d9f2e6f98cbcbb4fd38e4c33222efff8c94d1a246d6224f92bb6d91c744a10f544c543aa609e660a54a1f5adc103bdd2648050d |
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\eb93c7aa-6481-11ef-ac7d-ee255df7db21.json
| MD5 | 9454f7a52d10225b5d5117eabe5ff842 |
| SHA1 | 9045c4fd61b01dc8d20d451ab4b1ac6661937f21 |
| SHA256 | f5812dc37afa70ed6ff357583eef4f196782a1ac969006d6c3a4d5222378a0db |
| SHA512 | 86c392c40539998fba3f531b48ceedeaa7b0d3464601861bc2d58817112218144b3a445b8c779268a63230a7a3e77ca2d693651e37b6ef395bbc72e40ab9fd26 |
C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json
| MD5 | 1fcfa5fe2ff3115a70fb8421411e552d |
| SHA1 | cc8cd679f549ba7287fec6128c304cbcd829f583 |
| SHA256 | 445958490e8667c816280f5c1101cd4b2ef7689072fa06b35752ecc8ffa8b06a |
| SHA512 | 48850760194354e886ca2247d8364ed0778db9bb65a98e781ed78b7d34b424beb6fda84d164609dee9a97c297c493ff3105e813bc3f6a69f52a7803282df3fa9 |