Malware Analysis Report

2025-01-22 20:36

Sample ID 241019-28pamsxapp
Target https://veruscheats.site/
Tags
lumma wannacry bootkit credential_access defense_evasion discovery evasion execution impact persistence privilege_escalation ransomware spyware stealer trojan upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://veruscheats.site/ was found to be: Known bad.

Malicious Activity Summary

lumma wannacry bootkit credential_access defense_evasion discovery evasion execution impact persistence privilege_escalation ransomware spyware stealer trojan upx worm

Lumma Stealer, LummaC

Suspicious use of NtCreateUserProcessOtherParentProcess

Wannacry

Modifies WinLogon for persistence

Deletes shadow copies

Sets service image path in registry

Modifies RDP port number used by Windows

Drops file in Drivers directory

Modifies Windows Firewall

Downloads MZ/PE file

Impair Defenses: Safe Mode Boot

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Credentials from Password Stores: Windows Credential Manager

Event Triggered Execution: Component Object Model Hijacking

Checks BIOS information in registry

Reads user/profile data of web browsers

Enumerates connected drives

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Checks whether UAC is enabled

Writes to the Master Boot Record (MBR)

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Boot or Logon Autostart Execution: Authentication Package

UPX packed file

Probable phishing domain

Drops file in Program Files directory

Drops file in Windows directory

Event Triggered Execution: Netsh Helper DLL

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Opens file in notepad (likely ransom note)

Enumerates system info in registry

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Modifies system certificate store

Scheduled Task/Job: Scheduled Task

Suspicious use of WriteProcessMemory

NTFS ADS

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Uses Volume Shadow Copy WMI provider

Script User-Agent

Modifies registry class

Suspicious behavior: LoadsDriver

Suspicious use of SendNotifyMessage

Uses Volume Shadow Copy service COM API

Kills process with taskkill

Checks SCSI registry key(s)

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Reported

2024-10-19 23:15

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 23:15

Reported

2024-10-19 23:40

Platform

win10v2004-20241007-en

Max time kernel

1154s

Max time network

1498s

Command Line

C:\Windows\Explorer.EXE

Signatures

Lumma Stealer, LummaC

stealer lumma

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe," C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 5340 created 3452 N/A C:\Users\Admin\Downloads\MBSetup.exe C:\Windows\Explorer.EXE

Wannacry

ransomware worm wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\Downloads\MBSetup.exe N/A
File created C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\Downloads\MBSetup.exe N/A
File created C:\Windows\system32\drivers\mbae64.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mbamswissarmy.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mbam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\Downloads\MBSetup.exe N/A
File created C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\Downloads\MBSetup.exe N/A
File created C:\Windows\system32\DRIVERS\MbamChameleon.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mwac.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\farflt.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies RDP port number used by Windows

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\Downloads\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\Downloads\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\MEMZ.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-AVTAM.tmp\7l_csgo_latest_setup.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\MEMZ.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\MEMZ.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\MEMZ.exe N/A

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
N/A N/A C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\Users\Admin\AppData\LocalLow\IGDump\X86_00\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\Users\Admin\Downloads\7l_csgo_latest_setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-AVTAM.tmp\7l_csgo_latest_setup.tmp N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Program Files\Counter-Strike Global Offensive\Run_CS2.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService\ = "Service" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\Counter-Strike Global Offensive\Run_CS2.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\U: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\U: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\MEMZ.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\MEMZ.exe N/A

Boot or Logon Autostart Execution: Authentication Package

persistence privilege_escalation
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Notification Packages = 73006300650063006c00690000000000 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Authentication Packages = 6d007300760031005f00300000000000 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\21EA03E12A6F9D076B6BC3318EA9363E_6EF0095DA824AE045AE9FC5B645DF095 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\netvchannel.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\net819xp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\mwlu97w8x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_10CFC0D4C45D2E76B7EA49C8C22BEDFE C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisimplatformmp.inf_amd64_8de1181bfd1f1628\ndisimplatformmp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\net8192su64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\netathrx.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\netathr10x.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_9a5b429abc465278\wnetvsc.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\netwlv64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\msux64w10.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{678334b1-2c16-5b48-9d24-ec795459942a}\SET4420.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\201DA8C72BE195AF55036D85719C6480 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\System32\ntdll.pdb C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1401C7EC8E96BC79CBFD92F9DF762D_E35D496D1CD0B884BEBCAFED0FE61600 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_dba6eeaf0544a4e0\netwmbclass.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\netrtwlane01.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\net8185.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{678334b1-2c16-5b48-9d24-ec795459942a} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_0D0888CE7AC1F2D5AD77780722B1FE14 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\dc21x4vm.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_8b2087393aaef952\netimm.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{678334b1-2c16-5b48-9d24-ec795459942a}\SET441F.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Malwarebytes\Logs\MBAMSI.alt1.lock C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\21EA03E12A6F9D076B6BC3318EA9363E_6EF0095DA824AE045AE9FC5B645DF095 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\net9500-x64-n650f.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\netwew01.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\572BF21E454637C9F000BE1AF9B1E1A9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_466BAFE78D4077069B6C3828315C7C8D C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\netloop.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7447D0CD4A15D8A8E94E184F8B1DF8DF C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\206742EA5671D0AFB286434AEACBAD29 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\System32\taskkill.pdb C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\netrndis.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0F7456FD78DEB390E51DB22FDEB14606 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\System32\repdrvfs.pdb C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DA3B6E45325D5FFF28CF6BAD6065C907_FBEAFB4EE7383EC8E0A3A2C1EC7FCEAC C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DA3B6E45325D5FFF28CF6BAD6065C907_FBEAFB4EE7383EC8E0A3A2C1EC7FCEAC C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\usbnet.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\kdnic.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0F7456FD78DEB390E51DB22FDEB14606 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_2E01D413E600DA01958BFB19A6EF6010 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\netl1e64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\netk57a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\netwtw08.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\netsstpa.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A

Probable phishing domain

Description Indicator Process Target
HTTP URL https://insanitycheats.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8d5488211d1479c6 N/A N/A
HTTP URL https://insanitycheats.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8d54885538c679c6 N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Numerics.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Security.Cryptography.OpenSsl.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\pt-BR\UIAutomationTypes.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ru\System.Windows.Controls.Ribbon.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\SQLitePCLRaw.batteries_v2.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Collections.Specialized.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.IO.FileSystem.Primitives.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\es\WindowsFormsIntegration.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\PresentationFramework.Aero2.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\tr\PresentationFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\zh-Hant\System.Windows.Input.Manipulations.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\api-ms-win-crt-private-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Net.ServicePoint.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Net.Sockets.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\pl\PresentationFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Runtime.Serialization.Formatters.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Prism.Container.Extensions.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\api-ms-win-crt-locale-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Diagnostics.Process.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Net.WebSockets.Client.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\fr\UIAutomationTypes.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\pl\System.Windows.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Prism.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Windows.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\Microsoft.WindowsDesktop.App.deps.json C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ru\UIAutomationClient.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\zh-Hans\UIAutomationProvider.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json.bak C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.ComponentModel.EventBasedAsync.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbae64.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MBAMShim.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\api-ms-win-core-file-l1-2-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Memory.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\pt-BR\PresentationCore.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\zh-Hans\System.Windows.Forms.Design.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\System.Diagnostics.EventLog.Messages.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\api-ms-win-crt-string-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\mscorrc.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.IO.MemoryMappedFiles.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\fr\PresentationFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ko\UIAutomationClient.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ru\WindowsFormsIntegration.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\PresentationFramework.Classic.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\pt-BR\System.Windows.Input.Manipulations.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:SmartScreen:$DATA C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\api-ms-win-core-namedpipe-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Diagnostics.StackTrace.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Net.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\cs\WindowsBase.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\fr\UIAutomationClientSideProviders.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\clretwrc.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Reflection.Primitives.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\System.DirectoryServices.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\tr\WindowsBase.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\api-ms-win-crt-stdio-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\hostpolicy.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\fr\ReachFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.UI.Theme.Light.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Runtime.InteropServices.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\vcruntime140_cor3.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\cs\Microsoft.VisualBasic.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\pt-BR\UIAutomationClient.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\notepad.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\notepad.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_Verusloader.zip\Vеrus\Verus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\undetek-v6.9.6.9.4.2\undetek-v6.9.6.9.4.2\undetek-v6.9.6.9.4.2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\7l_csgo_latest_setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MBSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-AVTAM.tmp\7l_csgo_latest_setup.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files\Counter-Strike Global Offensive\Run_CS2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MBSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MEMZ.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SYSTEM32\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ C:\Program Files\Counter-Strike Global Offensive\Run_CS2.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Run_CS2.exe = "11001" C:\Program Files\Counter-Strike Global Offensive\Run_CS2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MB.UpdateController C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B8E2CB10-C8DE-4225-ABBB-6CE77FF04FFA}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B471ACFB-E67A-4BE9-A328-F6A906DDDEAA}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2650A9C4-A53C-4BEF-B766-7405B4D5562B}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C0D8223D-D594-4147-BAD8-1E2B54ED1990} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4BDE5F8-F8D4-4E50-937F-85E8382A9FEE}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B1D8E799-D5A2-45B4-9524-067144A201E4}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B32065E5-189E-4C5F-AA59-32A158BAF5B7}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F49090F8-7DC6-4CBC-893A-C1B3DCF88D87} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E32ABD9A-1CBD-44A5-8A62-55D347D3C4F0}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F1E58D1A-2918-4508-908A-601219B2CCC6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E03FDF96-969E-4700-844D-7F754F1657EF}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{983849D5-BFE9-43E9-A9A0-CBAFBC917F39}\ = "_ICleanControllerEventsV4" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6696D5DD-4143-482C-ABF4-3B215CF3DBFC}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8A574BA8-3535-41F9-AB73-FA93F8A7DC3B}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{50538523-AA2F-40D3-9B58-DB51D5BD3D4A}\TypeLib\ = "{783B187E-360F-419C-B6DA-592892764A01}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A30501F-26D0-4C5F-818A-9F7DFC5F8ABC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D51C573D-B305-4980-8DFF-076C1878CCFB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{68E3012A-E3EC-4D66-9132-4E412F487165}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B471ACFB-E67A-4BE9-A328-F6A906DDDEAA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18C5830A-FF78-4172-9DFB-E4016D1C1F31}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B1D8E799-D5A2-45B4-9524-067144A201E4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1917B432-C1CE-4A96-A08E-A270E00E5B23}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\ProgID\ = "MB.CleanController.1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D81C2A20-D03D-40D4-A371-A499633A2AD3} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CDA4F172-98EF-4DF6-89AB-852D1B0EC2D4}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{237E618C-D739-4C8A-9F72-5CD4EF91CBE5}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B860FC17-5606-4F3A-8AE5-E1C139D8BDE3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{36F3C7D7-BCB1-4359-AB71-0CB816FE3D38} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1861D707-8D71-497D-8145-62D5CBF4222F}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{503084FD-0743-46C7-833F-D0057E8AC505} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4163399F-AB08-4E5E-BE28-6B9440393AD3}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08932AD2-C415-4DE8-821D-5AF7A5658483} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D88AC9B4-2BC3-4215-9547-4F05743AE67B}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{014D0CF7-ACC9-4004-B999-7BDBAAD274B7} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{36F3C7D7-BCB1-4359-AB71-0CB816FE3D38}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7196E77C-8EA5-4824-92C9-BAE8671149FA}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\Version\ = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE35F2CA-6335-49BA-8E86-F6E246CFCEA6}\TypeLib\ = "{C731375E-3199-4C88-8326-9F81D3224DAD}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1861D707-8D71-497D-8145-62D5CBF4222F}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F77B440A-6CBC-4AFD-AA22-444552960E50} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E230930A-6CC2-4B9D-8CE1-03F86A8EDA05}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MBAMExt.MBAMShlExt\ = "MBAMShlExt Class" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{115D004C-CC20-4945-BCC8-FE5043DD42D0} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99E6F3FE-333C-462C-8C39-BC27DCA4A80E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B2CCE9B-6446-450F-9C9D-542CD9FA6677}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{698A4513-65F0-46A3-9633-220A6E4D1D07}\TypeLib\ = "{2446F405-83F0-460F-B837-F04540BB330C}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7196E77C-8EA5-4824-92C9-BAE8671149FA}\ = "_ISPControllerEventsV2" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BD221458-5E85-4235-B1EF-4658F6751519}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{106E3995-72F9-458A-A317-9AFF9E45A1F0}\ = "ILogEntry" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7968A0D1-5C9E-4F28-8C2F-E215BC7DF146}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0E64B3CF-7D56-4F76-8B9F-A6CD0D3393AE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{25321640-5EF1-4095-A0DA-30DE19699441}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FB81F893-5D01-4DFD-98E1-3A6CB9C3E63E}\ = "IMWACControllerV12" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4163399F-AB08-4E5E-BE28-6B9440393AD3}\ = "IMWACControllerV13" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{964AD404-A1EF-4EDA-B8FA-1D8003B29B10}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{993A5C11-A9B8-41E9-9088-C5182B1F279A}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{834906DC-FA0F-4F61-BC62-24B0BEB3769C}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{893E5593-9490-4E90-9F1E-0B786EC41470}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DAD5232C-6E05-4458-9709-0B4DCB22EA09}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C5201562-332D-4385-87E7-2BB41B1694AA} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B1790AB-65B0-4F50-812F-7CC86FA94AF7}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C\Blob = 0300000001000000140000007b0f360b775f76c94a12ca48445aa2d2a875701c1400000001000000140000006837e0ebb63bf85f1186fbfe617b088865f44e42040000000100000010000000d91299e84355cd8d5a86795a0118b6e90f000000010000003000000065b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64190000000100000010000000a344f71a7a52a76ee49b74b1d8816b155c000000010000000400000000100000180000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000b4060000308206b030820498a003020102021008ad40b260d29c4c9f5ecda9bd93aed9300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3231303432393030303030305a170d3336303432383233353935395a3069310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e3141303f060355040313384469676943657274205472757374656420473420436f6465205369676e696e6720525341343039362053484133383420323032312043413130820222300d06092a864886f70d01010105000382020f003082020a0282020100d5b42f42d028ad78b75dd539591bb18842f5338ceb3d819770c5bbc48526309fa48e68d85cf5eb342407e14b4fd37843f417d71edaf9d2d5671a524f0ea157fc8899c191cc81033e4d702464b38de2087d347d4c8057126b439a99f2c53b1ff2efcb475a13a64cb3012025f310d38bb2fb08f08ae09d09c065a7fa98804935873d5119e8902178452ea19f2ce118c21accc5ee93497042328ffbc6ea1cf3656891a24d4c8211485268de10bd14575de8181365c57fb24f852c48a4568435d6f92e9caa0015d137fe1a0694c27cc8ea1b32e6cac2f4a7a3030e74a5af39b6ab6012e3e8d6b9f731e1dcade418a0d8c1234747b3a10f6ea3ab6d9806831bb76a672dd2bd441a9210818fb03b09d7c79b325ac2ff6a60548b49c193ede1b45ce06feb26f98cd5b2f93810e6eace91f5bed3fb6f9361345cbc93452883362a66285fb073ce8b262506b283d45cf615194ced62e05e33f2e8e8ec0aa7b0032b91b23679bef7ad081e75a665ccbbe34850f377911afedb50a246c8615898f57c02163c8328ad3986ecd4b70d53d0f847e675308dec30937614a65b4b5d74614d3f129176debf58cb72102941f0d5c56d267668114113589adc262b01f4894d59db78cf814a3e40475fc98150738510232159608a6454c1cc211ae838197c661ccd78384530994fff634f4cbbaa0d0853417c583d47b3fab6ec8c320902cc6c3c0c56110203010001a38201593082015530120603551d130101ff040830060101ff020100301d0603551d0e041604146837e0ebb63bf85f1186fbfe617b088865f44e42301f0603551d23041830168014ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300e0603551d0f0101ff04040302018630130603551d25040c300a06082b06010505070303307706082b06010505070101046b3069302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304106082b060105050730028635687474703a2f2f636163657274732e64696769636572742e636f6d2f446967694365727454727573746564526f6f7447342e63727430430603551d1f043c303a3038a036a0348632687474703a2f2f63726c332e64696769636572742e636f6d2f446967694365727454727573746564526f6f7447342e63726c301c0603551d20041530133007060567810c01033008060667810c010401300d06092a864886f70d01010c050003820201003a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 5c00000001000000040000000008000019000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b0400000001000000100000001d3554048578b03f42424dbf20730a3f20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 19000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D772DA0874059418FCDAACE3F4FF2AC964A852FF C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0400000001000000100000001d3554048578b03f42424dbf20730a3f0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186819000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D772DA0874059418FCDAACE3F4FF2AC964A852FF\Blob = 030000000100000014000000d772da0874059418fcdaace3f4ff2ac964a852ff140000000100000014000000246593980801e84ed4d64cea6455e1c0fafbcfb3040000000100000010000000fe9ab1791f2f2a2a01fce48d6b2a093c0f000000010000003000000054de7e1f5b9b2c1834c8e4fedef7bec89e6e7117ef761a80d1bccec1d63888d0d4ad1b6c5c6a4ea556436ddd29aaf904190000000100000010000000ce4cfdd3ed415f0993c3c8bd5428ecbb5c0000000100000004000000000c0000180000000100000010000000ea6089055218053dd01e37e1d806eedf200000000100000048060000308206443082042ca0030201020211009e02b0e94aceb2109ca1e9836be0c2db300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3231303532353030303030305a170d3336303532343233353935395a304f310b300906035504061302474231183016060355040a130f5365637469676f204c696d69746564312630240603550403131d5365637469676f2052534120436f6465205369676e696e672043412032308201a2300d06092a864886f70d01010105000382018f003082018a0282018100bb7bff8fbf4b2d43b6f1661c00ff8d9d2a7840c4234c4349a709395a45510b16fdee6031f53470e363075bec932a725a16385216091d2f53efa83eec3aa07ba25348802d95959b14ddb213f617c13b2612049cde3d4c4a3d33c30c26256f3d6e0f9503b18433c690499ef9e636778f006324606f5d61e44d1b0df783548cbc4f8a7c20f42a20aa61a02d902877d351569c94cca6f421cad8be289a4a1e5486c3f6ec6c6ac10e69d339b273758ff0abf75b77391ea30672e23287f97fc61413e468911d33a9c7b3302db6a9c581ef21848aba96ec110364e5dfbaa9c18d4e7e2cdffbc380c1a8296a321225fa20451c29f5549adf8ae067f1310f0a11c63170afbc803b177ec3f23626be3c37cf37b85d795497b8bbc37f76056a359f8213194f2af37dc9b988166a4c38d82b61e5615b571a0ec7fd7bb76b0a42401ff30fe0ec70ba6a79571889c71df7309f430a0715067245a3575ebfa3ed584c62197566c21b0175a6560d1461b5765bf137b4040503c1c4a3ff5dcaf49dbae72f16f6b67b0203010001a382015f3082015b301f0603551d230418301680145379bf5aaa2b4acf5480e1d89bc09df2b20366cb301d0603551d0e04160414246593980801e84ed4d64cea6455e1c0fafbcfb3300e0603551d0f0101ff04040302018630120603551d130101ff040830060101ff02010030130603551d25040c300a06082b06010505070303301b0603551d200414301230060604551d20003008060667810c01040130500603551d1f044930473045a043a041863f687474703a2f2f63726c2e7573657274727573742e636f6d2f55534552547275737452534143657274696669636174696f6e417574686f726974792e63726c307106082b0601050507010104653063303a06082b06010505073002862e687474703a2f2f6372742e7573657274727573742e636f6d2f55534552547275737452534141414143412e637274302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300d06092a864886f70d01010c0500038202010055d1f2be5bc5485740e5ecd9faeffd6b92fca8754779e9cfc23d14f9a109e565b9ad9fbc4ef29da2e735cccfa2392b472bc0e0ba36902366d1126488d95751add00f6f5f8a90cf1bb17a6956fac2400a85bfe1bae0cd72337817684ef2eb0276135b8529532e1d3caf14b46c0333f437a1ed90453ff573bca9925017ebfe39ca4640eafba3b4179b585ac5004f6cd30cc05f6f867781a63d2516f62fa249f093bed557723cb3c8d21b129930221003f64a89e0928fa8c338600f2156d4ebab5733a777dd27e591539e2f671f4bc38bf4656392ce9512561e1daee2ed8074beec4dfeecc717d79493974c464cc54662e53b9d1a08c0630ad519cc0ab089cc8b2e084578d969ec7d0db7cf86a12ec3e0860e3709e44bc50c73c8f628dc9ed5959a235771ce406d9d5bea1bc3b2492444f41004caeda6925f54d6097b3ab992d310111499b6ce40ffe5c6a3776635adec33a03bc8c69e3ea19985587cb1a85a38e62e53ac7ffd133beb57d46dfdf21ce2f78cb42ef6d754ef23ed29b10ccb1f9a3cd82f9e0d66499f508786a0f1f9ca1cb01dc3f14c9efcd3a64feef466b642d170b95b948385bbd44479771188b1a071eafa4bf0ff8708cd8a8866ba87405c9488d8ad0a0742f7bee4cb993791318d9a6810fe9a03bc150226b79e70bd19804cecf00280fbff4ca2b76ebfe3d8e4dcf7c8856b986ed21371dceecac9ae317e7b05 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 508823.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:SmartScreen:$DATA C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 10994.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 607806.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 686503.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Verusloader.zip\Vеrus\Verus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Verusloader.zip\Vеrus\Verus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Verusloader.zip\Vеrus\Verus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Verusloader.zip\Vеrus\Verus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Verusloader.zip\Vеrus\Verus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Verusloader.zip\Vеrus\Verus.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1704 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1704 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://veruscheats.site/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e48d46f8,0x7ff9e48d4708,0x7ff9e48d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6808 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Verusloader\" -ad -an -ai#7zMap5755:84:7zEvent25919

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Verusloader\" -ad -an -ai#7zMap8542:84:7zEvent17293

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Verusloader.zip\Vеrus\HowUse.txt

C:\Users\Admin\AppData\Local\Temp\Temp1_Verusloader.zip\Vеrus\Verus.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Verusloader.zip\Vеrus\Verus.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6064 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6428 /prefetch:8

C:\Users\Admin\Downloads\MBSetup.exe

"C:\Users\Admin\Downloads\MBSetup.exe"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000160" "Service-0x0-3e7$\Default" "0000000000000170" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status on true /updatesubstatus none /scansubstatus none /settingssubstatus none

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe

"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\Users\Admin\AppData\LocalLow\IGDump\X86_00\ig.exe

ig.exe timer 4000 17293800040.ext

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6864 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3a4 0x4f4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=17108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6836 /prefetch:8

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Smurf-Wrecker-CS2-1.zip\Smurf Wrecker CS2\Please Read.txt

C:\Users\Admin\AppData\Local\Temp\Temp1_Smurf-Wrecker-CS2-1.zip\Smurf Wrecker CS2\SmurfWrecker.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Smurf-Wrecker-CS2-1.zip\Smurf Wrecker CS2\SmurfWrecker.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=154 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=155 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6456 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=160 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=162 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2664 /prefetch:8

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_undetek-v6.9.6.9.4.2.zip\undetek-v6.9.6.9.4.2\Install Guide.txt

C:\Users\Admin\Downloads\undetek-v6.9.6.9.4.2\undetek-v6.9.6.9.4.2\undetek-v6.9.6.9.4.2.exe

"C:\Users\Admin\Downloads\undetek-v6.9.6.9.4.2\undetek-v6.9.6.9.4.2\undetek-v6.9.6.9.4.2.exe"

C:\Users\Admin\Downloads\MBSetup.exe

"C:\Users\Admin\Downloads\MBSetup.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=164 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=165 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=166 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=167 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=168 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=169 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=170 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=171 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7432 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=173 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=175 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=17204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=16556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=177 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=178 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=179 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=180 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=14904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=182 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=183 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=184 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=185 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=186 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=187 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=188 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=189 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=190 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=191 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7176 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=193 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=194 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=195 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=196 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=197 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=198 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=199 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=200 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=201 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=202 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=203 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=204 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=205 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=206 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=207 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=208 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=209 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=210 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=211 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9100 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=212 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=213 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=214 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=215 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=216 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=218 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=17308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7860 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=13904 /prefetch:8

C:\Users\Admin\Downloads\7l_csgo_latest_setup.exe

"C:\Users\Admin\Downloads\7l_csgo_latest_setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-AVTAM.tmp\7l_csgo_latest_setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-AVTAM.tmp\7l_csgo_latest_setup.tmp" /SL5="$70428,2260663,928256,C:\Users\Admin\Downloads\7l_csgo_latest_setup.exe"

C:\Windows\SYSTEM32\taskkill.exe

"taskkill.exe" /f /im "Run_CS2.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=221 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=222 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=17108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=223 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=225 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=14724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6836 /prefetch:8

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe"

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=228 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=229 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=230 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=231 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9e48d46f8,0x7ff9e48d4708,0x7ff9e48d4718

C:\Program Files\Counter-Strike Global Offensive\Run_CS2.exe

"C:\Program Files\Counter-Strike Global Offensive\Run_CS2.exe" - forceupdate installp2p

C:\Windows\system32\cmd.exe

"cmd.exe" /c netsh advfirewall firewall add rule name="7Launcher P2P In" dir=in action=allow program="C:\Program Files\Counter-Strike Global Offensive\7launcher\tools\aria2\aria2c.exe" description="7Launcher P2P In" enable=yes profile=any edge=yes interfacetype=any & netsh advfirewall firewall add rule name="7Launcher P2P Out" dir=out action=allow program="C:\Program Files\Counter-Strike Global Offensive\7launcher\tools\aria2\aria2c.exe" description="7Launcher P2P Out" enable=yes profile=any interfacetype=any & netsh advfirewall firewall add rule name="7Launcher - CS:GO In" dir=in action=allow program="C:\Program Files\Counter-Strike Global Offensive\Run_CS2.exe" description="7Launcher - CS:GO In" enable=yes profile=any edge=yes interfacetype=any & netsh advfirewall firewall add rule name="7Launcher - CS:GO Out" dir=out action=allow program="C:\Program Files\Counter-Strike Global Offensive\Run_CS2.exe" description="7Launcher - CS:GO Out" enable=yes profile=any interfacetype=any

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=232 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=233 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13212 /prefetch:1

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="7Launcher P2P In" dir=in action=allow program="C:\Program Files\Counter-Strike Global Offensive\7launcher\tools\aria2\aria2c.exe" description="7Launcher P2P In" enable=yes profile=any edge=yes interfacetype=any

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="7Launcher P2P Out" dir=out action=allow program="C:\Program Files\Counter-Strike Global Offensive\7launcher\tools\aria2\aria2c.exe" description="7Launcher P2P Out" enable=yes profile=any interfacetype=any

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="7Launcher - CS:GO In" dir=in action=allow program="C:\Program Files\Counter-Strike Global Offensive\Run_CS2.exe" description="7Launcher - CS:GO In" enable=yes profile=any edge=yes interfacetype=any

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="7Launcher - CS:GO Out" dir=out action=allow program="C:\Program Files\Counter-Strike Global Offensive\Run_CS2.exe" description="7Launcher - CS:GO Out" enable=yes profile=any interfacetype=any

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9e48d46f8,0x7ff9e48d4708,0x7ff9e48d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=235 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=234 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=236 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=237 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=238 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=17028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=239 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=240 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=242 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=243 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1396 /prefetch:8

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe"

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=245 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=246 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=247 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=249 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=15180 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xfc,0x108,0x7ff9e48d46f8,0x7ff9e48d4708,0x7ff9e48d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=251 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=252 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e48d46f8,0x7ff9e48d4708,0x7ff9e48d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=253 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=254 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=256 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=259 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=260 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=261 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=262 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e48d46f8,0x7ff9e48d4708,0x7ff9e48d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=263 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=264 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=266 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9760 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3a4 0x4f4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e48d46f8,0x7ff9e48d4708,0x7ff9e48d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=268 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:1

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=270 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=271 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7776 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=274 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=16464 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=276 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=277 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=278 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=279 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=280 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=17164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=281 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=282 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=284 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=15204 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8

C:\Users\Admin\Downloads\Mantas.exe

"C:\Users\Admin\Downloads\Mantas.exe"

C:\Users\Admin\Downloads\Mantas.exe

"C:\Users\Admin\Downloads\Mantas.exe"

C:\Users\Admin\Downloads\Mantas.exe

"C:\Users\Admin\Downloads\Mantas.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=288 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=16988 /prefetch:8

C:\Users\Admin\Downloads\BadRabbit.exe

"C:\Users\Admin\Downloads\BadRabbit.exe"

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15

C:\Windows\SysWOW64\cmd.exe

/c schtasks /Delete /F /TN rhaegal

C:\Windows\SysWOW64\schtasks.exe

schtasks /Delete /F /TN rhaegal

C:\Windows\SysWOW64\cmd.exe

/c schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 2496436842 && exit"

C:\Windows\SysWOW64\cmd.exe

/c schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 23:55:00

C:\Windows\38EC.tmp

"C:\Windows\38EC.tmp" \\.\pipe\{320A201D-2B7C-4DAF-9CBB-3A887DDFB623}

C:\Windows\SysWOW64\schtasks.exe

schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 23:55:00

C:\Windows\SysWOW64\schtasks.exe

schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 2496436842 && exit"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=292 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=13868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10524 /prefetch:8

C:\Users\Admin\Downloads\WannaCry.exe

"C:\Users\Admin\Downloads\WannaCry.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 52311729381084.bat

C:\Windows\SysWOW64\cscript.exe

cscript //nologo c.vbs

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe f

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im MSExchange*

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im Microsoft.Exchange.*

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sqlserver.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sqlwriter.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=296 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10456 /prefetch:8

C:\Users\Admin\Downloads\CryptoLocker.exe

"C:\Users\Admin\Downloads\CryptoLocker.exe"

C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe

"C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\Downloads\CryptoLocker.exe"

C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe

"C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w00000230

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe c

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b !WannaDecryptor!.exe v

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe v

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=299 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=300 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10464 /prefetch:1

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=16032 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=304 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=305 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8780 /prefetch:8

C:\Users\Admin\Downloads\Mabezat.exe

"C:\Users\Admin\Downloads\Mabezat.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=308 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=309 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10456 /prefetch:8

C:\Users\Admin\Downloads\Fagot.a.exe

"C:\Users\Admin\Downloads\Fagot.a.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6924415603078865481,14665792130426054371,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4064 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 veruscheats.site udp
US 172.67.155.221:443 veruscheats.site tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 221.155.67.172.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 41.94.18.104.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.78:443 www.youtube.com tcp
GB 172.217.169.78:443 www.youtube.com udp
US 8.8.8.8:53 udp
GB 216.58.213.22:443 i.ytimg.com tcp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 22.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 216.58.213.10:443 jnn-pa.googleapis.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.178.1:443 yt3.ggpht.com tcp
GB 142.250.200.38:443 static.doubleclick.net tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 38.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 216.58.201.110:443 play.google.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 kneelyopkr.cfd udp
US 172.67.193.176:443 kneelyopkr.cfd tcp
US 172.67.193.176:443 kneelyopkr.cfd tcp
US 172.67.193.176:443 kneelyopkr.cfd tcp
US 8.8.8.8:53 176.193.67.172.in-addr.arpa udp
US 172.67.193.176:443 kneelyopkr.cfd tcp
US 172.67.193.176:443 kneelyopkr.cfd tcp
US 172.67.193.176:443 kneelyopkr.cfd tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
GB 92.123.128.192:443 www.bing.com tcp
US 8.8.8.8:53 192.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.169:443 th.bing.com tcp
GB 92.123.128.185:443 r.bing.com tcp
GB 92.123.128.185:443 r.bing.com tcp
GB 92.123.128.169:443 th.bing.com tcp
US 8.8.8.8:53 169.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 185.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.69:443 login.microsoftonline.com tcp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 storage.googleapis.com udp
GB 172.217.169.91:443 storage.googleapis.com tcp
GB 172.217.169.91:443 storage.googleapis.com tcp
US 8.8.8.8:53 prf.hn udp
GB 172.217.169.91:443 storage.googleapis.com udp
GB 5.150.170.4:443 prf.hn tcp
GB 5.150.170.4:443 prf.hn tcp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 91.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 4.170.150.5.in-addr.arpa udp
US 8.8.8.8:53 www.malwarebytes.com udp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 stats.wp.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 192.0.76.3:443 stats.wp.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 plausible.io udp
GB 143.244.38.136:443 plausible.io tcp
US 8.8.8.8:53 genesis.malwarebytes.com udp
US 8.8.8.8:53 233.66.0.192.in-addr.arpa udp
US 8.8.8.8:53 137.102.96.34.in-addr.arpa udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 232.16.217.172.in-addr.arpa udp
US 34.234.57.149:443 genesis.malwarebytes.com tcp
US 8.8.8.8:53 cdn.weglot.com udp
US 172.64.149.114:443 cdn.weglot.com tcp
US 8.8.8.8:53 api.weglot.com udp
US 172.64.149.114:443 api.weglot.com tcp
US 8.8.8.8:53 pixel.wp.com udp
GB 143.244.38.136:443 plausible.io tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 149.57.234.34.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 114.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 42.86.18.104.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 172.64.155.119:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 downloads.malwarebytes.com udp
US 3.165.148.30:443 downloads.malwarebytes.com tcp
US 3.165.148.30:443 downloads.malwarebytes.com tcp
US 8.8.8.8:53 data-cdn.mbamupdates.com udp
CZ 65.9.95.66:443 data-cdn.mbamupdates.com tcp
US 8.8.8.8:53 30.148.165.3.in-addr.arpa udp
US 8.8.8.8:53 66.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 api2.amplitude.com udp
US 54.213.64.58:443 api2.amplitude.com tcp
US 8.8.8.8:53 58.64.213.54.in-addr.arpa udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 ark.mwbsys.com udp
US 34.193.66.127:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
CZ 65.9.95.34:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 34.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 127.66.193.34.in-addr.arpa udp
US 34.193.66.127:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
CZ 65.9.95.34:443 cdn.mwbsys.com tcp
US 34.193.66.127:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
GB 18.172.88.89:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 89.88.172.18.in-addr.arpa udp
US 34.193.66.127:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
GB 18.172.88.94:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 94.88.172.18.in-addr.arpa udp
US 34.193.66.127:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
GB 18.172.88.52:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 52.88.172.18.in-addr.arpa udp
US 8.8.8.8:53 ipv4.am.i.mullvad.net udp
US 8.8.8.8:53 holocron.mwbsys.com udp
SE 45.83.223.233:443 ipv4.am.i.mullvad.net tcp
US 3.221.184.241:443 holocron.mwbsys.com tcp
US 3.221.184.241:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 233.223.83.45.in-addr.arpa udp
US 8.8.8.8:53 241.184.221.3.in-addr.arpa udp
US 3.221.184.241:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 iris.mwbsys.com udp
US 18.213.47.54:443 iris.mwbsys.com tcp
US 8.8.8.8:53 54.47.213.18.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.206:443 www.youtube.com udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 3.221.184.241:443 holocron.mwbsys.com tcp
US 3.221.184.241:443 holocron.mwbsys.com tcp
US 3.221.184.241:443 holocron.mwbsys.com tcp
US 3.221.184.241:443 holocron.mwbsys.com tcp
US 3.221.184.241:443 holocron.mwbsys.com tcp
US 3.221.184.241:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 52.45.5.20:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 cdn.mwbsys.com udp
CZ 65.9.95.5:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
US 8.8.8.8:53 5.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 20.5.45.52.in-addr.arpa udp
US 8.8.8.8:53 crl.comodoca.com udp
US 104.18.38.233:80 crl.comodoca.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.241.137:80 www.microsoft.com tcp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 ocsp.trust-provider.com udp
US 172.64.149.23:80 ocsp.trust-provider.com tcp
US 8.8.8.8:53 crl.trust-provider.com udp
US 172.64.149.23:80 crl.trust-provider.com tcp
US 8.8.8.8:53 www.intel.com udp
GB 23.194.11.2:80 www.intel.com tcp
US 8.8.8.8:53 certificates.intel.com udp
GB 2.19.117.34:80 certificates.intel.com tcp
US 8.8.8.8:53 2.11.194.23.in-addr.arpa udp
US 8.8.8.8:53 34.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 ocsp.thawte.com udp
DE 152.199.19.74:80 ocsp.thawte.com tcp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 crl.thawte.com udp
SE 192.229.221.95:80 crl.thawte.com tcp
US 8.8.8.8:53 csc3-2010-crl.verisign.com udp
SE 192.229.221.95:80 csc3-2010-crl.verisign.com tcp
US 8.8.8.8:53 crt.sectigo.com udp
US 172.64.149.23:80 crt.sectigo.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.241.137:80 www.microsoft.com tcp
US 8.8.8.8:53 hubble.mb-cosmos.com udp
GB 18.165.160.15:443 hubble.mb-cosmos.com tcp
US 8.8.8.8:53 15.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 blitz.mb-cosmos.com udp
US 34.227.140.142:443 blitz.mb-cosmos.com tcp
US 8.8.8.8:53 142.140.227.34.in-addr.arpa udp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 44.225.40.78:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 78.40.225.44.in-addr.arpa udp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 44.225.40.78:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 26.73.42.20.in-addr.arpa udp
GB 92.123.128.161:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.169:443 th.bing.com tcp
GB 92.123.128.169:443 th.bing.com tcp
GB 92.123.128.133:443 th.bing.com tcp
GB 92.123.128.133:443 th.bing.com tcp
US 8.8.8.8:53 161.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 133.128.123.92.in-addr.arpa udp
GB 216.58.212.206:443 www.youtube.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
GB 92.123.128.169:443 th.bing.com tcp
US 8.8.8.8:53 goowned.com udp
US 148.72.177.61:443 goowned.com tcp
US 148.72.177.61:443 goowned.com tcp
US 148.72.177.61:443 goowned.com tcp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 52.45.5.20:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 61.177.72.148.in-addr.arpa udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 translate.google.com udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 229.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
GB 172.217.169.78:443 translate.google.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 s.w.org udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 8.8.8.8:53 translate.googleapis.com udp
GB 142.250.200.10:443 translate.googleapis.com tcp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 48.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
GB 142.250.200.10:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 assets5.lottiefiles.com udp
CZ 65.9.95.109:443 assets5.lottiefiles.com tcp
US 8.8.8.8:53 109.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.180.22:443 i.ytimg.com udp
US 8.8.8.8:53 22.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.38:443 static.doubleclick.net udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.178.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.117.148:443 aefd.nelreports.net tcp
US 8.8.8.8:53 148.117.19.2.in-addr.arpa udp
GB 216.58.212.206:443 www.youtube.com udp
US 8.8.8.8:53 rr4---sn-aigl6nzs.googlevideo.com udp
GB 74.125.175.73:443 rr4---sn-aigl6nzs.googlevideo.com tcp
GB 74.125.175.73:443 rr4---sn-aigl6nzs.googlevideo.com tcp
US 8.8.8.8:53 73.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 rr3---sn-aigl6nz7.googlevideo.com udp
BE 64.233.184.84:443 accounts.google.com tcp
GB 74.125.168.104:443 rr3---sn-aigl6nz7.googlevideo.com udp
BE 64.233.184.84:443 accounts.google.com udp
US 8.8.8.8:53 104.168.125.74.in-addr.arpa udp
US 8.8.8.8:53 84.184.233.64.in-addr.arpa udp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 rr4---sn-q4fl6nsk.googlevideo.com udp
US 8.8.8.8:53 rr5---sn-5hnekn7l.googlevideo.com udp
GB 142.250.200.36:443 www.google.com udp
NL 74.125.100.10:443 rr5---sn-5hnekn7l.googlevideo.com udp
GB 142.250.200.36:443 www.google.com tcp
US 74.125.3.201:443 rr4---sn-q4fl6nsk.googlevideo.com udp
US 8.8.8.8:53 10.100.125.74.in-addr.arpa udp
US 8.8.8.8:53 201.3.125.74.in-addr.arpa udp
GB 142.250.178.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.200.46:443 youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.178.14:443 consent.youtube.com tcp
GB 142.250.178.14:443 consent.youtube.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
GB 142.250.178.14:443 consent.youtube.com udp
GB 74.125.175.73:443 rr4---sn-aigl6nzs.googlevideo.com udp
US 8.8.8.8:53 rr1---sn-5hneknee.googlevideo.com udp
NL 74.125.8.70:443 rr1---sn-5hneknee.googlevideo.com udp
US 8.8.8.8:53 70.8.125.74.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 www.unknowncheats.me udp
US 104.26.13.251:443 www.unknowncheats.me tcp
US 104.26.13.251:443 www.unknowncheats.me tcp
US 8.8.8.8:53 cdn.adligature.com udp
US 172.67.199.100:443 cdn.adligature.com tcp
US 172.67.199.100:443 cdn.adligature.com tcp
US 8.8.8.8:53 i.imgur.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cmp.inmobi.com udp
US 8.8.8.8:53 251.13.26.104.in-addr.arpa udp
US 8.8.8.8:53 100.199.67.172.in-addr.arpa udp
US 199.232.196.193:443 i.imgur.com tcp
US 199.232.196.193:443 i.imgur.com tcp
US 199.232.196.193:443 i.imgur.com tcp
US 199.232.196.193:443 i.imgur.com tcp
US 199.232.196.193:443 i.imgur.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
CZ 65.9.95.50:443 cmp.inmobi.com tcp
US 8.8.8.8:53 pro.ip-api.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 208.95.112.2:443 pro.ip-api.com tcp
GB 3.162.21.19:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.187.202:443 ajax.googleapis.com tcp
US 8.8.8.8:53 193.196.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 50.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 2.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 19.21.162.3.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 3.122.71.66:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.65.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 us-central1-wrapper-analytics-prod.cloudfunctions.net udp
US 8.8.8.8:53 capi.connatix.com udp
US 8.8.8.8:53 tagan.adlightning.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 cd.connatix.com udp
GB 18.165.160.129:443 config.aps.amazon-adsystem.com tcp
US 104.18.41.104:443 cd.connatix.com tcp
CZ 65.9.95.20:443 tagan.adlightning.com tcp
US 216.239.36.54:443 us-central1-wrapper-analytics-prod.cloudfunctions.net tcp
US 172.64.146.152:443 cd.connatix.com tcp
GB 3.162.16.219:443 aax.amazon-adsystem.com tcp
GB 3.162.16.219:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 cds.connatix.com udp
US 216.239.36.54:443 us-central1-wrapper-analytics-prod.cloudfunctions.net udp
US 8.8.8.8:53 66.71.122.3.in-addr.arpa udp
US 8.8.8.8:53 229.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 129.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 104.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 54.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 152.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 20.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 219.16.162.3.in-addr.arpa udp
US 8.8.8.8:53 ins.connatix.com udp
US 8.8.8.8:53 vid.connatix.com udp
US 8.8.8.8:53 lit.connatix.com udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 img.connatix.com udp
GB 172.217.16.234:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 idrs.adtelligent.com udp
UA 62.149.0.74:443 idrs.adtelligent.com tcp
US 8.8.8.8:53 ddc04925603aedfa9aaf1a12d187c8a0.safeframe.googlesyndication.com udp
GB 142.250.187.193:443 ddc04925603aedfa9aaf1a12d187c8a0.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 172.67.38.106:443 cdn.id5-sync.com tcp
CZ 65.9.95.6:443 tags.crwdcntrl.net tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 web.hb.ad.cpe.dotomi.com udp
US 8.8.8.8:53 exchange.cootlogix.com udp
US 8.8.8.8:53 ads.servenobid.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 prebid.dblks.net udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
DE 162.19.138.120:443 id5-sync.com tcp
US 8.8.8.8:53 g2.gumgum.com udp
NL 79.127.227.46:443 id.a-mx.com tcp
NL 185.89.210.212:443 ib.adnxs.com tcp
UA 62.149.0.74:443 idrs.adtelligent.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
CA 199.212.255.179:443 prebid.dblks.net tcp
NL 63.215.202.146:443 web.hb.ad.cpe.dotomi.com tcp
IE 52.208.195.214:443 g2.gumgum.com tcp
IE 52.208.240.95:443 ads.servenobid.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
GB 172.217.16.234:443 imasdk.googleapis.com udp
US 157.230.234.29:443 exchange.cootlogix.com tcp
US 157.230.234.29:443 exchange.cootlogix.com tcp
US 157.230.234.29:443 exchange.cootlogix.com tcp
US 34.120.63.153:443 prebid.media.net tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
CZ 65.9.95.56:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.201.102:443 s0.2mdn.net tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
US 8.8.8.8:53 dnacdn.net udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
FR 178.250.7.13:443 dnacdn.net tcp
IE 52.95.115.255:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 6.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 212.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 146.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 214.195.208.52.in-addr.arpa udp
US 8.8.8.8:53 95.240.208.52.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 179.255.212.199.in-addr.arpa udp
US 8.8.8.8:53 56.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 255.115.95.52.in-addr.arpa udp
IE 52.213.178.209:443 bcp.crwdcntrl.net tcp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
GB 142.250.200.34:443 pubads.g.doubleclick.net tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 104.22.5.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 216.239.32.3:443 csi.gstatic.com tcp
US 216.239.32.3:443 csi.gstatic.com tcp
US 8.8.8.8:53 advally-mcm-tagan.adlightning.com udp
CZ 65.9.95.42:443 advally-mcm-tagan.adlightning.com tcp
CZ 65.9.95.42:443 advally-mcm-tagan.adlightning.com tcp
CZ 65.9.95.42:443 advally-mcm-tagan.adlightning.com tcp
CZ 65.9.95.42:443 advally-mcm-tagan.adlightning.com tcp
CZ 65.9.95.42:443 advally-mcm-tagan.adlightning.com tcp
CZ 65.9.95.42:443 advally-mcm-tagan.adlightning.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 cdn.ampproject.org udp
US 8.8.8.8:53 a.ad.gt udp
US 104.22.5.69:443 a.ad.gt tcp
GB 172.217.169.33:443 cdn.ampproject.org tcp
GB 172.217.169.33:443 cdn.ampproject.org tcp
GB 172.217.169.33:443 cdn.ampproject.org tcp
GB 172.217.169.33:443 cdn.ampproject.org tcp
GB 172.217.169.33:443 cdn.ampproject.org tcp
US 8.8.8.8:53 209.178.213.52.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 3.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 42.95.9.65.in-addr.arpa udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 p.ad.gt udp
US 104.22.4.69:443 p.ad.gt tcp
US 8.8.8.8:53 ids.ad.gt udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 bh.contextweb.com udp
US 44.238.160.234:443 ids.ad.gt tcp
US 44.238.160.234:443 ids.ad.gt tcp
US 35.71.131.137:443 match.adsrvr.org tcp
DE 37.252.171.149:443 secure.adnxs.com tcp
GB 142.250.200.36:443 www.google.com udp
NL 198.47.127.205:443 image2.pubmatic.com tcp
IE 18.203.183.110:443 dpm.demdex.net tcp
GB 172.217.169.66:443 cm.g.doubleclick.net tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 8.8.8.8:53 u.openx.net udp
US 34.98.64.218:443 u.openx.net tcp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 44.238.160.234:443 ids.ad.gt tcp
NL 46.228.174.117:443 sync.1rx.io tcp
GB 172.217.169.66:443 cm.g.doubleclick.net udp
US 104.22.4.69:443 p.ad.gt tcp
US 44.238.160.234:443 ids.ad.gt tcp
US 8.8.8.8:53 pixels.ad.gt udp
US 104.22.5.69:443 pixels.ad.gt tcp
US 44.238.160.234:443 ids.ad.gt tcp
US 8.8.8.8:53 33.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 137.131.71.35.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 149.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 110.183.203.18.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 234.160.238.44.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 s.0cf.io udp
US 8.8.8.8:53 public.servenobid.com udp
US 151.101.129.108:443 acdn.adnxs.com tcp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 sync.cootlogix.com udp
CZ 65.9.95.36:443 public.servenobid.com tcp
GB 92.123.240.21:443 contextual.media.net tcp
GB 23.219.196.188:443 ads.pubmatic.com tcp
US 137.184.159.133:443 sync.cootlogix.com tcp
GB 92.123.242.2:443 eus.rubiconproject.com tcp
US 104.21.22.242:443 s.0cf.io tcp
US 8.8.8.8:53 eb2.3lift.com udp
US 13.248.245.213:443 eb2.3lift.com tcp
US 8.8.8.8:53 prebid-match.dotomi.com udp
NL 63.215.202.172:443 prebid-match.dotomi.com tcp
US 8.8.8.8:53 rtb.gumgum.com udp
US 8.8.8.8:53 ssum.casalemedia.com udp
US 172.64.151.101:443 ssum.casalemedia.com tcp
US 8.8.8.8:53 108.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 21.240.123.92.in-addr.arpa udp
US 8.8.8.8:53 36.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 188.196.219.23.in-addr.arpa udp
US 8.8.8.8:53 2.242.123.92.in-addr.arpa udp
US 8.8.8.8:53 242.22.21.104.in-addr.arpa udp
US 8.8.8.8:53 133.159.184.137.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 172.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 35.186.253.211:443 rtb.openx.net tcp
IE 52.49.76.189:443 ap.lijit.com tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
GB 87.248.114.11:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 prebid.a-mo.net udp
FR 163.5.194.32:443 prebid.a-mo.net tcp
GB 2.19.117.148:443 aefd.nelreports.net udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 142.250.180.17:443 csp.withgoogle.com tcp
GB 142.250.180.17:443 csp.withgoogle.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 67.202.105.24:443 ssc-cms.33across.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 match.sharethrough.com udp
GB 185.64.191.214:443 image8.pubmatic.com tcp
DE 18.197.30.174:443 match.sharethrough.com tcp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
FR 178.32.197.53:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 211.253.186.35.in-addr.arpa udp
US 8.8.8.8:53 35.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 189.76.49.52.in-addr.arpa udp
US 8.8.8.8:53 11.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 17.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 32.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 24.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 174.30.197.18.in-addr.arpa udp
US 8.8.8.8:53 sync.mathtag.com udp
US 216.200.232.249:443 sync.mathtag.com tcp
US 8.8.8.8:53 hbx.media.net udp
GB 2.23.220.28:443 hbx.media.net tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 d.turn.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
NL 46.228.164.13:443 d.turn.com tcp
IE 52.208.46.191:443 match.prod.bidr.io tcp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 cm.rtbsystem.com udp
NL 35.214.136.108:443 x.bidswitch.net tcp
US 104.21.68.74:443 cm.rtbsystem.com tcp
US 8.8.8.8:53 sync.ipredictive.com udp
US 52.202.216.195:443 sync.ipredictive.com tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 cm.ctnsnet.com udp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 35.186.193.173:443 cm.ctnsnet.com tcp
US 8.8.8.8:53 ice.360yield.com udp
IE 34.254.135.99:443 ice.360yield.com tcp
US 8.8.8.8:53 rtb.adentifi.com udp
US 8.8.8.8:53 cm.adform.net udp
US 44.207.241.162:443 rtb.adentifi.com tcp
DK 37.157.5.84:443 cm.adform.net tcp
US 8.8.8.8:53 53.197.32.178.in-addr.arpa udp
US 8.8.8.8:53 249.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 28.220.23.2.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 191.46.208.52.in-addr.arpa udp
US 8.8.8.8:53 13.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 108.136.214.35.in-addr.arpa udp
US 8.8.8.8:53 74.68.21.104.in-addr.arpa udp
US 8.8.8.8:53 195.216.202.52.in-addr.arpa udp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 173.193.186.35.in-addr.arpa udp
US 8.8.8.8:53 99.135.254.34.in-addr.arpa udp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 c1.adform.net udp
US 8.8.8.8:53 tg.socdm.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
DK 37.157.6.232:443 c1.adform.net tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
JP 124.146.153.167:443 tg.socdm.com tcp
JP 124.146.153.167:443 tg.socdm.com tcp
US 8.8.8.8:53 pixel.33across.com udp
US 67.202.105.22:443 pixel.33across.com tcp
DE 51.38.120.206:443 onetag-sys.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 84.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 162.241.207.44.in-addr.arpa udp
US 8.8.8.8:53 150.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 232.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 190.239.215.23.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 167.153.146.124.in-addr.arpa udp
US 8.8.8.8:53 22.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 54.157.228.161:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 ce.lijit.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 p.rfihub.com udp
US 69.166.1.35:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 ssp.disqus.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
IE 34.251.27.227:443 ce.lijit.com tcp
US 34.228.137.141:443 ssp.disqus.com tcp
NL 193.0.160.131:443 p.rfihub.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
NL 35.214.136.108:443 x.bidswitch.net udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 match.deepintent.com udp
US 54.196.229.231:443 sync.srv.stackadapt.com tcp
IE 54.72.46.5:443 pr-bh.ybp.yahoo.com tcp
US 70.42.32.223:443 b1sync.zemanta.com tcp
US 169.197.150.7:443 match.deepintent.com tcp
US 8.8.8.8:53 usersync.gumgum.com udp
IE 34.247.205.196:443 usersync.gumgum.com tcp
US 8.8.8.8:53 eexsync.com udp
US 35.244.159.8:443 us-u.openx.net udp
US 80.77.87.108:443 eexsync.com tcp
US 70.42.32.223:443 b1sync.zemanta.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
US 8.8.8.8:53 161.228.157.54.in-addr.arpa udp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 227.27.251.34.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 141.137.228.34.in-addr.arpa udp
US 8.8.8.8:53 5.46.72.54.in-addr.arpa udp
US 8.8.8.8:53 223.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 231.229.196.54.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 196.205.247.34.in-addr.arpa udp
US 8.8.8.8:53 108.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 7.150.197.169.in-addr.arpa udp
IE 34.247.205.196:443 usersync.gumgum.com tcp
US 8.8.8.8:53 pool.admedo.com udp
US 8.8.8.8:53 gw-iad-bid.ymmobi.com udp
BE 35.206.140.87:443 pool.admedo.com tcp
US 47.253.61.56:443 gw-iad-bid.ymmobi.com tcp
US 8.8.8.8:53 s.company-target.com udp
US 34.96.71.22:443 s.company-target.com tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
FR 51.178.195.216:443 rtb-csync.smartadserver.com tcp
FR 51.178.195.216:443 rtb-csync.smartadserver.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
FR 51.178.195.216:443 rtb-csync.smartadserver.com tcp
BE 35.206.140.87:443 pool.admedo.com udp
US 8.8.8.8:53 dblksync.dblks.net udp
US 104.21.49.210:443 dblksync.dblks.net tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 98.82.156.207:443 s.amazon-adsystem.com tcp
US 35.186.253.211:443 rtb.openx.net udp
US 69.166.1.35:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 87.140.206.35.in-addr.arpa udp
US 8.8.8.8:53 56.61.253.47.in-addr.arpa udp
US 8.8.8.8:53 22.71.96.34.in-addr.arpa udp
US 8.8.8.8:53 216.195.178.51.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 81.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 162.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 210.49.21.104.in-addr.arpa udp
US 8.8.8.8:53 207.156.82.98.in-addr.arpa udp
US 35.186.193.173:443 cm.ctnsnet.com udp
GB 3.162.21.19:443 c.amazon-adsystem.com tcp
DK 37.157.6.232:443 c1.adform.net tcp
US 35.71.131.137:443 match.adsrvr.org tcp
JP 124.146.153.167:443 tg.socdm.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
DE 37.252.171.149:443 secure.adnxs.com tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
US 8.8.8.8:53 assets.a-mo.net udp
JP 124.146.153.167:443 tg.socdm.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
US 104.19.159.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 cms.quantserve.com udp
DE 91.228.74.166:443 cms.quantserve.com tcp
US 104.18.41.104:443 img.connatix.com tcp
US 104.21.22.242:443 s.0cf.io tcp
US 54.196.229.231:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 19.159.19.104.in-addr.arpa udp
US 8.8.8.8:53 166.74.228.91.in-addr.arpa udp
NL 79.127.227.46:443 c3.a-mo.net tcp
IE 54.72.46.5:443 pr-bh.ybp.yahoo.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
FR 163.5.194.32:443 prebid.a-mo.net tcp
US 52.202.216.195:443 sync.ipredictive.com tcp
US 8.8.8.8:53 sync.a-mo.net udp
FR 163.5.194.32:443 sync.a-mo.net tcp
US 169.197.150.7:443 match.deepintent.com tcp
US 8.8.8.8:53 id.rtb.mx udp
US 8.8.8.8:53 prebid.adnxs.com udp
US 8.8.8.8:53 ow.pubmatic.com udp
US 70.42.32.223:443 b1sync.zemanta.com tcp
NL 185.89.208.11:443 prebid.adnxs.com tcp
NL 79.127.227.46:443 id.rtb.mx tcp
NL 185.64.189.116:443 ow.pubmatic.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 208.95.112.2:443 pro.ip-api.com tcp
US 8.8.8.8:53 11.208.89.185.in-addr.arpa udp
US 8.8.8.8:53 116.189.64.185.in-addr.arpa udp
CZ 65.9.95.50:443 cmp.inmobi.com tcp
FR 164.132.25.181:443 ssbsync.smartadserver.com tcp
IE 52.18.29.125:443 rtb.gumgum.com tcp
GB 172.217.169.78:443 fundingchoicesmessages.google.com udp
UA 62.149.0.74:443 idrs.adtelligent.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
GB 3.162.16.219:443 aax.amazon-adsystem.com tcp
NL 79.127.227.46:443 id.rtb.mx tcp
NL 185.89.210.212:443 ib.adnxs.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
UA 62.149.0.74:443 idrs.adtelligent.com tcp
NL 63.215.202.146:443 web.hb.ad.cpe.dotomi.com tcp
IE 52.208.240.95:443 ads.servenobid.com tcp
US 157.230.234.29:443 exchange.cootlogix.com tcp
US 34.120.63.153:443 prebid.media.net udp
CA 199.212.255.179:443 prebid.dblks.net tcp
FR 178.250.7.13:443 dnacdn.net tcp
IE 52.95.115.255:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 181.25.132.164.in-addr.arpa udp
US 8.8.8.8:53 125.29.18.52.in-addr.arpa udp
US 8.8.8.8:53 3cff3d7bfdab48e4837badc6549ec414.safeframe.googlesyndication.com udp
GB 142.250.187.193:443 3cff3d7bfdab48e4837badc6549ec414.safeframe.googlesyndication.com tcp
GB 3.162.21.19:443 c.amazon-adsystem.com tcp
IE 52.95.115.255:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 m.media-amazon.com udp
US 8.8.8.8:53 ts.amazon-adsystem.com udp
US 151.101.1.16:443 m.media-amazon.com tcp
US 151.101.1.16:443 m.media-amazon.com tcp
US 151.101.1.16:443 m.media-amazon.com tcp
US 151.101.1.16:443 m.media-amazon.com tcp
US 151.101.1.16:443 m.media-amazon.com tcp
US 151.101.1.16:443 m.media-amazon.com tcp
GB 18.172.88.54:443 ts.amazon-adsystem.com tcp
US 151.101.1.16:443 m.media-amazon.com tcp
US 151.101.1.16:443 m.media-amazon.com tcp
US 151.101.1.16:443 m.media-amazon.com tcp
US 151.101.1.16:443 m.media-amazon.com udp
US 151.101.1.16:443 m.media-amazon.com udp
US 8.8.8.8:53 aan.amazon.co.uk udp
IE 3.254.237.161:443 aan.amazon.co.uk tcp
IE 3.254.237.161:443 aan.amazon.co.uk tcp
GB 18.172.88.54:443 ts.amazon-adsystem.com tcp
IE 3.254.237.161:443 aan.amazon.co.uk tcp
US 8.8.8.8:53 sq-tungsten-ts-eu.amazon-adsystem.com udp
US 8.8.8.8:53 16.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 54.88.172.18.in-addr.arpa udp
US 8.8.8.8:53 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev udp
IE 3.251.217.202:443 sq-tungsten-ts-eu.amazon-adsystem.com tcp
CZ 65.9.95.71:443 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev tcp
US 8.8.8.8:53 71.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 202.217.251.3.in-addr.arpa udp
GB 92.123.240.21:443 contextual.media.net tcp
US 137.184.159.133:443 sync.cootlogix.com tcp
US 67.202.105.22:443 pixel.33across.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
US 104.18.36.155:443 ssum-sec.casalemedia.com tcp
US 54.157.228.161:443 cs-server-s2s.yellowblue.io tcp
FR 51.178.195.216:443 rtb-csync.smartadserver.com tcp
FR 51.178.195.216:443 rtb-csync.smartadserver.com tcp
FR 51.178.195.216:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 wt.rqtrk.eu udp
US 98.82.156.207:443 s.amazon-adsystem.com tcp
DE 57.129.18.109:443 wt.rqtrk.eu tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 109.18.129.57.in-addr.arpa udp
NL 63.215.202.172:443 prebid-match.dotomi.com tcp
IE 52.49.76.189:443 ap.lijit.com tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
GB 87.248.114.11:443 ups.analytics.yahoo.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
DE 18.197.30.174:443 match.sharethrough.com tcp
IE 52.208.46.191:443 match.prod.bidr.io tcp
IE 34.254.135.99:443 ice.360yield.com tcp
US 44.207.241.162:443 rtb.adentifi.com tcp
DK 37.157.5.84:443 cm.adform.net tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
IE 34.251.27.227:443 ce.lijit.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 193.0.160.131:443 p.rfihub.com tcp
US 34.228.137.141:443 ssp.disqus.com tcp
GB 2.23.220.28:443 hbx.media.net tcp
US 54.196.229.231:443 sync.srv.stackadapt.com tcp
US 52.202.216.195:443 sync.ipredictive.com tcp
US 47.253.61.56:443 gw-iad-bid.ymmobi.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
US 8.8.8.8:53 odr.mookie1.com udp
US 34.160.236.64:443 odr.mookie1.com tcp
US 8.8.8.8:53 64.236.160.34.in-addr.arpa udp
US 172.67.199.100:443 cdn.adligature.com tcp
GB 3.162.21.19:443 c.amazon-adsystem.com tcp
UA 62.149.0.74:443 idrs.adtelligent.com tcp
NL 79.127.227.46:443 id.rtb.mx tcp
NL 79.127.227.46:443 id.rtb.mx tcp
UA 62.149.0.74:443 idrs.adtelligent.com tcp
US 8.8.8.8:53 e97a5137abe5a520d93594acbae333ab.safeframe.googlesyndication.com udp
US 8.8.8.8:53 cdn.vuukle.com udp
US 104.22.61.168:443 cdn.vuukle.com tcp
US 8.8.8.8:53 168.61.22.104.in-addr.arpa udp
US 104.22.61.168:443 cdn.vuukle.com tcp
US 8.8.8.8:53 get.geojs.io udp
US 104.26.0.100:443 get.geojs.io tcp
US 8.8.8.8:53 wrappers.geoedge.be udp
US 8.8.8.8:53 prebid.smilewanted.com udp
CZ 65.9.95.22:443 wrappers.geoedge.be tcp
US 8.8.8.8:53 cpm.vuukle.net udp
US 8.8.8.8:53 rumcdn.geoedge.be udp
GB 18.165.160.129:443 config.aps.amazon-adsystem.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
NL 103.67.200.72:443 cpm.vuukle.net tcp
US 8.8.8.8:53 100.0.26.104.in-addr.arpa udp
US 8.8.8.8:53 22.95.9.65.in-addr.arpa udp
CZ 65.9.95.25:443 rumcdn.geoedge.be tcp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
US 8.8.8.8:53 6a1d1fdcec7a028bb2d0e8925443652e.safeframe.googlesyndication.com udp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
US 8.8.8.8:53 publish.vuukle.com udp
US 8.8.8.8:53 adsdk.microsoft.com udp
US 8.8.8.8:53 cdn.adnxs.com udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
GB 2.19.117.29:443 cdn.adnxs.com tcp
US 13.107.246.64:443 adsdk.microsoft.com tcp
US 8.8.8.8:53 209.31.22.104.in-addr.arpa udp
US 8.8.8.8:53 25.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 72.200.67.103.in-addr.arpa udp
US 8.8.8.8:53 29.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 230.175.78.104.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
GB 92.123.128.134:443 www.bing.com tcp
US 8.8.8.8:53 cdn.adnxs-simple.com udp
GB 2.19.117.38:443 cdn.adnxs-simple.com tcp
US 8.8.8.8:53 134.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 38.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 csync.smilewanted.com udp
GB 23.219.196.188:443 ads.pubmatic.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 static.smilewanted.com udp
US 104.22.30.209:443 static.smilewanted.com tcp
FR 163.5.194.32:443 sync.a-mo.net tcp
DE 51.38.120.206:443 onetag-sys.com tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 67.202.105.24:443 ssc-cms.33across.com tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
DE 18.197.30.174:443 match.sharethrough.com tcp
US 34.228.137.141:443 ssp.disqus.com tcp
US 104.21.22.242:443 s.0cf.io tcp
IE 52.208.46.191:443 match.prod.bidr.io tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
IE 34.254.135.99:443 ice.360yield.com tcp
US 44.207.241.162:443 rtb.adentifi.com tcp
GB 2.23.220.28:443 hbx.media.net tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
DK 37.157.5.84:443 cm.adform.net tcp
DK 37.157.6.232:443 c1.adform.net tcp
US 8.8.8.8:53 209.30.22.104.in-addr.arpa udp
US 35.71.131.137:443 match.adsrvr.org tcp
JP 124.146.153.167:443 tg.socdm.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
DE 37.252.171.149:443 secure.adnxs.com tcp
JP 124.146.153.167:443 tg.socdm.com tcp
DE 91.228.74.166:443 cms.quantserve.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
US 8.8.8.8:53 sync.smartadserver.com udp
NL 89.149.193.121:443 sync.smartadserver.com tcp
US 8.8.8.8:53 dsp-cookie.adfarm1.adition.com udp
US 8.8.8.8:53 sync.adkernel.com udp
NL 103.67.200.72:443 sync.adkernel.com tcp
US 8.8.8.8:53 sync.adotmob.com udp
DE 80.82.210.217:443 dsp-cookie.adfarm1.adition.com tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
US 8.8.8.8:53 121.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 217.210.82.80.in-addr.arpa udp
US 8.8.8.8:53 88.176.137.45.in-addr.arpa udp
US 8.8.8.8:53 ads.creative-serving.com udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 35.214.241.248:443 ads.creative-serving.com tcp
NL 35.214.241.248:443 ads.creative-serving.com udp
FR 51.178.195.216:443 rtb-csync.smartadserver.com tcp
FR 51.178.195.216:443 rtb-csync.smartadserver.com tcp
US 54.196.229.231:443 sync.srv.stackadapt.com tcp
IE 54.72.46.5:443 pr-bh.ybp.yahoo.com tcp
US 8.8.8.8:53 ssp-sync.criteo.com udp
GB 23.219.196.188:443 ads.pubmatic.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
IE 52.49.76.189:443 ap.lijit.com tcp
US 8.8.8.8:53 dis.criteo.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 52.202.216.195:443 sync.ipredictive.com tcp
US 169.197.150.7:443 match.deepintent.com tcp
US 8.8.8.8:53 248.241.214.35.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 7.1.250.178.in-addr.arpa udp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 8.8.8.8:53 csync.loopme.me udp
NL 35.214.243.78:443 csync.loopme.me tcp
NL 185.89.210.122:443 ams3-ib.adnxs.com tcp
NL 185.89.210.212:443 ams3-ib.adnxs.com tcp
US 70.42.32.223:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 78.243.214.35.in-addr.arpa udp
US 8.8.8.8:53 122.210.89.185.in-addr.arpa udp
GB 92.123.128.134:443 www.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.194:443 th.bing.com tcp
US 8.8.8.8:53 194.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 static-ware.com udp
US 104.21.39.80:443 static-ware.com tcp
US 104.21.39.80:443 static-ware.com tcp
US 8.8.8.8:53 api2.amplitude.com udp
US 44.236.201.63:443 api2.amplitude.com tcp
US 8.8.8.8:53 63.201.236.44.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 2.19.117.148:443 aefd.nelreports.net udp
US 8.8.8.8:53 www.smurfwrecker.com udp
US 172.67.171.37:443 www.smurfwrecker.com tcp
US 172.67.171.37:443 www.smurfwrecker.com tcp
US 8.8.8.8:53 37.171.67.172.in-addr.arpa udp
US 8.8.8.8:53 aimware.net udp
US 104.22.50.177:443 aimware.net tcp
US 104.22.50.177:443 aimware.net tcp
US 8.8.8.8:53 cdn.aimware.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 vjs.zencdn.net udp
US 8.8.8.8:53 platform.twitter.com udp
US 151.101.129.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 ssl.google-analytics.com udp
US 151.101.194.217:443 vjs.zencdn.net tcp
US 151.101.194.217:443 vjs.zencdn.net tcp
US 8.8.8.8:53 i.imgur.com udp
US 151.101.129.229:443 cdn.jsdelivr.net udp
US 199.232.192.193:443 i.imgur.com tcp
US 8.8.8.8:53 177.50.22.104.in-addr.arpa udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 217.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.180.3:443 www.google.co.uk tcp
BE 74.125.206.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 193.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 155.206.125.74.in-addr.arpa udp
GB 2.19.117.148:443 aefd.nelreports.net udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.169:443 r.bing.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 icheat.io udp
US 104.21.25.33:443 icheat.io tcp
US 104.21.25.33:443 icheat.io tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 33.25.21.104.in-addr.arpa udp
US 8.8.8.8:53 embed.tawk.to udp
US 104.22.45.142:443 embed.tawk.to tcp
US 8.8.8.8:53 va.tawk.to udp
US 104.22.45.142:443 va.tawk.to tcp
US 104.22.45.142:443 va.tawk.to tcp
US 8.8.8.8:53 142.45.22.104.in-addr.arpa udp
US 8.8.8.8:53 vsa46.tawk.to udp
US 104.22.45.142:443 vsa46.tawk.to tcp
US 151.101.129.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 www.premiumvertising.com udp
FR 185.93.2.11:443 www.premiumvertising.com tcp
US 8.8.8.8:53 premiumvertising.com udp
US 8.8.8.8:53 c.adsco.re udp
US 162.252.214.11:443 premiumvertising.com tcp
US 104.17.167.186:443 c.adsco.re tcp
US 8.8.8.8:53 adsco.re udp
US 8.8.8.8:53 4.adsco.re udp
US 8.8.8.8:53 6.adsco.re udp
US 162.252.214.5:443 4.adsco.re tcp
US 162.252.214.5:443 4.adsco.re tcp
US 104.17.166.186:443 6.adsco.re tcp
US 8.8.8.8:53 11.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 11.214.252.162.in-addr.arpa udp
US 8.8.8.8:53 186.167.17.104.in-addr.arpa udp
US 8.8.8.8:53 5.214.252.162.in-addr.arpa udp
US 8.8.8.8:53 186.166.17.104.in-addr.arpa udp
US 162.252.214.5:2087 4.adsco.re tcp
US 104.17.166.186:2087 6.adsco.re tcp
US 8.8.8.8:53 eufcsb33gfm2.l4.adsco.re udp
GB 185.200.118.62:443 eufcsb33gfm2.l4.adsco.re tcp
US 8.8.8.8:53 eufcsb33gfm2.n4.adsco.re udp
US 8.8.8.8:53 eufcsb33gfm2.s4.adsco.re udp
US 162.252.214.5:443 4.adsco.re tcp
US 38.132.109.126:443 eufcsb33gfm2.n4.adsco.re tcp
SG 185.200.116.60:443 eufcsb33gfm2.s4.adsco.re tcp
US 8.8.8.8:53 62.118.200.185.in-addr.arpa udp
US 8.8.8.8:53 126.109.132.38.in-addr.arpa udp
US 172.67.206.98:80 vip.timezonedb.com tcp
US 8.8.8.8:53 98.206.67.172.in-addr.arpa udp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 52.45.5.20:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 iniquus.io udp
US 104.21.5.250:443 iniquus.io tcp
US 104.21.5.250:443 iniquus.io tcp
US 8.8.8.8:53 250.5.21.104.in-addr.arpa udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 vsa88.tawk.to udp
US 104.22.44.142:443 vsa88.tawk.to tcp
US 8.8.8.8:53 142.44.22.104.in-addr.arpa udp
US 151.101.65.229:443 cdn.jsdelivr.net udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 api2.amplitude.com udp
US 34.217.243.4:443 api2.amplitude.com tcp
US 8.8.8.8:53 4.243.217.34.in-addr.arpa udp
US 8.8.8.8:53 insanitycheats.com udp
US 172.67.152.249:443 insanitycheats.com tcp
US 8.8.8.8:53 hubble.mb-cosmos.com udp
US 8.8.8.8:53 249.152.67.172.in-addr.arpa udp
CZ 65.9.95.10:443 hubble.mb-cosmos.com tcp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 10.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 44.225.40.78:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 2.19.117.148:443 aefd.nelreports.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.66:443 googleads.g.doubleclick.net udp
US 162.252.214.5:443 4.adsco.re tcp
US 162.252.214.5:443 4.adsco.re tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.180.3:443 www.google.co.uk udp
US 8.8.8.8:53 rjd063dgozxo.l4.adsco.re udp
US 162.252.214.5:2087 4.adsco.re tcp
GB 185.200.118.62:443 rjd063dgozxo.l4.adsco.re tcp
US 8.8.8.8:53 rjd063dgozxo.s4.adsco.re udp
US 8.8.8.8:53 rjd063dgozxo.n4.adsco.re udp
US 162.252.214.5:443 4.adsco.re tcp
US 38.132.109.126:443 rjd063dgozxo.n4.adsco.re tcp
SG 185.200.116.60:443 rjd063dgozxo.s4.adsco.re tcp
SG 185.200.116.60:443 rjd063dgozxo.s4.adsco.re tcp
US 8.8.8.8:53 battlelog.co udp
US 172.67.20.211:443 battlelog.co tcp
US 172.67.20.211:443 battlelog.co tcp
US 8.8.8.8:53 static.zdassets.com udp
US 104.18.70.113:443 static.zdassets.com tcp
US 8.8.8.8:53 ekr.zdassets.com udp
US 104.18.70.113:443 ekr.zdassets.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
BE 74.125.206.155:443 stats.g.doubleclick.net udp
US 172.67.20.211:443 battlelog.co tcp
US 8.8.8.8:53 211.20.67.172.in-addr.arpa udp
US 8.8.8.8:53 113.70.18.104.in-addr.arpa udp
US 8.8.8.8:53 betteraimtechnologies.zendesk.com udp
US 216.198.53.1:443 betteraimtechnologies.zendesk.com tcp
US 8.8.8.8:53 widget-mediator.zopim.com udp
IE 54.171.135.154:443 widget-mediator.zopim.com tcp
US 8.8.8.8:53 1.53.198.216.in-addr.arpa udp
IE 54.171.135.154:443 widget-mediator.zopim.com tcp
US 8.8.8.8:53 cheater.fun udp
US 104.26.14.166:443 cheater.fun tcp
US 104.26.14.166:443 cheater.fun tcp
US 8.8.8.8:53 166.14.26.104.in-addr.arpa udp
GB 172.217.169.66:443 googleads.g.doubleclick.net udp
GB 172.217.169.78:443 fundingchoicesmessages.google.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 offers.pchelpsoft.com udp
US 104.18.23.170:443 offers.pchelpsoft.com tcp
US 104.18.23.170:443 offers.pchelpsoft.com tcp
US 8.8.8.8:53 170.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.65.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 cloud.pchelpsoft.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 store.pchelpsoft.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
CA 64.18.87.10:443 store.pchelpsoft.com tcp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 42.87.18.104.in-addr.arpa udp
US 8.8.8.8:53 10.87.18.64.in-addr.arpa udp
US 8.8.8.8:53 privacyportal-eu.onetrust.com udp
US 172.64.155.119:443 privacyportal-eu.onetrust.com tcp
US 8.8.8.8:53 p4-e6aw6nfhkkxh4-76k5ihw33nab7uvv-if-v6exp3-v4.metric.gstatic.com udp
GB 172.217.169.67:443 p4-e6aw6nfhkkxh4-76k5ihw33nab7uvv-if-v6exp3-v4.metric.gstatic.com tcp
GB 172.217.169.67:443 p4-e6aw6nfhkkxh4-76k5ihw33nab7uvv-if-v6exp3-v4.metric.gstatic.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 cheater.ninja udp
US 104.21.58.89:443 cheater.ninja tcp
US 104.21.58.89:443 cheater.ninja tcp
US 8.8.8.8:53 360playvid.info udp
US 104.21.50.50:443 360playvid.info tcp
US 8.8.8.8:53 logos-world.net udp
US 104.26.3.6:443 logos-world.net tcp
US 8.8.8.8:53 89.58.21.104.in-addr.arpa udp
US 104.26.3.6:443 logos-world.net tcp
US 8.8.8.8:53 serve.360playvid.info udp
US 44.209.174.246:443 serve.360playvid.info tcp
US 8.8.8.8:53 6.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 246.174.209.44.in-addr.arpa udp
GB 3.162.21.19:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 t.360playvid.info udp
US 3.208.46.52:443 t.360playvid.info tcp
GB 172.217.16.234:443 imasdk.googleapis.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
CZ 65.9.95.3:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
GB 216.58.201.102:443 s0.2mdn.net udp
CZ 65.9.9.197:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 52.46.208.3.in-addr.arpa udp
US 8.8.8.8:53 3.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 197.9.9.65.in-addr.arpa udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
GB 142.250.200.34:443 pubads.g.doubleclick.net udp
US 8.8.8.8:53 csi.gstatic.com udp
ZA 142.251.47.67:443 csi.gstatic.com udp
ZA 142.251.47.67:443 csi.gstatic.com tcp
US 8.8.8.8:53 67.47.251.142.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.187:443 th.bing.com tcp
US 8.8.8.8:53 187.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 www.prosettings.com udp
US 104.21.27.206:443 www.prosettings.com tcp
US 104.21.27.206:443 www.prosettings.com tcp
GB 172.217.169.78:443 fundingchoicesmessages.google.com udp
GB 172.217.169.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
BE 74.125.206.155:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.180.3:443 www.google.co.uk udp
US 8.8.8.8:53 206.27.21.104.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 api2.amplitude.com udp
US 44.239.82.163:443 api2.amplitude.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 2.19.117.148:443 aefd.nelreports.net udp
US 8.8.8.8:53 163.82.239.44.in-addr.arpa udp
GB 92.123.128.187:443 th.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.161:443 r.bing.com tcp
GB 92.123.128.161:443 r.bing.com tcp
US 8.8.8.8:53 fpt.microsoft.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 7launcher.com udp
US 104.26.1.175:443 7launcher.com tcp
US 104.26.1.175:443 7launcher.com tcp
US 8.8.8.8:53 175.1.26.104.in-addr.arpa udp
US 8.8.8.8:53 cackle.me udp
RU 95.213.129.125:443 cackle.me tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.250.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 onesignal.com udp
US 104.17.111.223:443 onesignal.com tcp
US 8.8.8.8:53 145.160.16.104.in-addr.arpa udp
US 8.8.8.8:53 125.129.213.95.in-addr.arpa udp
US 8.8.8.8:53 119.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 223.111.17.104.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
GB 92.123.128.161:443 www.bing.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 52.45.5.20:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 google.co.ck udp
GB 172.217.16.228:80 google.co.ck tcp
GB 172.217.16.228:80 google.co.ck tcp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 support.google.com udp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 updater.se7enkills.net udp
US 172.67.15.208:80 updater.se7enkills.net tcp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 208.15.67.172.in-addr.arpa udp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 44.225.40.78:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.117.143:443 aefd.nelreports.net udp
US 8.8.8.8:53 143.117.19.2.in-addr.arpa udp
GB 172.217.16.228:80 google.co.ck tcp
GB 172.217.16.228:80 google.co.ck tcp
US 44.225.40.78:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 www.google.com udp
GB 92.123.128.174:443 www.bing.com tcp
US 8.8.8.8:53 174.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 142.250.180.3:443 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 52.45.5.20:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.194:443 r.bing.com tcp
GB 92.123.128.194:443 r.bing.com tcp
GB 92.123.128.169:443 th.bing.com tcp
GB 92.123.128.169:443 th.bing.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 44.225.40.78:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 92.123.128.194:443 www.bing.com tcp
GB 92.123.128.194:443 www.bing.com tcp
GB 92.123.128.169:443 www.bing.com tcp
GB 92.123.128.169:443 www.bing.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
GB 172.217.16.228:80 google.co.ck tcp
GB 172.217.16.228:80 google.co.ck tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 api2.amplitude.com udp
US 35.82.99.82:443 api2.amplitude.com tcp
US 8.8.8.8:53 82.99.82.35.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 44.225.40.78:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 52.45.5.20:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 hubble.mb-cosmos.com udp
GB 18.165.160.15:443 hubble.mb-cosmos.com tcp
GB 172.217.16.228:80 google.co.ck tcp
GB 172.217.16.228:80 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:443 www.google.com udp
US 44.225.40.78:443 telemetry.malwarebytes.com tcp
US 44.225.40.78:443 telemetry.malwarebytes.com tcp
GB 92.123.128.146:443 www.bing.com tcp
US 8.8.8.8:53 146.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 github.com udp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.133:443 th.bing.com tcp
GB 92.123.128.133:443 th.bing.com tcp
GB 92.123.128.164:443 th.bing.com tcp
GB 92.123.128.164:443 th.bing.com tcp
US 8.8.8.8:53 164.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
GB 92.123.128.164:443 th.bing.com tcp
GB 92.123.128.164:443 th.bing.com tcp
GB 92.123.128.133:443 th.bing.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.117.143:443 aefd.nelreports.net udp
US 8.8.8.8:53 en.softonic.com udp
US 151.101.65.91:443 en.softonic.com tcp
US 151.101.65.91:443 en.softonic.com tcp
US 8.8.8.8:53 91.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 sf.symcd.com udp
DE 152.199.19.74:80 sf.symcd.com tcp
US 8.8.8.8:53 sf.symcb.com udp
SE 192.229.221.95:80 sf.symcb.com tcp
US 8.8.8.8:53 rb.symcd.com udp
DE 152.199.19.74:80 rb.symcd.com tcp
US 8.8.8.8:53 rb.symcb.com udp
SE 192.229.221.95:80 rb.symcb.com tcp
US 204.79.197.203:445 api.msn.com tcp
N/A 10.127.0.1:445 tcp
DE 136.243.69.123:445 tcp
SE 192.229.221.95:445 rb.symcb.com tcp
GB 18.165.160.15:445 hubble.mb-cosmos.com tcp
DE 152.199.19.74:445 rb.symcd.com tcp
N/A 10.127.0.0:445 tcp
N/A 10.127.0.1:139 tcp
US 204.79.197.203:139 api.msn.com tcp
DE 136.243.69.123:139 tcp
GB 18.165.160.15:139 hubble.mb-cosmos.com tcp
DE 152.199.19.74:139 rb.symcd.com tcp
SE 192.229.221.95:139 rb.symcb.com tcp
N/A 10.127.0.0:139 tcp
N/A 10.127.0.1:445 tcp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
N/A 10.127.0.1:139 tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
N/A 10.127.0.2:445 tcp
N/A 10.127.0.2:139 tcp
N/A 10.127.0.3:445 tcp
N/A 10.127.0.3:139 tcp
N/A 10.127.0.4:445 tcp
N/A 10.127.0.4:139 tcp
N/A 10.127.0.5:445 tcp
N/A 10.127.0.5:139 tcp
N/A 10.127.0.6:445 tcp
N/A 10.127.0.6:139 tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
N/A 10.127.0.7:445 tcp
N/A 10.127.0.7:139 tcp
N/A 10.127.0.8:445 tcp
N/A 10.127.0.8:139 tcp
N/A 10.127.0.9:445 tcp
N/A 10.127.0.9:139 tcp
US 8.8.8.8:53 api2.amplitude.com udp
US 44.239.82.163:443 api2.amplitude.com tcp
N/A 10.127.0.10:445 tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.117.148:443 aefd.nelreports.net udp
N/A 10.127.0.10:139 tcp
N/A 10.127.0.11:445 tcp
US 184.164.136.134:80 tcp
N/A 10.127.0.11:139 tcp
N/A 10.127.0.12:445 tcp
N/A 10.127.0.12:139 tcp
N/A 10.127.0.13:445 tcp
N/A 10.127.0.13:139 tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
N/A 10.127.0.14:445 tcp
N/A 10.127.0.14:139 tcp
N/A 10.127.0.15:445 tcp
N/A 10.127.0.15:139 tcp
GB 92.123.128.194:443 www.bing.com tcp
N/A 10.127.0.16:445 tcp
N/A 10.127.0.16:139 tcp
N/A 10.127.0.17:445 tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
N/A 10.127.0.17:139 tcp
US 8.8.8.8:53 tgjciypemslun.com udp
N/A 10.127.0.18:445 tcp
US 8.8.8.8:53 agctfdlsvucfb.net udp
US 8.8.8.8:53 niddflxnoicrj.biz udp
N/A 10.127.0.18:139 tcp
US 8.8.8.8:53 chmvqmgdnaosd.ru udp
US 8.8.8.8:53 pjnfqusxgnofc.org udp
N/A 10.127.0.19:445 tcp
US 8.8.8.8:53 xxgvuxbntookf.co.uk udp
US 8.8.8.8:53 lahfugnimcown.info udp
N/A 10.127.0.19:139 tcp
US 8.8.8.8:53 ayqxghvxltbxo.com udp
US 8.8.8.8:53 nbrhgpisehbkn.net udp
N/A 10.127.0.20:445 tcp
US 8.8.8.8:53 iykqwolqyidbm.biz udp
N/A 10.127.0.20:139 tcp
US 8.8.8.8:53 jmlshwvtrxafm.ru udp
US 8.8.8.8:53 kausixgbqnpoo.org udp
US 8.8.8.8:53 lnvusgqejdmsf.co.uk udp
N/A 10.127.0.21:445 tcp
US 8.8.8.8:53 gqosmjblwcpgf.info udp
N/A 10.127.0.21:139 tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 hepuwrloprmkf.com udp
US 8.8.8.8:53 iryuxsvvohcto.net udp
US 8.8.8.8:53 jfawibgyhwyxf.biz udp
N/A 10.127.0.22:445 tcp
N/A 10.127.0.22:139 tcp
US 8.8.8.8:53 mqitacnobqohf.org udp
US 8.8.8.8:53 asrltmffkpfmg.co.uk udp
N/A 10.127.0.23:445 tcp
US 8.8.8.8:53 nusutrbgcxjqo.info udp
US 8.8.8.8:53 umloarjhlsgbr.com udp
N/A 10.127.0.23:139 tcp
US 8.8.8.8:53 iomxawfidbkfq.net udp
US 8.8.8.8:53 vqvpthwymabkk.biz udp
N/A 10.127.0.24:445 tcp
US 8.8.8.8:53 jswytmsaeifos.ru udp
N/A 10.127.0.24:139 tcp
US 8.8.8.8:53 hhphriramvpqo.org udp
US 8.8.8.8:53 iuqjcnlgegidf.co.uk udp
N/A 10.127.0.25:445 tcp
GB 20.26.156.215:443 github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 ilailxfrndkao.info udp
N/A 10.127.0.25:139 tcp
US 8.8.8.8:53 jybkvdyxfndmo.com udp
US 8.8.8.8:53 dftlrdjtogloo.net udp
US 8.8.8.8:53 esuncidagqebf.biz udp
N/A 10.127.0.26:445 tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 ejemlswlpngxh.ru udp
N/A 10.127.0.26:139 tcp
US 8.8.8.8:53 fwfovxqrhxykh.org udp
US 8.8.8.8:53 nqxeivrqfwgew.co.uk udp
N/A 10.127.0.27:445 tcp
US 8.8.8.8:53 bsynieelxkgqf.info udp
N/A 10.127.0.27:139 tcp
US 8.8.8.8:53 prigtlfoemjjg.com udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 dtjpttrjwajvf.net udp
N/A 10.127.0.28:445 tcp
US 8.8.8.8:53 jociiqjkhhcci.biz udp
US 8.8.8.8:53 wqdriyvfaucoq.ru udp
N/A 10.127.0.28:139 tcp
US 8.8.8.8:53 lpmktgwigwfhk.org udp
US 8.8.8.8:53 yrnttojdykftj.co.uk udp
N/A 10.127.0.29:445 tcp
US 8.8.8.8:53 vjgbahroikhai.info udp
US 8.8.8.8:53 wwhdkpcrbaeei.com udp
N/A 10.127.0.29:139 tcp
US 8.8.8.8:53 xkqdlwfmhakfr.net udp
US 8.8.8.8:53 yxrfvfppaphji.biz udp
N/A 10.127.0.30:445 tcp
US 8.8.8.8:53 rhkfacjikudxi.ru udp
N/A 10.127.0.30:139 tcp
US 8.8.8.8:53 sulhkktldkaci.org udp
US 8.8.8.8:53 tiuhlrwgjkgdk.co.uk udp
N/A 10.127.0.31:445 tcp
US 8.8.8.8:53 uvvjvahjcadhb.info udp
US 8.8.8.8:53 vqjujejegpdwa.com udp
N/A 10.127.0.31:139 tcp
US 8.8.8.8:53 juegvjffuiofy.net udp
US 8.8.8.8:53 wutvdnecaioxs.biz udp
N/A 10.127.0.32:445 tcp
US 8.8.8.8:53 kyohpsadobagb.ru udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 140.82.112.22:443 collector.github.com tcp
N/A 10.127.0.32:139 tcp
N/A 10.127.0.33:445 tcp
N/A 10.127.0.33:139 tcp
N/A 10.127.0.34:445 tcp
N/A 10.127.0.34:139 tcp
N/A 10.127.0.35:445 tcp
N/A 10.127.0.35:139 tcp
N/A 10.127.0.36:445 tcp
N/A 10.127.0.36:139 tcp
N/A 10.127.0.37:445 tcp
N/A 10.127.0.37:139 tcp
N/A 10.127.0.38:445 tcp
N/A 10.127.0.38:139 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36988ca14952e1848e81a959880ea217
SHA1 a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256 d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512 d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

\??\pipe\LOCAL\crashpad_1704_CMZNWWZLTKQBIVPL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fab8d8d865e33fe195732aa7dcb91c30
SHA1 2637e832f38acc70af3e511f5eba80fbd7461f2c
SHA256 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA512 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e8354cf33a99020758c0362deb69eafd
SHA1 fb12875c3d17675d7fbc04719e6395df3ef95dbf
SHA256 c02b9ae1cff24a65947dff27b3c65c3a835747866edb95ef8f077f1adc8545cb
SHA512 57c9953f2f3283519c1f3a182f80e366ba75b83ec52e64779547eead003af9489852e07a799bb4de3c965df301e00eb38d175bf87f6ddb616ddbf39a6d83faeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ce2b0edbfd963d1aa1c45ef50f7b70c3
SHA1 6581d55b4abeb5f4cfdb3af45d537858584b624e
SHA256 a0a119a368fa30406e9e5897c531240ba2b41c88df5aa5a6a6ea8d063963c37c
SHA512 db9119a0ba153e07fcc161df24146acd737b7a8c89a749927c86ea46168d38fba1b02084ed048ae29c2c0a59931cdd6cdacb3435c03ab19dcccbda730af4e33b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7568f187fe68bcee9e53e570eeb08883
SHA1 fc7a6dba9201b35d78d1dbd490ba19878d2ccb4e
SHA256 80e007dd7aa514cbc36f86e42ca00294c8a02d88207647171494ee96d1448488
SHA512 9d390ee16975939ba29c027b8280512a188acef1323f2c88588d99a283ed2b7815c1d0b1e4af3307a6633bae2faf945622eb3c1add5e83124d19a8434e74d6c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f70dc0f2e75e01bbb5aff1c741296460
SHA1 b9ad354bd03fa41c790f65b53c89f3d107a79aba
SHA256 bfbdffff5e39951195f3e9f719f6094c5903748cce0c7a0a3a712c33ad7865cb
SHA512 040253de38d45bff70b2cd702adc34a550ad0f9daa453aebb88ce048826bd71811d9af9aab35a9723738121f1f419b86978d480b11f64d46bd21388deada9d7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dd056aa187ebf19a6da0abc48f424ef7
SHA1 9dd78e11b57ef8b1b2b18892b01ae1746800f5a1
SHA256 4ef3ff3ca190f08e3895980331278dde1d488375dff8751c4cbd90f6e373a6d3
SHA512 2e9818398183c9aad82aa6e329fcce9c48656d2f490bb385a14c998fc16a5be4ea41c68fb23aaafef6c98fbd87a8c421bb47bb9491c87a6639d0234f584a9816

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ad0e0972e4b4c705270ae6e78f03f2df
SHA1 c79237ae23b01b88122c41635aa1521f0bb76d68
SHA256 7b2896563f006de1a939de3439e1f47c326241707a7ae2ab57e8d1a20a731f0c
SHA512 baa0502a906300a7dfd98b2adea825c11e2cb52f2244b65ec5c884e2e2a60623a42d591e378f689134fecfe939ae52afebffe46abd120855c11ecf9af123c5e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1b47834e689579254542438f12ea425f
SHA1 7afd4a4d5f9387f428b1f0db7acc91fb2974ec61
SHA256 5a3f1029b774ef592f4f399f132a2d65af3a4184dcde12797b0afa2dde079097
SHA512 05052d877644e1de6bf8f9e35089a3d64615358b2cfdfb93e82b30b360d3cca88e2739de1d1bb034417bd6726421af52226b66c988bce79ae36a3bc55f305b2b

memory/2704-236-0x0000000002640000-0x0000000002699000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8a9c797b651c04437ce317b488230969
SHA1 7716dbab6f237dff5184e87a4b0313ed82359bf5
SHA256 7a1b8a1328e053797c61d2d5c4fde591fe895274900df9f68c6198cc8ab622e6
SHA512 8d16abc8eea18280dd85a97a17a3c966d45149b16465a4baa63f82d261a066f54593a6c93f636997d98821accb3ee8b400ac374558836b51c21cbdd0515dbe37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 dfe6a98683f4baf1cd0dc98ab015bcf8
SHA1 81ca00581ce9d6c52a32065d8d29c4542ed39a3c
SHA256 07960ff3e7cb64cb71132ecab65ce2a9dd32104a1208978c48e4062f2e3b317e
SHA512 a9526de6ceda2cb7d602b309701020942759ea2ab9acae31ffe691de02263f09f3d11663cf5c2d8e6c4007cc2e1a597c0ca94f23204f112e959d243e7e53bd61

memory/2704-243-0x0000000000400000-0x0000000000795000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2143f648977fc8602c0985e8aee76c05
SHA1 223adae1c9af1505846a3cbe81c45e957cff5be7
SHA256 c11d44f68a21321ae8b3ef5f18b1df2a17e2806b800e10766c1af9b2a663ecf2
SHA512 559b55b312362f5f24a6b17fe3093fecc01c298c37dc5518b40e877e2c837162333ca548460ced85339ccbb3fcc80a69da70d47c1e5bbba6b64e4d31c5c89c22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d9698cd1dedfbc6027ebb371dcc4352e
SHA1 0c672345bbcfeb9521acdce4fc495d9b1035148c
SHA256 2ec910325bca0eec86cff5b6b4c22482e327a27d20ff994cf9deb8e0e2e428fa
SHA512 1fb3f6fcf98ec760de5de181a5c810dc3da6f5acd3672ce9162bf0a5b7edca507e840cb6f2ca6042ca01e4a6ad4fe6a9d3606e6eb1b1b4412aeaf25c198997e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe598330.TMP

MD5 cf00f2110fb3d594634cace8f6b091d1
SHA1 4285b06a98820df1a4cdfd357d14c3be0ffb70b4
SHA256 b5c1e16c87507cdc15c1fcea44f046db62411c3070842c5f46bff5040d47c93a
SHA512 c4f03e8f9696df92666e2d0a30893cba406021cf230f8e7561934ed3f7f933eaa136caa05cf70da54ceedf4af2207fb1ab062686250e9212acf38e8d5076a893

C:\Users\Admin\Downloads\Unconfirmed 508823.crdownload

MD5 045e35761527c65b5530ef3d5c2e6401
SHA1 15723ed7d69c49febe85a59b7ae9034c36581404
SHA256 3e4666516e41b5509d8626dc832c646155a96b918da0e8c862d659aa3b31ed17
SHA512 35464818b224caa2fefcae477e52821df7a6cd5ebefe38be2030d911ca599bb3f79a29c870ff94aff469bbc39ffe91a1a9f2e316aaa4111377a2ad8d7af2a219

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6119d21bcf782cb9c70cc1abda9220c6
SHA1 31e601e7c3891f9392a075e1111df74363226429
SHA256 d6404cfd1436a5ce3d91b9f9144fc4614d77de280ca85b10d3d3c43f33e37f49
SHA512 8ff49453fcc096c08305f60f55ebd238d0a24818d5288f5af3a494c996eaa6fa55ae598f42eb2808e92e1ec760847187f350518cf359979403c51bf1cf55c302

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 93d7d441571fe3e34a82f55d2735d22e
SHA1 8c3a7da668614826c62e7292936c48a1f174f721
SHA256 0fd543b1f9b578487708f848ab122f3e3a96ffe05c18eca9d1bbae7e84196cd8
SHA512 64eb49ef1587d7da4a3d75ebe891253f377f32c2cda74fcd6f6ef62462c2a73fa7028bac7060ad46dba75c0763ec0a9a3534d25ad8c140009bb77144755574c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4dbeeb3ebe1ae22b1963e31073b08b0c
SHA1 0e934ff9af33b6d2af080bb194e281dc79b8070a
SHA256 80eb928696bba144c20b5f336c81a3731f5438dfa7451c5b10db2991311123dd
SHA512 86071caaf4af3514e5ea68350e224b8841c0acddff453d41d45be8001585814888c8efb9e429c8db9378a5e7814cd449d1fd97b1481b1d11f9c50f331c9a7f40

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

MD5 f35a6782aea69cda718cc378504db826
SHA1 5fc4028de1c51089d9f487caa02a78d4d42266fd
SHA256 20f89ddb4dd26f98ce006ae2034a87e1c2347788697e0fdb68b87c95af0b680c
SHA512 5a5dcf1ecb32addf5fa9ffbce583fbdb4714e5b87553abd57723cb1b199c54bbaf038db1a7ee1cb095b1aad878f8d17919b55cb093c4a869d7356aaf28fb3a4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bebbb63b384c6d8de8fd99d732db922b
SHA1 3d0df34379e195ba28810102ecdfcaa04e568af8
SHA256 b335b66e1e20c8d7612a62bd912cec9a5f861349d7ba1f843e5e662b766ce9ac
SHA512 fec5bb45fd85f1ce40f1ab11a1da4dc3e011c092e7137d410611157f3c3fecf79db412aeb13a975a058ade9f7968d6beba7c5aadd02a5bf1099b641eb3e1df9f

C:\Windows\Temp\MBInstallTemp58dccdc78e7011ef80f1fa9f886f8d04\7z.dll

MD5 3430e2544637cebf8ba1f509ed5a27b1
SHA1 7e5bd7af223436081601413fb501b8bd20b67a1e
SHA256 bb01c6fbb29590d6d144a9038c2a7736d6925a6dbd31889538af033e03e4f5fa
SHA512 91c4eb3d341a8b30594ee4c08a638c3fb7f3a05248b459bcf07ca9f4c2a185959313a68741bdcec1d76014009875fa7cbfa47217fb45d57df3b9b1c580bc889d

C:\Windows\Temp\MBInstallTemp58dccdc78e7011ef80f1fa9f886f8d04\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.33\mscordaccore.dll

MD5 0377b6eb6be497cdf761b7e658637263
SHA1 b8a1e82a3cb7ca0642c6b66869ee92ce90465b2a
SHA256 4b7247323c45262bbb77f0ef55c177a2211040fa77d410513a667488bf1bc882
SHA512 ff3f6f6d1535e7aab448590fdbdf60d37e64e00d4081853f201c0103d7b7918f388db5469774f32af211e0990bc103bc9ff3708fa44efd868aa312c76ea65600

C:\Windows\Temp\MBInstallTemp58dccdc78e7011ef80f1fa9f886f8d04\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json

MD5 d94cf983fba9ab1bb8a6cb3ad4a48f50
SHA1 04855d8b7a76b7ec74633043ef9986d4500ca63c
SHA256 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a
SHA512 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

C:\Windows\Temp\MBInstallTemp58dccdc78e7011ef80f1fa9f886f8d04\servicepkg\MBAMService.exe

MD5 e807869f4a76f0ae466fff66756b4f86
SHA1 17ea39a557a0b4c3bd1e02371e4a1db1f87081b1
SHA256 1b05197713872249ddf575554baaa29bd7659a696992c45bc7db2b68407ddeae
SHA512 3bd5349ae7f8de024d4addae1cf474b93aced0812948d88de201896ac71626747d0fe2f779c5b5914e8a1768c56decf754288df6c34701fe6355698071b76701

C:\Windows\Temp\MBInstallTemp58dccdc78e7011ef80f1fa9f886f8d04\dbclspkg\MBAMCoreV5.dll

MD5 5e84b24b7d4e5d5a161074da559a1b49
SHA1 c5dea018ff9ce1c9a3e0cc90d1363fff57ab10f4
SHA256 b1fdd023dd927099a2991b44f17cf2845cd70e7869c3bdb95fca52424d9a6eb1
SHA512 f962b0022e544dffb722456409e90b3046df07262f7a493188f6e17b26fd8ed16363acb89729615a01361fceea792ad640e51606443a007653c1f269aa805774

C:\Windows\Temp\MBInstallTemp58dccdc78e7011ef80f1fa9f886f8d04\servicepkg\mbamelam.cat

MD5 60608328775d6acf03eaab38407e5b7c
SHA1 9f63644893517286753f63ad6d01bc8bfacf79b1
SHA256 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59
SHA512 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

C:\Windows\Temp\MBInstallTemp58dccdc78e7011ef80f1fa9f886f8d04\servicepkg\mbamelam.sys

MD5 9e77c51e14fa9a323ee1635dc74ecc07
SHA1 a78bde0bd73260ce7af9cdc441af9db54d1637c2
SHA256 b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0
SHA512 a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

C:\Windows\Temp\MBInstallTemp58dccdc78e7011ef80f1fa9f886f8d04\servicepkg\mbamelam.inf

MD5 c481ad4dd1d91860335787aa61177932
SHA1 81633414c5bf5832a8584fb0740bc09596b9b66d
SHA256 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3
SHA512 d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat

MD5 ca37fab7c4861d85d471cd55870d44c8
SHA1 e7d11e482b50bb502453cb50e1bb80e5fa9c4e7b
SHA256 6a5ef3a9ef8c16383986def5d9f717baf82c9930a49c0ea0f158d8c3e631b271
SHA512 6cb5f77105f47d45d6591cb835e3fe4f96532ff81f9715dc93f77a4a61bf84d124f95b37130d9fef82d47d19087748a36500bc441a0a4bb810d1c011f520f32e

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

MD5 dc15c5f0f8f49d5651d1136895123f73
SHA1 5077abbd99f5538a3229c9503eb7eec3438a7cb2
SHA256 580e23a55975bd52388bfdd1a8896c02b3e78033a1a92ba58a4ac2a7ff6db6f1
SHA512 ccc08b2405f870490bb6f1b2545d1afad984c38b2de30538b99d2e79f065f998ddc08f2a9a102c12f52c94f377507567ae589018124cc887b02661fb4f1c3183

C:\Windows\Temp\MBInstallTemp58dccdc78e7011ef80f1fa9f886f8d04\ctlrpkg\mbae64.sys

MD5 95515708f41a7e283d6725506f56f6f2
SHA1 9afc20a19db3d2a75b6915d8d9af602c5218735e
SHA256 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6
SHA512 d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

MD5 c01684d19eb2e8999976e568da9e2c5a
SHA1 1b839e9cbe7182880ec1afd0be5c3735b2b94a07
SHA256 807bc610e87149f667bb64433e8dfc9b42f521cdb43185746cb01b61254ff8a4
SHA512 51640f9ec8bb0a7289636a24de3521b56ac597722cbab9d6cd4081d3f5d7da3ad3a59a368843ce561c2a019fcda93406cc5114a47da7879da6cae58ee099046d

C:\Program Files\Malwarebytes\Anti-Malware\version.dat

MD5 6a4d4234f27718ded03e33abcf7d31af
SHA1 a9602491b99e2637f6356534fbed8927b9a5065c
SHA256 704d4fb0658061554d1c7a1c2c5a744b2a14353c1b9e0ce4ec62c2537d4b0046
SHA512 755bd0c3936b83c17c230432b14cafca5fadbbd4869f6d6fb65a605b92c94e4dc4e1ed2ebade979adca8a607ecde4e6682962890c725a262b1d13d2d32cfc52e

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 c13ccc11430ec41fe8d1f9a8cbe4504f
SHA1 94eec35c85cc951a84d12e5075c0c91f2de6dc52
SHA256 45eda3eb6a35e46a8856d52f34d1263a69c3e635054d29f9cbae0ed44f26b56f
SHA512 b17e806c0575a72b190296458b7a5d6b522fb8318df8a0c33e270a45275da7b440af6be7cdabbe5e8c5b3e26d4327b98335610741ef201a5a7d33f64d0c452c0

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

MD5 46f875f1fe3d6063b390e3a170c90e50
SHA1 62b901749a6e3964040f9af5ddb9a684936f6c30
SHA256 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec
SHA512 fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557

C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll

MD5 2bbf63f1dab335f5caf431dbd4f38494
SHA1 90f1d818ac8a4881bf770c1ff474f35cdaa4fcd0
SHA256 f21a980316bd4c57c70e00840ab76d9ad412092d7d2d6a2cff4f1311f7c05364
SHA512 ebb9834323329dc01ba2c87e5fad1083a4cb86f5ed761cb63299ac5336a9843a1aadd42fbed706797c2295117af1c00f96806422338352653c8e0255fecc2fd5

C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf

MD5 5d1917024b228efbeab3c696e663873e
SHA1 cec5e88c2481d323ec366c18024d61a117f01b21
SHA256 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8
SHA512 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a

C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.sys

MD5 83d4fba999eb8b34047c38fabef60243
SHA1 25731b57e9968282610f337bc6d769aa26af4938
SHA256 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c
SHA512 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e

C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.cat

MD5 8abff1fbf08d70c1681a9b20384dbbf9
SHA1 c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6
SHA256 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658
SHA512 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f

C:\Windows\System32\CatRoot2\dberr.txt

MD5 ce2a3f2acf2e16b76dee59b4cd082d93
SHA1 023d6233a4e55c28c1e95f880a660cd8439f8da8
SHA256 7b3926e218c1d88297240ce9c5a1a943553b0fc7461ff492bb8050372516616c
SHA512 9e2f199ca24dce05f8e99e90f01b5f94480af0a6dd47fff7ec8f321e70e71dd5a2d07f54f67d3da17f50b54608ec14a1992fe926564a04fe85e2ac7dc77b03bd

C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll

MD5 2ccb84bed084f27ca22bdd1e170a6851
SHA1 16608b35c136813bb565fe9c916cb7b01f0b20af
SHA256 a538caf4ac94708ddb4240d38b1b99914ca3e82283f0d8a2290be28fc05eaccb
SHA512 0fd66d241bdebd0052f4972e85b42639e3c5a40affe23170b84bc4068dff8e84446898a77ebf7cc0bef97454abb788faccce508a68bc5e717980ef26d8436986

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll

MD5 03d6455dc6934a409082bf8d2ce119d5
SHA1 995963c33a268a7ed6408c2e6de1281e52091be2
SHA256 82ca2aec64fe151efd59a838c1845111bfb9f94ff277be3afae4e3f684ef3a62
SHA512 a0ff71bc01a11c9a95c1a0186a7bbfec9c3f84d7e600d0bca877934fa5f84053627bc59bb355f53ce9e3c9e4c6a841b8f5cb7436fe7f43b63426a8a851392c6d

C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll

MD5 b7e5071b317550d93258f7e1e13e7b6f
SHA1 2d08d78a5c29cf724bc523530d1a9014642bbc60
SHA256 467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064
SHA512 9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 a9e1299b984d25c878fc28635c1ff0bf
SHA1 adf5a6007291c13840a8a76434619e0f4f0e9b91
SHA256 18d99a7a2913ceda9836197377a98b5f3fc09277e5012336dc82ee80b8ecbb5e
SHA512 d7bc38778be6efec546ab3ae745bf268e99c7294f25cd3350525b515fc564811e77dc4248dbacd006c0ee21955114b49d46bd1c714e0e838c8eaf57cf47714a3

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 ac305892ac51c713a27356680ed4aa48
SHA1 64942155da098c6b928eff92e5e7bacd29cd42fe
SHA256 e9bf110530c8ce8059eafaef824509a7f5bef91f7395fec5c2567f2ffbb7cccc
SHA512 9b543e63e8843286472cb4929c16d5a1ecb513c2a1e7b9484b160d1d54478c281241bbe4c05b7ec484bd0149e5372449818c51942e28ee64a461f0ae1caaf538

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 62b720eeca3c8b1809f7bc2dc6683607
SHA1 3a4c72456a9b8de8c6ec3d731e155e5ba0c3b980
SHA256 6fbcc54c2e9c26a2053ba772673ec3e711502afe9598de4b6f865bd85b474848
SHA512 a4adc4377f7a1ff4ac8d28f8124a59be7accf549c83f592bfd357a64ffc8ba58b7ffdabeb005110fe32a1c75499de303cea9d1bf2eae7f97a16b86a366598eba

C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat

MD5 56516aa022e765c689075d9919980f53
SHA1 7cc19fb59ed59d6d58335553f079e5e0edb1e307
SHA256 971c87bab52f3c136dc693f2b2caa0b283e42484e0d6f8a7d3ed4a445edda9c9
SHA512 ee70f1a4ae69f3ddc954f381b69d16c32ef2769c5bd27c7c2e6167a1509b47f1b782566a363cf0b15f0653c4d8023bc2c4e7d45635a8e5cda53c156ffd1b9edf

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 6fd682e07b166f518063a54460e1a109
SHA1 1af0382dc9a7cbbf8e1ed81169efc4716d3dfe2f
SHA256 34e812723c6680d1723c165d4449c24e4a5098aad68ccc34b24d67cd2217b5fe
SHA512 30b0112c9d11acb0c42470b1b093b2049ea9aa2cc9d8547051cc8a996289575538f5e2917569ac672ac86cb6537dd6f0bd80d884e117244bb17790fc86378427

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

MD5 1503e769317e6cc56fbcb4a392834404
SHA1 9ae741a306231bc5314db6451171799ab781cdc4
SHA256 ee945db058ee3170648e87d553145b8bb29c2b796f1037ff28997a6a3746833a
SHA512 67538aee52d34e780144041e155c9b99a8ef58e838cd13b8692bdcd056c6476a0e29344a71ed0bac4d0a8846b0a48f6f337b5c2f264748dcbfb2dedbddfd0cde

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 4c09b658ffbc6c775ce477b5139230e2
SHA1 fc4a27143ac5dc493818b4dae5709dfc2786799c
SHA256 707e4f999414d134a002d91ca73ad3d0e43e7ab513d1a76422fd2ac1d803feab
SHA512 5c3e32e2902b853f2d06e9161b923333d2b22d47c6f053943526aff51bd71be40ecab522e9709a59b781157bd836c3b8d48f14fb5854c93d726f7cee214aebc9

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 6d860e527d209c224f4fe76d92c79073
SHA1 50d0e9f114e13dce55c1d418241111f95d94755c
SHA256 9758584e1ff2f5afe5a19fd2542d29b853e65bc89b72da51b036f5d8fa5357fb
SHA512 44010e7dccc27364a8462d2de81925da40b02a31e179132fdb1bac23783dc0c76736aea7f46ec4f7f415e2ada1a26fac668b5a578826bc0adc242cc872311274

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 96ee387750064ef9bd236c2d85200ab7
SHA1 1ae40741c6432828eccec67678f62def51288f2e
SHA256 2230c006fb23106dd3dd10b7c86fdc37b0b56781026e19879ffe35043f6c6969
SHA512 5105b5871cb148102c73c6515af12b35c4d9fcf6648529c36726520b5a68b30fb69928e8069b9eb9b41dde5aaa250b968799f15d594b4f27aa53d3e494ab9062

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 8f1ac7192ff3182f8c0fe0308e7533e8
SHA1 1f3bfb52056a146e7f21a90b89ba5db4a42e1f13
SHA256 bbd8dacb5f88c71fa086ad579578bbae4e2297608e372b582acbe7b65e716896
SHA512 fe786aa53c644e4d540adcc4f9f4eaacc9578128d690d69c0514efece1b035f1265284a565e13c611b762fbabb4f72729e163812f09c9807e4cfe6fe33ff9f10

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb

MD5 ccad88bef857b6ee484a7edd4a3fc631
SHA1 bc5b08d6715c3f60218d01f7ec0c0ce720044f62
SHA256 fb83daed666a25b5b6d645be8283216aaa09f33993662357ce63e97234330d1f
SHA512 1a2dbd270af27caf97efd0f226ed421b59ee1e97b12e469ca64dc94b0ad4609b84948160bd465290d835546de1c72be5d6f95653e0282624c1037d821709813a

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

MD5 16a6aad848aca7c684b68f94916089ff
SHA1 dc3a936948599dab48b7c27c979a4bb69e8c975b
SHA256 99becb68768c0370ca8f49fec4e1e6bd8fcc9981d928ecab27bee1ba24dd691d
SHA512 d27236da41122881e29e16b257807639c1c74c1bb243684c7411ffd25f54edf093e9caa1e38052a9e665039fef579adde4080bcee816e7b3d571930006f4f508

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

MD5 995174301f78f82ae249e0ca88ab3580
SHA1 9243e263e4ed877eca7fada22f57806ef0517ce7
SHA256 62bfcd9b875621912a572abf99b8203bb5ea93aa42168d44dbe546cf15229d2b
SHA512 97d71741c718a2d344affef21628c380337ce05cf2f37392e6c6e3e696e44810d1f7eb07eab8849fd2a0125acdb4ad08f72cec41744c4948806c28230aaa5932

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

MD5 956b145931bec84ebc422b5d1d333c49
SHA1 9264cc2ae8c856f84f1d0888f67aea01cdc3e056
SHA256 c726b443321a75311e22b53417556d60aa479bbd11deb2308f38b5ad6542d8d3
SHA512 fb9632e708cdae81f4b8c0e39fed2309ef810ca3e7e1045cf51e358d7fdb5f77d4888e95bdd627bfa525a8014f4bd6e1fbc74a7d50e6a91a970021bf1491c57c

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

MD5 f802ae578c7837e45a8bbdca7e957496
SHA1 38754970ba2ef287b6fdf79827795b947a9b6b4d
SHA256 5582e488d79a39cb9309ae47a5aa5ecc5a1ea0c238b2b2d06c86232d6ce5547b
SHA512 9b097abeafe0d59ed9650f18e877b408eda63c7ec7c28741498f142b10000b2ea5d5f393361886ba98359169195f2aceeee45ff752aa3c334d0b0cc8b6811395

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat

MD5 10f23e7c8c791b91c86cd966d67b7bc7
SHA1 3f596093b2bc33f7a2554818f8e41adbbd101961
SHA256 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc
SHA512 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt

MD5 aef4eca7ee01bb1a146751c4d0510d2d
SHA1 5cf2273da41147126e5e1eabd3182f19304eea25
SHA256 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f
SHA512 d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat

MD5 ad1373fed4606c353518b1f85a02f376
SHA1 66006a7911f37ce8630ec94247d6b38dbb5de250
SHA256 d0cc4f88de6f72d9f8ca1463a1260ed7f241254919ecf0b6a17c8abf29e00801
SHA512 4160fc3708be12c45ef8f4773f655f48e3969b2da09c4b4d188d5fd17441cf55c2d56f364da9f7b560a4b9108ec50a4327be4a59cd93be522918faa975af0c60

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat

MD5 ab7465ec104de274518b4044540ef4e2
SHA1 42e6d1f01a4c89848ba48a5e835393fdb4048b2e
SHA256 f7f53d9227da6e430de1503aed512438ba36b1c2e5c3fbe954355a61a74aee2a
SHA512 65c51c013391a193eb1c5137c0813b991cec15c588097183b55ef4d43d0c0bde6908c966afd7c9a54758ddcfa2d17107d96474f3a55b8be734409d1db52d34e6

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin

MD5 de80d1d2eea188b5d91173ad89c619cd
SHA1 97db4df41d09b4c5cdc50069b896445e91ae0010
SHA256 2b68990875509200b2cf5df9f6bdfcda21516e629cab58951aac3be6a1dd470c
SHA512 7a8f5f83552dbff21be515c66c66f72753305160606c22b9d8a552ab02943a2c4e371d17dce833020d2779c6d9fe184a1e9ef3d1b8285c77aeb17b2bba154b3f

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm

MD5 3f4a2a51c4d17b9d22196e25665e1643
SHA1 caf7b5137e7ac9f9ba57fd1b8e923433a6e99f9c
SHA256 2bf8ad8be723aa9a38acc41342145fc36934ca7267abb4014c8893232b7d7cd1
SHA512 f6aad4019a31b5e6be5ea5a563b38f6f2519d7b900dfcc023b07dd122bd0db7a7baacd7b67c5c7207a5a7858e4bf48fc319cf6ebc803ce892068480108db24d9

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

MD5 76ad25209c1e25e915cbafd89de7e2db
SHA1 142134040a23ec7dd6f486560118ac0d63ab75f1
SHA256 60a0474426a7b0ebf9b23f87ff596edd6c0bdcec4892e3dc3f5f1075d8e1e538
SHA512 586e9611da5daec2ca766c3e9cb10efc2b118baa93d6ede08522a70f2f85a458e53f1c9cc78049092bc96d8bd792dbce0039658845b4fba60940eeaf0795f8bf

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb

MD5 3746d9d7e4f132d05b2b5acba1d0268f
SHA1 7ffe6945875ac2ab66045fe1f23a3780acf482e1
SHA256 ede3ea704d65af945bfad2e2138ab0f342791ffe51ed0cfae599c47ad81513e2
SHA512 5fa3ac52ca760860e5489576097c0161091445bb5ceccd64b0dc215f80971f0c1485301e231abda56d978dad8253814b47a6e431a15b82c138a2ae3c3332f150

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

MD5 aa79ed13a74f94ddd1571b3cdbcc1751
SHA1 e1ab59c2604c697bdf93534e0c70420f1867984c
SHA256 b516a9768a76458ef3f78bcf6715de776957c688db0e2b3dd79773c05f6d52d5
SHA512 0818843287a5400a21e08bfce96b7d182a402b4e7e8cd3a38238992d4804cbbb0724753883b9bc90bcf8ee2d8f884c4416abbe719e5f0b8fa53e3b058c11c37a

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb

MD5 9b773db1d852d813908bd09a017de70c
SHA1 4d917cbe2ee7b4df5750664bb1ab504c40ea5a2f
SHA256 d1af1afc7c9c6644bc4353d66a577336a2048417250adf4f35cbc905c09c461e
SHA512 531a55b947e09b7897f917c88975262c985b4f104be7c8576a9c77f49290b465efdc4c580d5b9b95aa7b482105c95c283c4cccb80e1dc9be594ee3d5415624d2

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

MD5 465c4a02662ec31bf1728f8422771bd0
SHA1 103b5ab5a772b596768b5700efa00a33d1254908
SHA256 0a189aa05d10c29867c1581fff1adb8420433c944ff5c313ced2b24415fc9373
SHA512 ba426d02f86c2e076f00ca3a10c735132d73bb7f5db418cdf64f2d73387832b80880ae4c54ed9a5fba87a704c236bf225165351966a18943b58b92f67f34225a

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb

MD5 2f7423ca7c6a0f1339980f3c8c7de9f8
SHA1 102c77faa28885354cfe6725d987bc23bc7108ba
SHA256 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55
SHA512 e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb

MD5 546d9e30eadad8b22f5b3ffa875144bf
SHA1 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d
SHA256 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f
SHA512 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 0ece2b6abfc8f3530378ad0a1b84fa19
SHA1 f3a5c036ae0fb1d097b1150b7162a989c7c28b06
SHA256 82d469f5b241935b853fa1ffeb502359269ff1b15687ff3a3f735f3099fc431a
SHA512 354c4c34979a791cf50ba1b261121da98b52c50f78443d416ed2a435bca9e83964c0423f11be532731d64ddb8bc09985407dee94114d9fb80308998eed33e7a9

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 2e615ea0ecf9e29c379b0a6e6d80eaec
SHA1 0b9e46553c0aa5a0cbe5fa4819f44305ab412546
SHA256 df578a4f97bd9b4320ce078d5e47af53e4542eb7dfc749175e355c203d71af91
SHA512 3dff55b7c7ee2c10b45ac24aad041d512b6bdd1139e6c328befe28ec63128f29f5eda7f9e87c9ab66505558ea492a70feffabd2cce73963e28978db2f11e5e53

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 7c8424d8f3c5c42e3add96cefd410095
SHA1 91bdf31c57abb3f89e03cabe8ad10efd9031b046
SHA256 394c4f66b81f1ea5bc8712989f86d34e3912b30a4e46dcbbd8d2bf67905ddddc
SHA512 a9d9cac366f7b399b88ba20e77089f6f31aca93da301d79374dd20be233874a61a86f2d9dab55c2d2436f974c81d981c555f5a2e20d7a132c72ed0ea54ee3dbc

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 efedee2a3582ea5555aa78c3a7122ab5
SHA1 f8ac3c8a05c5f304d38c9ca1daf7eb5026f41ba5
SHA256 2ea4c650441294043139f66ba4d18af1ced8624bf689eb47e30a7555b0a9ef57
SHA512 47b05a3633218c58b21658d9677993c48f37fa65564ec674f2e4e7038d5b3caf16163d905a33f1eb6ea396472ae5bb977abffc888aa232941c053dd6def1b2eb

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 b38258d9b6b8cc4c80021057e82262a2
SHA1 a4abe9fbd0c80d53caced361af7d90af0d225c14
SHA256 88c7e7bca8e9edb0c95ef6c2da47e820bb94d80da12383f63d2bc4ca18c84941
SHA512 225a9a94073a81ec4fc90da25cc2254baed7a2c0c2cc87335b1104ea1e54b161a6229187ad8fd3803f57f59d61901e284d0b3e3943d77cf1530ca412867db8cf

C:\Windows\System32\drivers\mbamswissarmy.sys

MD5 246a1d7980f7d45c2456574ec3f32cbe
SHA1 c5fad4598c3698fdaa4aa42a74fb8fa170ffe413
SHA256 45948a1715f0420c66a22518a1a45a0f20463b342ce05d36c18b8c53b4d78147
SHA512 265e6da7c9eede8ea61f204b3524893cf9bd1ed11b338eb95c4a841428927cccbed02b7d8757a4153ce02863e8be830ea744981f800351b1e383e71ddaad36ad

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 5166d673643596046efafe25b230c870
SHA1 e6180cabccbb10272d63ba560c750457c9e98fbb
SHA256 515050e5f0721fda40b0a5b6d7563619ea573c6b2e5e92f7e99dc70984027d95
SHA512 c9afbcb232f233e2094b9dae1512816c7a8d8faf93cd77c4e5bf034081621fb57cd981b03032c09fc4d7008ba32a25bff1ec6fea91ec606af5def5e08fcfec2c

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak

MD5 6a7bfbbc9a76e69f3c4f9d05f38164d0
SHA1 67157b8646a096fb2f53763013976a56a80c6f84
SHA256 3bc072ed44bb08f10a6ba8d4312efed08c6306e64399e492a0a841d52a60ed1b
SHA512 4e04ba9e2aca14a79f6d1016f8f17fcb163577a01f39b87aceb05c08a0aa7da0a10ed673089f5631ae542516f39d97f1d7b38ba0bcee27ef3e9c0a2d18fad693

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 c85697ddbab6e646f301b820271278c1
SHA1 6df5778d21d629393021f003bb08d310d6a64cb1
SHA256 837b827106feedfb40446d633d0e00ed5ec9512785bcba9285c6a5c7e4264d0e
SHA512 71838548deb0dbd0c2ce4d025e9d4d56f1aace5b3a6aa8e0cc88b8805b645a3b1b689de2a183f725b60be52ff3b20fe59ca107b781bda4c735a629b3412e3737

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 5acdf9980f01fc050c1bbc4c00e590bf
SHA1 7479da0437999ddf48a66ccd76298bf9980db8ee
SHA256 4d032f38c796388a1a23c4e9b1efbe1e7aaabeb8ec6f2f7ff1747dcf2591c073
SHA512 96c82980ab0ec625e89fcc3fc879d616c784f9a923b2c6fb942c3b03a8830182052972d96bdd3360d18067cd0351275451c75dfdb14174e07fe0458a3fb94778

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 10c218a08fc14c818acbceee2d5507c7
SHA1 ad513f45cdacc51c4abeb887a340ecba700b89d7
SHA256 40960660f1fe37b84a73131128efe2983fd2c79baccf2273a17b3dd2584f2a06
SHA512 a4290f25965cdc4826ef404e0d567c311df14e14b6bd06741c5708f1ee35c3c9684da96ca9c2faeefbe506b90507d86ab0fe84316fcec152e1d863e9e0ed812f

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 b80d114032d61f88912b1c5a182604bb
SHA1 16892c3f3e2368e5fee8a72b42c5cbe17ccae7b9
SHA256 b1b31d7b391ace153dd6f257a8ec8b72c01619e4dcc25a787f3ee7790eadf46b
SHA512 c12c318bf21aed5a94605af2da907dbe9788f341cfb4dd2d807a30b031d4a4de7f88b01d1877de67b42f4fff1e81637ef8ea44fcd6bffdd22bf014f2010b806e

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 92cc08ddc1553aef474f6d65710b9df3
SHA1 cb4fbebf5c07c45e54a9f060007f5633ee5f4738
SHA256 b5961fb1450d90890363da03bd3c09207f9f70f52eedadf74af2b705e7ff3f05
SHA512 5160e7a5042f8d037c4389cfc65c28392ecea55729c02ae9a7618f4a980c2ae39fd71fa6c67f13035afff70469f3316f846e4ae24295b94a1d74cca2b180c70a

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 b5cdac46c76a2124989b8d9ea50671b9
SHA1 b9008fba1d59b2331a0eff85755ff2ce633e3f4a
SHA256 9b8e845930cbb88d86146eee5a4a68e99dc961c4414a62a0b65f194f91111568
SHA512 75fa010bab232a3f2160decd8a14ffb6af91cd3f8006e7c4114cc119a402413e167773d753a168b049ca3e233e8ada8b048b33a63831cff49712465edfacd4ad

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 e3575e20038afe2d80b7407bc35e3ce0
SHA1 9ebcbdf1d89e97bb842fdaa96b41cd1cb7dce6d3
SHA256 80e22df23509393f054eba669a6fe9417ebe93617d5a6e93afb5bfdcefbd2ae7
SHA512 2bc5d364655710a781595d6f5a126ca6580d3e5fdef224fda7cf95e17bdf8553c6f404409ed115764a24acc7fc6bce4b1c1d2d0fcd6c3b0f8eba5a335b20a545

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 45992e6eae8494519e3693f13400eb28
SHA1 a23e355de1870dc482e124b50f77d5dc722a9889
SHA256 879321636a217e6cebfdec7b5ce22a4b415e6fbb9d585c6c9ccbd9640b4bf8bb
SHA512 54fee2c0cc6e1a9809a0efa030317e97ec2f5bb2f2c34a6a9b4dadaf6bd90f88b465c9beb349b8252e93576fe4ef18e8f1ef1dd067b7992298c4cd19dc539e97

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 1adfedf32662ef984d5d78c2bba9bc51
SHA1 d5779dc0c921e352c4fb93b3315947edb879882c
SHA256 25a42bff897b0a77c5735d21687754979785f1b241ddcda7eba7b796824425ef
SHA512 d5add175bd08c1cd932f5865a9d6f28c438a3aac6a62b597eec82c6cc00354b060552e7ff61c2f688ae4ef743f0605294533bbbe9f20c65add90090b07f8edb1

C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json

MD5 2cda2548a96eb7bcf7719db63e48aea4
SHA1 7adc0b5ad82dc9b6e9f55c36e5e920c4d0cdfc9e
SHA256 2a6359bb4e5e19f28580d7769b3c6ec442606f2bdcf88d126f0ccf3b558f37a1
SHA512 568279183bc1f88b8c4df233f4ed8d6b673567a442e524e0e928d64a2987da24d69af702664fee225868baae5376a4ef23235fb854be9bd3073210527cfc855a

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 bbd5f2aa6d4f73ce2d6f784280513a80
SHA1 0d1eb165c1c62a8243d789a238d3de4d2aae134a
SHA256 ad63660da0dac6be85529e883fd9729df40771cae93f7725eb2de85024621838
SHA512 dfc8f64b6f1cb937c022ba6702029023500715fc01b51201503467a15dbaf89ef11612cae3775463ee062a126a0cc080bea525e32bf5acb82183488da45d82cb

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 ed99b820438272f1a0b8a73b403a00fb
SHA1 c0d2d4bf50a3be3652575e0d56fe98ac9427f7e8
SHA256 391866b89708eade2a56788b2fb30ff77135bf1c77466350283619ef566f6334
SHA512 e4dccdec953d9156bfcb0469ae25314f9a89d294e34c434561da6a98108a0a9587767ea886f5766a4eae67e1be27745949b5a41ec9cf1205bcdf9ba516c3d018

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 fff97d87aeab43984fd661b2001dab2b
SHA1 95a7d1c9267eeb21d8f7b65eb6c6052ae60c4049
SHA256 00633d3f24d1d6062609929363438d80298318f443a3f806c46f55ad779e5f51
SHA512 3b3cc1d0d3fca1f7389c596205cd008c22d1cec578fd163139536fedf9aff26574c1168e991226d014b85950100f97dca155a6fb9ed93028ee3399e4cdb40b26

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 90fb8712a2347a6392470e4e10369614
SHA1 03503a1c83def1e3018bd29a5ac8ed15082074ff
SHA256 e7307778c1870d9ca3d37f80dd49bb39ad586adef3915ac1a1e0b88f32f5751a
SHA512 db8d53c270f52f0dbdc9b70bc3601f637597449c8db15e0fff80ed72ff7cfdff1d460b672a88f38a1d5ce59932e71bfc438e52dc6e22c8174557b65c28da9e97

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 68a40d95c4fd9157a34680ecbfad267f
SHA1 7271887c6c84301738a73f9e300af6e50c42bcc9
SHA256 443e0830f40188d701ba0d2b457ff09aa2810e4f80bd1b81c738ec4d7a4ad2df
SHA512 e5446a419fa687001f128e7a2e7408dabbf2218e4587542c5d077d42b0bd7500fef7b743e5cc8b67c36f5fcf46538d0e5794287a5352171d0d72ba33510a2825

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 16f11f23e73efe57382eb89d67abd689
SHA1 5c5fcba3ebbb238a8063ffdba999c58fd0cc5882
SHA256 c8bb2d109cb81ffdd8e8a3ecdd280723d7f2f66193b5447447663e5e2519bbf5
SHA512 5e6a9a82f5e72e0516cfc03424b29d8052f1cea4d483bb4c73e4f2463e3e3829d9ae308b987be8859474563d2814cbd68c6882c2601bf1affe1668fc1020a446

C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe

MD5 b672a064c3cfdf56ce0d6091edc19f36
SHA1 1d21d4ca7a265c3eafaae8b6121be0260252e473
SHA256 04fdd99a4e8ded496a99c9d3c8c0b6a9a9bde9c4187d07342260f63852ef6273
SHA512 53e6c4bd68a0cf36160b21d63e7a6152ca78f17c76ccee9e185c1cf3f5a254c05f401f91501ad3d6806d5085b1f58322e6b7ad483fb813b86cb8570519410680

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 163392b7cd23d6e6f0a903534d087abe
SHA1 13fa825c3bd85c236291d1ed92c8894dac3eb633
SHA256 60ec4ac74ab892655deb8cf1b14eb176a68c3e7c2aa546a8ad51302b8b427ee7
SHA512 a909b4e7d02f8d1cfc1809db003bf9df878a6dcb003a801a2f14bc03f39e04b90db0dfd02c85b08fdfc42bed678a93449164231dbb0f3ab93c8fe90265832192

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 ea758b91906b857e7976138439f356bd
SHA1 d7d30380c2ff535bac8d06164c054fb355655180
SHA256 4ecff7ab970704fc47586782216f92c752a82a13b84d6af7bc1ce20c82d4685f
SHA512 f7f4cb65f535e2d045328573afffdfc78a029f07859d16c2c856ba83bf4d74f36f93ca84b2dd61149c49c80b98c7f3276219e9c8f37436c26e2d7c1ddebef3c2

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 30a11702d17b1c2d34d89a235d113239
SHA1 85244847cccc6d8cc068eb7bc0bcae93a0c2599e
SHA256 e64615e6c16274d5198694601678f71d2e09dca4a669db483251d410afa02fca
SHA512 1bb9a27f6040075c438028a3af979c6c5ff3297bd8771a20fb7e5f16e81fae9226d781273a142f36320b5cd2ec15c22775a616b2ba65e47105d166228fa614d9

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 845f31c8ecedb9a97d555758fd89d186
SHA1 e089c4aa2f55a2624ffc7b101e92c0e20310d2d0
SHA256 f107518de029726590ed2975abebd6dcd1ec33b708151ef51ad4369b33119531
SHA512 afbe5a4052af072892d60db2d8e532c7f611b01a289c2fe4077df3c112b9668b53b6aa20ff01dba76b46db970547a886906fc7c3a641fb567a261ec068af2247

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 20e904f8249caef9a6a18842d2e960fb
SHA1 e978d3023bb1d863e64a678136342779a2a4067e
SHA256 12f14c582afa4e0f0b3ec6cce128f46fca2ce07878c7605b9b65953209d450d3
SHA512 13fe051b7121820bfaaf745fbb8c68fbc856843a775f38df770a8d1526b5dec77641c71f90525c9c2d3ba4df01059439232f2c02ab720aec74be2f1826cef3c7

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 9fc5c8ac6e38aa6782df7f25ddba5d12
SHA1 6481ae00a918ff69065823ddd7a27d69ee59bef3
SHA256 5abe4da3b0652bd10f386f395c08038c0c076c83ce1d94cc031609f97c62bfda
SHA512 8efe8e01e13230c1b97784aff26c5bba66822db21ec45ed990ffb7aacbdb9e16d9b0dd1f25a815235c2c04dacfbac40c7733318729f415ed1d50f54950dcb834

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf

MD5 5a9717e1385703e8f06b27aa10a69e87
SHA1 84ee67a9167b5eb6560711b9871de98898ad07a5
SHA256 47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4
SHA512 dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys

MD5 817666fab17e9932f6dc3384b6df634f
SHA1 47312962cedadcacc119e0008fb1ee799cd8011a
SHA256 0fcaebe94f31fa6e4d905b5374733d72808f685fa3bcc9db9a8a79bd4a83084f
SHA512 addc9a5b13da4040a44d4264cbfe27656b7d7971029a0ad53c58e99267532866f302ca8831a3f4585bbe68d26ec2d11a6b43de9bf147b212ab1f05eb4ed37817

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 7a1e7c2b8ec1f77c6cad92e4c19e68f8
SHA1 1807e8ef7ec1fc3f6882e4c222332c3dafe91cc6
SHA256 adffc66f5383b052689f96b0e3d1d3596afaf53b49003925c8927fa154a7dde0
SHA512 e2532eff33ee789403fd163063f6cf9343791ca857216e49060fb54c3143b4f9c1ea5f9bad083a4ba89d61af340e842c60bf3199a850c243b2276407bc352b8f

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 8186826706d3b51edf2dc7ccf295e338
SHA1 801ca6b168c4cbdfd534df53d2c1462bdfd49725
SHA256 a4a112131cc87092127075ae18d53f0b383b2aced92034f1405fa4bda9a99895
SHA512 0fe4d18bc7973da84b9dfc3788eb833590206bc971f95ab357ca7525d51e461fed358231db3056acebd641ad618a780a9c8c5f18c5304fa17e3831c2ea91238a

C:\Windows\System32\catroot2\dberr.txt

MD5 3ce682d3fd4b38e93e65167ecf455150
SHA1 f43e4d6c8556b27b5d772282f23e49e35c6fc2ba
SHA256 f8e8075041d397fc7d1ead81e726d112cd3a41ab8ebb4879f4df95fcd4cfca37
SHA512 018340cf9afafb1aa373d5a3b89080a8781fb3cb6bed8c63f70fc354eb99aca3dca4889c95d6f0498fb7ba937d9de2fe39eadc64afc68134da6abdb70cead023

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 176471506e8539a026f293c9f7d9e168
SHA1 dd80642489c7fc447cac0de1a988f18d387eab27
SHA256 11db75d7f29ec989c251a6b1d45914ae15a838e5d82a96205eec0790dcb3a54d
SHA512 b2e9ad2f8ce0733b99f07a7ca918f6b3183ef104dfb9ae88851b00d5a0e9d2bce8b93a2b52d48a9c29e2dfec9ae3bf60607f08bd73262e36f2a221b9a8aeb3f7

C:\ProgramData\Malwarebytes\MBAMService\LOGS\mbae-default.log

MD5 8ee698f3033e7f7e8a5c4049981dffe9
SHA1 9c8d1468fd418598705bf1020ade2c7808c043ff
SHA256 43732646ebace92a8d7252e3ffc110bc3b1ff7d837c122ee98ef72035e57b5ea
SHA512 58bb9302ceed4389dab180f8c72512739302cd78bc3c939d09dd1c3c3deac26f2333eb46e4f89d6318a15ce7505f1ae9fabf99f98e97bd9c9b89b2b89434493e

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys

MD5 954e9bf0db3b70d3703e27acff48603d
SHA1 d475a42100f6bb2264df727f859d83c72829f48b
SHA256 8f7ae468dba822a4968edbd0a732b806e453caaff28a73510f90cb5e40c4958a
SHA512 0e367ce106820d76994e7a8221aaaab76fda21d40aede17a8fe7dedaca8f691b345b95cf7333eb348419bc5f8ea8618949783717100b38ed92544b9199f847f0

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.inf

MD5 358bb9bf66f2e514310dc22e4e3a4dc5
SHA1 87bfc1398e6756273eee909a0dfb4ef18b38d17c
SHA256 ff51780a5a854b2c18f71ae426cb066a13723ef6155e24f4910137c9e8dfdc17
SHA512 301ec5ec5c0813951843011f2204924240235494999136ea30a557cbf58146fc6043a8866b344fa7deb927d7c83d44e2aaf45adca7d221aba5d36715b9a63e09

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.cat

MD5 1c69ac8db00c3cae244dd8e0ac5c880e
SHA1 9c059298d09e63897a06d0d161048bdadfa4c28a
SHA256 02d57ac673352e642f111c71edbb18b9546b0b29f6c6e948e7f1c59bd4c36410
SHA512 d2ec2ff9fea86d7074998c53913373c05b84ddd8aa277f6e7cda5a4dfffd03273d271595a2f0bf432b891775bdd2e8f984c733998411cfc71aff2255511b29c9

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 e97123959dfee73a0335c95eeb2ef832
SHA1 3a3bfb6e8ba8d816154cce411a1d828e44ad16dd
SHA256 b9a23861433c1f5162cbc8d56d91fad2e0e22bdc0a4378fe72d75d988f9b2eb3
SHA512 43b40411a3d07237b3606397cf5ca79722f95a7286091d943f818dcfcbcd40f16a648adfcce04c3f22f3462b1ec5c8f27b4a016ecdc1e86e6cddc8127413d05e

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 975adc412863c75d554daf658a43d5b3
SHA1 0a35403337faa9acfcbd5f92edb934fe85ab3f4f
SHA256 b93bc2f685608803f640bd02e7c0f24459f489dcf9e7c86b15c822fac8febc0d
SHA512 37a83cd77bb4ad9902fd675d01889d00b97a98c68cdd4d9aed7c7115b8004bf93782f85af6cd5b9397b3ab8bae3086ce1bb82253979a4afe1e5d2e6b8daa5329

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 3a0cf440e9f31aa2802a8c574322442e
SHA1 5ca06b68889810398bfd15e014daa485ccb4a75e
SHA256 72533c5ad832a9378990fa675c67089e76cdabcd42da640a1546b76a924c2e4d
SHA512 7ea1dabf023074b52dc1e47b7c13e9beea96f5aa4eb5cdcb4562c2756950260137e6208746c6c98957bc36c269ec1a0fa537d0244042d0083f190dd3fcaf6979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9cf690382aedc54f2de3ed33e673f9a9
SHA1 31bf3ffe99547d18f5c66e713577f6fcc568a3fd
SHA256 221f535c9c048fc16cb68d5efa903a738e77b4bc16089452d1b48202474fb674
SHA512 f79006b035544903e10b73c0f52e8738e48726b797c89940d10c233adad4aac8887fadc57e37e993b8c4392bb9fe52fee5af81a03f61b02dd7fea71d936b5bfa

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll

MD5 52c4aa7e428e86445b8e529ef93e8549
SHA1 72508ba29ff3becbbe9668e95efa8748ce69aa3f
SHA256 6050d13b465417dd38cc6e533f391781054d6d04533baed631c4ef4cea9c7f63
SHA512 f30c6902de6128afbaaed58b7d07e1a0a674f0650d02a1b98138892abcab0da36a08baa8ca0aba53f801f91323916e4076bda54d6c2dc44fdad8ab571b4575f7

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 0a8563211b3603533aaf0a829109ec27
SHA1 83d949a3d4ba4b022cf4cf4a0de6fd45542904d6
SHA256 f8b23594fdade56f2651be74204b6800ce36e3ba78f8fcd3da96766241261157
SHA512 eb866a2df19893932dcf9f04ad3cb995d00b45f83a89f6ef4f4aec39cb6388af2a7558f3da392b2e32dc561b152162cfc20e02a1c5577cfecf1bc351507864ef

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe

MD5 869c1203781a48747f74786f941eabe0
SHA1 d2eb104e7982b6c10a8a1fdb196c69d3ca8173af
SHA256 bfc55011ff831980e27627e766fa02a7d9b48bc27898a76d40e282fe56ff95cf
SHA512 b6130421823757b76a9469ffdd5307df80b06f633914a41d2ac50328bbacdb9d91fefaf586b2f0444132fb534f5db7e098c7138da009adc3d05d2665f162f1b7

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 61bd6a08809d2703f3ff45120e862219
SHA1 8d5f4df8a69af1ed3cf3ceb472b506b0eedde090
SHA256 e8f4b689259603c447bbc4558865034048439c0a6532a894ffd745fd42f25136
SHA512 9eef490621173d33c092a4e796022052139fc884b5d4bd9630cbd26f6dded1ec7b7ad37ba415e9772cfda63584eeb3f527ecc8e0aa9d9b8d0c8556c72f25a0bf

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat

MD5 3da850e8540c857a936b3d27c72ed0af
SHA1 cd5b3a36b1c3d762835ed2f62a151c5127f01dbb
SHA256 0c77c63c9eb8eef49e833dfbb2d4f0e91bf9aba6bbea1fbb8ff8d1cdc16f7e38
SHA512 5c9d5add57ad377cea6958e13e515053ae8aa9f9d8471e8ec57064e5bf8f5c1f3efdf26078aa287e63f38b528333c69be0745894cb2c0b427d78775f7605507f

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 867ea8692423f9008587fa5551cde61f
SHA1 e3f659c6909e2a5d9ba0723085635fd31fc7f55c
SHA256 bd0003edc56fa043aa40896b67220b8575bf8824007750b8366f7b1fcbbe7b54
SHA512 2047a7d28ca1eccf3102b7990dd0e899c5713ea6c98cdeefde50cac2478b7be41b97e367180c3a03cd59765f3f8c1d1150c6f4a8256af1bb05d145252719d1e2

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 105c1474638a2df6db0381290b289e6e
SHA1 0fa461bc5eb6ca497f2a18334e4083fb3d6d07b5
SHA256 779583482b089497a6e573429227eeb31f491d16c8761fd26dd5029918d19a9c
SHA512 f4eed0e8a8959cbeb737a7e346d29a033ccccf2456a80ce8fac46dee3bf77d8be6bbc772e87f1047c73027d352164f259b0b4e7dbbabab10acfd10f8bf8e56b2

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 2156cdb05ccec09f2f59a1a81d3cdabf
SHA1 852b17d2b1c5781e79ba4bf9d1bb7a8221f4069c
SHA256 b016a4488da7624b0487e7b0e5f88925dfe5342a1812ea9fbfcbe099b25b6f58
SHA512 22bcb8cb837161b52824cb34fe9accc5948cd7586b42be0d5322dcb9226824dbd1bb5d69170a1e15b04eb3707fcdf305f789bfa2a9e07a4839b0fc1dc38ee631

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 15b0c06895136cfae26139846566d55a
SHA1 2e393d020391b0a5bbb9cf2f962aa55866bfc3ac
SHA256 0e879f83ff21dbc19b4c697c5d7b1dc3680b08275190ee9b859dbfd3ad0834df
SHA512 1392733e5ccd02bf7f72f26850161ccec793bd609d3b8ba728e9fa95aadd46d000927e62521fafd65fab971743e1757153e63ed82af777740b12075fe975cb8d

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 6338663c6b841c02831bef236da57bfa
SHA1 d797257776340978363966f9b922fc9bf91dc576
SHA256 98e0b3e4d3e37c641bc5df789459749f064d6cb0a386749800e6a4e53086a9eb
SHA512 e3b4b11dc44702753801b9b8de335a18e2239d817814e6654e414adf70694b09cdb7921c9d46382d9d4ca97bb506eb039a409fa3aed3d1fa7ffb5fa06c414abd

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.tmf

MD5 c97bdce34905d88028d709cbeb8396c8
SHA1 fee05f9fdf2f52c3b13de2e77e6ff98e4df485a3
SHA256 72e4695c9c70d5bb90bcf4d4f6b20607ca25fcdcb1bf9c5c77a062c6eae77370
SHA512 31ef1b6219d6bb7d723342e2f94e8199fdd517cae7008ad1f77e064f77eea0f6a3c0823269e55285a27137fe0234cca731829691f84f100ce048a5f62f7466e0

C:\ProgramData\Malwarebytes\MBAMService\ARW\mbarwind.arw

MD5 31f4ed6c2077a6712cfc2b27762b580b
SHA1 57c68266fc9b49c5d7dc62a15eb6636befcbc84b
SHA256 1ca6574269eb2e6daa059cec58c5e999fc6345bb8a93a7b3e22fefd34a7ea8b3
SHA512 13d9727a694c88fde149517beb4d16938f328486065b9d491151b06855312cd0b5deda67a2ee4ba85280d19d7d6b648bf0b6ffd3ed9cb346ba9ed0cfe9ceeed6

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Windows\System32\drivers\mbam.sys

MD5 2b6ba2a29aedad09dbbf964b404ca4d3
SHA1 f4740d6bdda9e157fb4e0b8c039117bfe0e147b6
SHA256 76ef1379b03d1cc367e0422cc4688a3a6c697ccee798a750bb3ed53bcd71def7
SHA512 6ead63664db520ff6acc5d28e858197a320353c62fcdc9feba089ec2b09df95b690ed72d67f7b73d658039478e694b6732aec65e398b0c130e6842870abaa190

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\version.dat

MD5 690b68b9b8a195563fe6c1ceaefe9c6b
SHA1 7c4dd29c2ce50cbd47cefc7ecfbd15c1c733b65e
SHA256 734ed6899d9d12dc732b50324a4fb93988118a1d6991e2c11cd330982d6ec633
SHA512 b0e5b534e674096904031b1541a7a46bedc3980a9a4ebb9f5a32835c90caa386438e60fa3a3c2ed9bab70131ce58402f183a32692fe0a3cf785c2208d7fac24d

C:\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll

MD5 ec9b045692fe77d349de3c1c485df14d
SHA1 07e763b7ce25cf5ef3f5563117a9908cd955e4cc
SHA256 c4a5a407fa5833e8d86aa9e941f485e076150546fc29ae64342258f0f3e56f84
SHA512 5da6e12e78ad1b7e1c9c4568761f358228c6556f6697b8898e3895a7462bc3bc78169ac656e5ecb26b1eb706298a1cd1e45d62ea5849c4cd7a751724074b919e

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\expapply64.dll

MD5 76a6c5124f8e0472dd9d78e5b554715b
SHA1 88ab77c04430441874354508fd79636bb94d8719
SHA256 d23706f8f1c3fa18e909fe028d612d56df7cd4f9ad0c3a2b521cb58e49f3925d
SHA512 35189cc2bf342e9c6e33fd036f19667398ac53c5583c9614db77fb54aadf9ac0d4b96a3e5f41ec7e8e7f3fe745ae71490bdcf0638d7410b12121e7a4312fae9e

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D13.tmp

MD5 3b337c2d41069b0a1e43e30f891c3813
SHA1 ebee2827b5cb153cbbb51c9718da1549fa80fc5c
SHA256 c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7
SHA512 fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D19.tmp

MD5 b5d0f85e7c820db76ef2f4535552f03c
SHA1 91eff42f542175a41549bc966e9b249b65743951
SHA256 3d6d6e7a6f4729a7a416165beabda8a281afff082ebb538df29e8f03e1a4741c
SHA512 5246ebeaf84a0486ff5adb2083f60465fc68393d50af05d17f704d08229ce948860018cbe880c40d5700154c3e61fc735c451044f85e03d78568d60de80752f7

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 74931da2f73b00a1213cd8a762274dcd
SHA1 7b46d262e8fadd0754656632b12ee2b4cd4ee5e0
SHA256 a92b8fb04c394574e7465684a0417d8aad078638c15d41422d78439bbd4c9292
SHA512 301a622472979f88cc97fc128aad083815ee62f2a32fd36f9664d01534b5d4266e58e67ba85b3f22abb1f3c239ffdffb3efa7d4ac6ac7e3790a9eb232190931d

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D76.tmp

MD5 54dde63178e5f043852e1c1b5cde0c4b
SHA1 a4b6b1d4e265bd2b2693fbd9e75a2fc35078e9bd
SHA256 f95a10c990529409e7abbc9b9ca64e87728dd75008161537d58117cbc0e80f9d
SHA512 995d33b9a1b4d25cd183925031cffa7a64e0a1bcd3eb65ae9b7e65e87033cd790be48cd927e6fa56e7c5e7e70f524dccc665beddb51c004101e3d4d9d7874b45

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DA9.tmp

MD5 a7b7470c347f84365ffe1b2072b4f95c
SHA1 57a96f6fb326ba65b7f7016242132b3f9464c7a3
SHA256 af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
SHA512 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

C:\Windows\Temp\TmpE5F7.tmp

MD5 653b76514491fc1916a0f5a478eed62e
SHA1 5711b6cc72bccc84c8d065f2edbe55bbe0bb8cac
SHA256 b23aea1601c81b14f022a9d910f5b58c98545f17edb39fb7739b887e7579b4a7
SHA512 6f76fd22e4f6a86e817e7caea4cb95e5c59153b4eb0b034da5a2b0c7ef09137b0d3278d68c85b0beb7ab436e147a94ae2c8876d8cce5b151ebfb05a6eb16acce

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 78763f3e8f526a4ba3c2ec8f8235d430
SHA1 a8fc53ec613b91c12a1c527739fdfce2c766ee44
SHA256 b1cd1412ecf7061716f083b16841945f161e4b6e5cdd26dbc00bca69918d74a4
SHA512 47bcd1d8cb741a9b67ef8ba2b458f6764d6fd5fa0ee1f18255bbd42f0baa29f85d5b3b3ab4c71cfe9f6885efdcdfa02eea61d87f7bce1dbaf05e7e495bf793dc

C:\Windows\Temp\TmpF654.tmp

MD5 af3bc4720e6fb282cad0dffb9cf1b5f6
SHA1 4844641445866abab12cde279d97a578f8eb173f
SHA256 614930ed7afcf72f6137197f89263b7b85ef51b34a4d5a31ad64943d4f8eef41
SHA512 fb43641cdb638887e81fa73b612c7150d2b42c2bf46f3f58520502bb6bc73b46645183047d84568eebbdab2e55d6446a610e2d533eb147f81ac989e0a3739cac

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DB2.tmp

MD5 699dd61122d91e80abdfcc396ce0ec10
SHA1 7b23a6562e78e1d4be2a16fc7044bdcea724855e
SHA256 f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1
SHA512 2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DB4.tmp

MD5 804b9539f7be4ece92993dc95c8486f5
SHA1 ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c
SHA256 76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b
SHA512 146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 4bcbc2aefe75a7a60dcead22e912d22a
SHA1 c74bb9d8728ce1d868c0925f08054898d5afaa8f
SHA256 0685fc312b12e812d9334f962b35522c8d3a21d3576ac3e42fe40076ada09316
SHA512 168ab56dd0c55508c56effde6a41d04633fbcb06a6302bcd42e434087f406b67b0af0dc6114793524659492babb8b6dc322ff1bd5aa0c3ca48bbbeb629dc10ab

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 d58cf00babe93e945e736ee6b10f22ca
SHA1 e30b4b94683892ac5d58822f89038a6476447245
SHA256 82385691a53c811eab5ab78bcd62ee13b18c548a6b904e328250a30136e111aa
SHA512 a39d71107d8941f8715a844adb55b2efab7bb4e2bd13f8178327665788097d3340234ad2985c017b0449ade8895fe01b7a00f3b2889b834638f2fdd9b884d238

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 4618193299f617803dbf2103779cd0b2
SHA1 bb59532519a525b14ecfbd503ed7fc0f4856cfbe
SHA256 d3527195c756aa1bd4d5de3b1f4d6960dbae7b0d547440c408f819c1748dbc04
SHA512 2ea907cf81dedaf618a31be0469a2c8a41500b71f5f8629c62741b8f6b9e6bb0335105baa31a764977553c07c5fc6c4103da3dab3ec41e930673db35d9926bf4

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 886ef3cf8240e80902b5c8f9f1a28e13
SHA1 41f6ff653f9f40e7350f573f028d439cf64d8672
SHA256 e7eed2d5f98cd5c75f7fd0ed3013147a18938d6fae3ed6c46babbca30fc2863c
SHA512 695376bc2a90db5cda98e005c86ab0c1a0e170ba518d8f7024c6a5c1499eafd8352147644a03d45294b20fd7b273385fe9949ba19bed0f9b01498f4261eda8ce

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 3765a8b6f6055c54c6ec75f3d8f33c26
SHA1 092e420c7ffc18206062503b1160080ce0ad8cd1
SHA256 6fc1d2ab96da8fc538d32ff38de6d528d211b2f34d211dbfa8b768bb13c7f2d6
SHA512 c41dab23f7eaf9c741ca388d93f321c265836d1a8316d9245bc0156422b13ea74a7b0953b726dd5f95ca87572d85e7e1b8f5074aef12d77554de721c1ab3aa19

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 b57dfb08cdc4eca229c406ca4510a8dc
SHA1 5a7bec1d1ce093664044c471a1c763e3ab3f34dd
SHA256 add085019eae1e4f7fb6d9d14997d6ee167b78f0a40cd3080ce6610885f12ca2
SHA512 1b70795920a6c8b05c110baee10b9f18681b8dd1a313442408db91deacfa84850dc22b1b3408615c7af91e5c3ef3baec04fbe8a5af9f407a533e7b981855723c

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 36b2b252fd0a1c42ec179bebb6b49515
SHA1 379c2bebcc029b430dc2063a32a075aeed59f1c2
SHA256 5db9bb5c45c9e34dcc7e4def7c33e21de7efa45c91a82940c45c67a33310601b
SHA512 95542f07f75b1ffc206ebe046f28882437796aa940f2375fb659d5a969376f5e5a0e56a2bb56a7b2cd0e58127716a54fc795a8ea5f6cc18f381065bb9eaec4bc

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 7fac255804eb916a0ec55e4b282554a4
SHA1 121f0a39da11b2f287fbf52c69c606922b552dd1
SHA256 fd58b879e37eb4c15623135c7bbd24c544f8831295388d80b6d2caa87c8b935d
SHA512 8bca4f66ea2d43f0b08fbe45310c1fd7965696b73f425da785d790855d84e72cc10d91960e0210ffe09aba001b4f052cde5d7c6b81cd5687e1ceee9e92d4b701

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 112b4e140ab8d357f7dcef8b29f514a3
SHA1 6b98839d759b01aebc87f3f550aa25b4047d57ae
SHA256 1bdbd51fe13572ee39d7ae59b6d142a540b68125be540e2faa7ef639b18e2836
SHA512 aa868b0d350dd74f4b5d9a0532b791394e81287e2265227d584b24f89a0dac98aa756fef1b216ff2963bf13b2734394d9817852050a6e69d04374f8fa418c083

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\813caebc-8e70-11ef-b70b-fa9f886f8d04.json

MD5 f531e0ca28d0f6586cfa98924606a80f
SHA1 d665a910ba4f2e4a801e0089b5d9690ca05c93a0
SHA256 bf46dc6a5dc8365de96b420aae5b5cc480bf78fb853634dd179e5fdd2609cc5a
SHA512 88d074dc4ff8842700ba2fddbeaa5db3b8d1097a2f1ea31fb2f76f5fa99678feea68c48e653f14fef0086383bed91026fc073245211cef32ca30f1ece6815a46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 4308671e9d218f479c8810d2c04ea6c6
SHA1 dd3686818bc62f93c6ab0190ed611031f97fdfcf
SHA256 5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a
SHA512 5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b2a1add47884baf4966ae6a191c9d1a8
SHA1 db11df5a5269d147c67f2abe2e09547bd08aa4b1
SHA256 20064ac3b9eb6b708136b43953cea6489b14e74921a31a34f695073c8a2a8a7d
SHA512 ca98ba2b0155d7e4c4844ff0f93ce35a362d7235ad7dc9c6dde05f21c52c6161987289e8969f5d1b1894296dc9625312db50aaf031a7fec23818fe38b9986f87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a2f44913135ab57158689773430cf768
SHA1 ad346509e43a2d6187f8b6a338640f510e70457d
SHA256 29071c5fd2dee8604d6a7558f9981107329f3f00779798a77079894c17aaeaf0
SHA512 1181b834dda0ea42fba91721bd514de3828fa80b8222678b9fe584170bf2005e3d2d3bbcc7f5d8aa039dd79493c6546c6840fc5ca1115cd567744ebc3734fd62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 d8ad625c3b6ebf71c6081a85f887e6bb
SHA1 379f10b8da67d19ab8ad932639a7afd4975c964b
SHA256 aff84929e57c1898ad3441f3fc7f850d903641cff756ac5a86baaefb33145db3
SHA512 41c690dffac3a8dd4cb07e61947fc8a0d966d46c6f1993c6cc3156dc89f34dcd0b1378e6afd60ec57859c27dd01149655cecd642becfb2bc986f351f7998a271

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c3d772ee65fb3eacfee4e9d2c8e52c9e
SHA1 051103bf75a90596914ea095f0cc3438cafaa7d9
SHA256 c48da42e21f9a12d9496fd8a9a99925600678034526e2c025816b7cfd30308f1
SHA512 3d3bcc6e2e0b2a63d814a2d7dff8639d896f39cc5c896ab3eadfbecc237e2f3798be32400324ae80c8becb9f819be6a1ee11772f5a68cb8fc34c99f5b44afc19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3edeeaded18c43d5a2e9874710e0f26e
SHA1 878e1f66895b03e6e70046310756be2a7bdcd0e0
SHA256 dcd89cfbb73100b152f8938dc5244a5e55a7cda7cf4b703d7e458400294b22a9
SHA512 644ba99e65416d9712f1bc611477e7c69326bcd6b51a986a0eeccbf08c33e10a7c760a192845d3381bea8df578ee4d21d75730c761f65bc5f944aa7b789f93b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 07d9dfb9e5b2d440ab75452f8869afdf
SHA1 5703b1fccf644b7d545493dc586f6f45c495fe0f
SHA256 7779b8699470d09e9b731c10d560f5c82b87ee5438f61450be8b779073523be4
SHA512 a187248c5edb19d3f72ffe5385e9924cc8737d3213da264e6807aa84c7609275adc46312a621ee9d54cc34f63c48176960dde5e6951edddf1d367be6bfa2c9a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000079

MD5 070a4ed814a1eb3ce6f40d5c5f095096
SHA1 6037b9e6e679b31ee5f2b28b5cd5cb8982bc7048
SHA256 8fb466b37ad64bebfcff27fd80f4b50818ad5fe6a12b0a326c91e450a21ccfdd
SHA512 44772a053c1009990c24b654e6da16a99f740c3c57407f54efd3b570d0932565b6faa5af19b094ac58b27a5def4f41c2d191f6dad1e185e168f4a0acdcef1686

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007c

MD5 6c2375c37c399ecc1e5bbab801e83b91
SHA1 3df6993c14c21e6a3d1892e2d23f9e66f0c4159b
SHA256 79a3c738c95d960e36ea62ef426f10605a7139ffb9332b9a30101d6e200d791e
SHA512 4934be4e5b5e046a89e86dc349b1ea1bcb76a48444afb0a31c3fecea9beb40c2f74b1a81cdde76204e9dea24a916f4e05d9298dac52b4acbe66b368d9c941b1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007f

MD5 199f79a72fa4db905e34d8fd2acd8b26
SHA1 207fa36cec7bbde8518de3e4df4237236b863b36
SHA256 d199ba0ba3dd14a6fc68c19ba649dd1edc37d6e3fc3ede0eee6d767c712890ad
SHA512 58ba0dd1b6955c1808ae3c5b0803a5cbd4535881946ad15a479ff37ae194e30e72b675d049ec07b25ca370d6902357b9b4d203ef5a541745d425e4ef8d11b708

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 02dc2bbb612e1b74fe63d807e692c29f
SHA1 0428489e293a6ed7bcbf45ace62a726789801fe6
SHA256 f79e28b377c56774cde57d25a1786f32f4c0593207b7b3ca381699fedd556796
SHA512 56752aa1a1798f2f2491877490891147461bcc037107b03f5dd2f72e60033cb2ba4bf845adba55d16e2635d3875c6f681e3416654bad5f12132789acc29fc3f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4e68ecccb0bbc1b74a9c6184132a5bd4
SHA1 4812cb240c29aa789013b78e4769e6a88bdf25b8
SHA256 060691e6e8c53df5682eaad5f387837c0a1aa0211a71676aa9130aa00f437d51
SHA512 5b656dd980b834c5151ef74f8e7b556208bb74c5159bc6a3b25ff0287514e8785cc514b54fabbe2a5d04e4677c2814310d563bde51614cb733a67c2a5d32718b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5d6a94.TMP

MD5 39287a6c28c46ae70c1d5bd1fc3e4de4
SHA1 f881341cad7302c8181a626a9b458ffa6c884550
SHA256 c8044d6d7fe2f93a78b47da3cacddf0e9a3fef6997a31ed550c3eabec679fde7
SHA512 9cbe61a46d0dc58c84b45f6731b3c5dc8dbc310946204b868d7130f1787bd983fbe5ff9d8be6cc63215229479d9c7cf31de4a6707d9a3681b868a6c1776f931d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8e7094c4-b168-4869-81b0-70f611f0e2fe\index-dir\the-real-index

MD5 4b9a1c34cebe60c567afcae967b9e51f
SHA1 3d83541eeb21a555f7a0f24be66a5de85948a074
SHA256 488db9da7620f675f3bd9672bdb4a254486d1a82043340c844f142b1507bd984
SHA512 930c563758f5b8e0631eed1855b46021f579c2296c0440d1e242d38d1262db35a3da2e3c28cbefbeee38a8a8196d0804538eb6ce64c6b030f485bee0666683c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8e7094c4-b168-4869-81b0-70f611f0e2fe\index-dir\the-real-index~RFe5d7542.TMP

MD5 230a5d822f72aef76ffa7cc2897cf2cc
SHA1 d7fa2ce4782d0838f063471011bca93391bda1c4
SHA256 78f5e180d27f0f2fefdc942121b8127e4eb15b81591a12eb6e205a3465085839
SHA512 d1b6ff7ee7ac14cc9151d8f40a3e1b90252b64c9e59ef249a6c21063b3d45a91f06db30de17774ef5d37520e909ee551b5a674609bcd0c401d4897fc88a08975

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000080

MD5 8eff0b8045fd1959e117f85654ae7770
SHA1 227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA256 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA512 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 af8adc373965e705351bcf54ec674559
SHA1 f4b1a43f7cbce9f7f9d383faa4a5aff8491891ac
SHA256 c8acdc731389f135c0ec8e633c0897f587145efa831f05eb5806b6ca28a0c7dd
SHA512 e950e5f5bb241b48ad1413535379b8c296198db6689b3845d9dde5efc5828b6c528c28e7953c28a39c0a1571c06bdd215ef52fa4b980f2e517186cb6d0a700d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2be96231687bec25a076e3d1227a7125
SHA1 349e9f88d17f066ce9d4ac28c78a3ed109efa74a
SHA256 931ba23967cebfa5f5ecddbad4d77bef90be74fd9f23ab4d7f5ca3a5642771af
SHA512 baa763ba6fa9eabb0e196cd5cabb33f5b873a3c193e05291e61a8037cdec0e45505e97c2c17561e4a134b9a781d7c69fcb4575c43b3a4ca9d25303179f50622d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 edf333e4f5151f38a401b5f2126a2529
SHA1 d7d25ab3be1b913afb13f169681c75b13eaa2ddb
SHA256 d647770da599e8c688aa6ca7ce454083e684a809125a8d5fd47182ea31c4af5a
SHA512 939262fc35e4824371e4b491356f717b521cfff49b635be7b0a56a25d9e345ee3f1dac1e0d47412a2241598adae202426384b79565668acc74cc57b213742de3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5ab34870-caa0-406f-9d3a-47bbba78bbb0\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f4939d46fc33241a8912e3978a42bc43
SHA1 0fc1b4505dbd8b1634394043d88955b433d82ee7
SHA256 00cefb686b2c148e26fed8f78687bdf95623a07919ef2ab9078b80155441df0c
SHA512 49a339325635d6f41b7be8e6ff722351cf499ea212913aa6e441a9b66e6fdc67c700a03d2ecce786a00c6561a978950636883c7e1d4b415ca8c5a82f6079e3a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000086

MD5 c83e4437a53d7f849f9d32df3d6b68f3
SHA1 fabea5ad92ed3e2431659b02e7624df30d0c6bbc
SHA256 d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
SHA512 c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008d

MD5 c53370008109e08c3e7b22a84ff1aab3
SHA1 1e8d9eb35d38953b54df0e96caf1a9998e9f3271
SHA256 2ecf65278668225f10f3a1c72a6d24223a1fe0a20d324d308633265824fbf9a0
SHA512 921c88431ed203699ca1e04fccd6407b5f2ce101e39f96b024738d170f8fe0ef0b6fcff280eaa551896179ab8192f4208f61e71399b106282491a97821808f59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5db9fc.TMP

MD5 47f63443af5584986542ab3a1a38270b
SHA1 30d745979728b73e52070509042b7079e3a5b3c8
SHA256 a4cf5c571fb192cf9e4bbc10f01612842cd53e867d0f8a743d15cc2e66eb3fa5
SHA512 fcbde4fea9c6f514bec7893c1c2483ef126d7bcb7c765e12a79d92b316220ac086005403abcb9043d696fda5cca4c0df202ddfd1778c44d81701189a9f045366

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d4504057961e4db4e9ed87e6bb00865e
SHA1 70efc148eeae6d830b42fe722107ffb54b491fdf
SHA256 e279111c153a4291530da23b5d7c3bf504012b32240088810da2751823eb3953
SHA512 59607370ad7e9fff337f21788b47789ec1dfe6808146d0c08b7b5933980be02d9538705741c8b310c26c4b5ff8754dbac89cfd567d9b25cc6ecfb998c1dbdcaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5d286cb69240d1c010b4537af307c2df
SHA1 9fe6da0a181f2e17a52d3c6f529048dbad77a44d
SHA256 db2e9d6e5347d8a99d5efafbc39d00357d92a12717fbb9339e39476584a680ec
SHA512 a3d1be751e5c3aaa5422c80f56fd60339dde625518024226227e5aeb8ffdd2f369445dfdb724048f2b9d6171ee44a3074042b79f5c4b517b06ee9143dbab99aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8e7094c4-b168-4869-81b0-70f611f0e2fe\index-dir\the-real-index

MD5 d9f7aaf27db021d7d0d19b86c5f984d7
SHA1 66b4ba44e7fc80d10ef43b3b063617c6f6ff5015
SHA256 4e49f07ecae5fe22eb45e898a85e91d3d71e8cc702b630f72aed6b65dca4c573
SHA512 50cd12697e5b5b67edcc6367f7ad50cf5beec0aa7cdf15415f3655cb25527e914bd3952c987317e89c93f3fdcb68b556f69f04d5d90863eaa9daf968e1bc6efa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 dd202a8fc3a65660e9ebee7a7ec85a71
SHA1 7326b73dc36443d5b79f2016ed4efe651c32cab7
SHA256 b61be59d2d6788c42a70bd71de38b35df85ff9302a01065339b5633afd741694
SHA512 695b8049d44d13c194d7d5593c522f399c63871464d50b400dcc62bc180ac3a4a75c910c7f1bb1c0440fd24525e31d37e49b477c86f89d9e38f7d28b7162a574

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 49e6e8840b7683cb89255ef0722de25b
SHA1 148a881edc7675ba23e402e9077e817e0b016ec8
SHA256 fe1a8ca75805ca6217bef9785e37c348d77d3040bbe42f9b707f17e4ace7801e
SHA512 1f4412adc704af6c342e82cf26d910a1e25c455d230ab14ef582e0a95bef60b87819d713a2beac0e741e9fc9f6f9fb007ca8ecec547198c4eeb6406b8264520b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 deee743e2b4ca6031397208868340a87
SHA1 cc61b3cb3eeb324d4da949af05c75adcdc6b9044
SHA256 18a19c1689cdb3c7097f35ce12c74a1642f8d7ef166819073a3bf3fb37e28003
SHA512 69b515af3cd06a50927efdc9dee765df2ccb94fc21eb11878b0da557fa194ad727e408ac055adb0dca52d869876d841a9c959a1a45e21271ad9fb7051e108c3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4f4e1c5ee57602faba7091cdb454b7a3
SHA1 0661155d15992da1f48ac161cfd29ade2eac629f
SHA256 8efbd051fe5be17084dd20dcb0f28ec7e6ae182aa1e8c9ea355044ed345889d2
SHA512 d0ab4c296d0f11b8352f1950c1f21e2610d7dde214e6f97aff2ede088e08bad78dc0de2d66db18d8e2a9aaf605b26c002a8edb0bf4e8403ca51a43f754145d25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a130c37f3c3b78fb8ce4fecb070951b9
SHA1 fc067d5c8b11fd442210c17700d4bbe4581b405c
SHA256 78ecd2e636e83f840088adfa89dd2a25be89744e72e4c1f76435136f6f958f94
SHA512 6d4b38ea08d96f142b20065b12cdd2cf35bd1b4640b99e8351fc96f151e39a90ca6a7a7cdf2f8dd6ba4750a0b97b19c543eb3b19ca8f88c8b2f19cc04eecb58e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009d

MD5 fb5b1be45e7d88169e362c848ed1f51d
SHA1 d6dc7f098997f761d1e99a55a9daad53b546cf68
SHA256 6026dbd187f864e3c446065eae3587ce9ff8b9196dd553c342fb1908b0f98575
SHA512 8abb63c32f0108754886faa80eafb8a1b14a3ef572c7cedecb08cfcaa151a573ad9e90f982a0231b681aaf212d6a704e0c72589a9004635a3ecac17d3ff95331

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009f

MD5 b260d9307e722bed876127066ba7e042
SHA1 c16e607f5092a348627631d805ce8c77cd00f01f
SHA256 6c4a06e11aa5fb7b2e8a414617a4246bc0ef99d033bf2a42396936acf26f5877
SHA512 6265850d378c5250dcec1cb728a1aa496239533257ae9b252fc81424747f0caba5375994d14fd7c62ae07ea586af3c57fd7bf3917c7f645027fd94043a1a9d97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a2

MD5 c0cf3ee0d8e9c832cbeafbee996bed47
SHA1 15d36c5263f4a999e8c2f6626a979540dff85ff5
SHA256 c210000720eff4a9cc08da70cfe3120e13e222664f8dc9a7c277bbd2e56ba6b6
SHA512 bc97fc0d6bcbc55f5663ec12aef8642f1f4b23ee818ba13c4fe35d593443c51327e14226ac957895bb6f9b2f79bbac7cfb6a487ae972f4cfc5a454303bf8196c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d336cb4f2dd693241cdf66b78db16389
SHA1 a20e9048652bd56d41d2c7a03a4e28712e5964cf
SHA256 535e87a82f592357598c51707b3d004538c538c21701a43906331255a1d685ae
SHA512 9ec4fae80235b81f2702f3e27d921931e8ac0d5daa5dc2e755f0bae07c6c41f083e963928913d41c7526d23e673973b05934f85e4b775929ac30d048fd23ac2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7f7424dd1ab48db16cbd065ed730d4b7
SHA1 c78c9c470f93f9e085cc53d3ec7aa0821676423e
SHA256 239f5412e32856dd7b854d6b1da336b4a3308b524f98e4637c1b01a3f301d94d
SHA512 09ccbf88e873a954837ea014e575daecb6bc57b2ae4dc8b6f6556ee03ad5494665984a4cbca8f070073c57d76d2523c5af3e51462d2ed671b6fe93cad9de000c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000092

MD5 8e22a049591590445f28ce370ddebe84
SHA1 3e9d70d3be12a7daf4b2d19d7e2ea003ef34e511
SHA256 5ac40d532c33fdec400cb73752419d95f8d1f142eca8d3cd4d2804d249d01190
SHA512 ee130e56a9c3b0e913935ef05df3c1be1d2c2ad8f3d327f7bf897845a19953da188d3217ec8f5c94d6c0ea01ca0015bb43709c1b0273c0d0cfeb177e44c35f0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097

MD5 be3e266808f1fe250445cb26f9fd5ffe
SHA1 07a6048cb6535d694cb6cbb5768e35a4ab6e9fad
SHA256 e374bf25be263760e5c583ce715150392f255038d045fae4199f9a13cc9cc03b
SHA512 ac01239c16115ba2a04e023daa4fdf58a9865145475f39c0ba16fc290f45fccabab955569add0c2dda9828605098f98aa838efeb2245bae3465213147f52599d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009c

MD5 0d40cc0f3824ccbde6c09c8beab40d54
SHA1 9326ea59ca12ab324590c3836a1351fa81780e18
SHA256 f2fbcd670a6128611eb271472b4f2fce414ed280bec06d999382dcd9626a2c65
SHA512 e5c62de12ada6ebda0b1389cc6f1624244d7b1c4229be066cfb4f8ddb63a2eb981ca571c0bc0f489f238968cd00362e02285268bb8322342f507284f4d65f605

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a

MD5 20751f9b982921e2885ead917e941419
SHA1 282dd851f1a192be4371697b98358489c6689c9e
SHA256 c7daa645a82277c92bac8e56c72dc97a6fdb71295d7907023715654196ae7315
SHA512 12220723a5bf42f79daff5fa30010bad1becf7d90c438f556d6a06e340e7bdc7f116593f6e30dfb42f65b432ca393a22af3f351ebe620d4140078dbedc63e62c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009b

MD5 50f7e04b97088f3126fc3846fe4c0c39
SHA1 2d67a36e97c91c251e0da221e2f62b0926b43eb0
SHA256 034c64d4036e10cc9a877dd10c2f313261539322a4a8e79e1fa497cae8194199
SHA512 9312d5500f288a35b015308776eaced47c193173247268445b4a7e210b84485dde3e78609831fe0092571d953a65084e39939e8202cf3e4643536116509679fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009e

MD5 b0e9e0a1ee9ea7227c7de9b326b92746
SHA1 e99c34a4d38dc5f9bd6c275de4b87be9694bd3b4
SHA256 d1c2846c6674f76d5a21e2f54f64994f6bea41286f27d57c4d26a0ae9474cb09
SHA512 39ec30ef4a70e9f460fae634628b0653ed155ecb22e67dcfab3c21d0aa6a17ff64a194ceb2277e358af9c83806f0ba4e2fba2aee88204fa9fe28b0f5f1593995

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a1

MD5 bf899cc5ba60c522341e4d712a5246bf
SHA1 2c92c54c9919c8b81b4e77a97bfd4d8f202e1a6a
SHA256 4f8b9bf1630c24cf17444ec093052451c370c9371212db74b4bf8b4fd71a2817
SHA512 05a5de1ea4be9424070376fcc53916ab8bae10c239a5d1ed2c533b889b067daae83e9d8386ce0390adcd9ced1c14a436eaa7f19287f23bba8273afce87ce9968

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a4

MD5 857380bdd608ccd7a0487dadc8712109
SHA1 f1f0693f09be2fb82818ffc390c812004c465f77
SHA256 5daaf19dd0820d8cf8f1aca4fe3aa343e5c5fb67b166a2898d9d097ae2b4a92b
SHA512 96fa6298ee7decd7c4bee42b8012bd4d5ae0d551fd2c8ff2817102c9a8392d905069cb8dbc92853b860b5715a34f829a862d9a361eb5af676e9beeae2c3ae26e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b1

MD5 2e5e9c1a2fee624e54e5b587d3171ba1
SHA1 6cd4cebbad91160cabe6decf75ed95c201efba74
SHA256 902c6abd03c47ad692fb87a6abf5e435cd5414dbce04b09fe7cae57f678b9502
SHA512 76c3b74c4060c406b155ff04c4328caccc641fb209f5c78e00107d8c0c0bc2c436889c08fe6ef54120583625d0c6499fa432662f8d34f85b181a27840c4415e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b7

MD5 9c6b5ce6b3452e98573e6409c34dd73c
SHA1 de607fadef62e36945a409a838eb8fc36d819b42
SHA256 cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA512 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8d4e9d69ebc3e51e88f6d0a8cbe6d907
SHA1 68558dc84addd0e203fe678f41ad41b83f547ea1
SHA256 9799319f020a57e10a67cd4ec661c03bbbb7923320b544c3f5abbce103359fdf
SHA512 0e109449a38e397fe2ec3947980b3f0a8efde076f81fb1bca5d7db1ef8a90343deb6a623c2916a20f11c48316583cc2a7e41713f64ec631fc34f6a72a8176603

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 86c7945066eafa36245bb52a7eb1724d
SHA1 64b6a771111d92c06f0944ed9fcd11ae09ed05d5
SHA256 349cf3e8bfa188e660eeacce05fc330a2c7363851589e4c9fde38f7c0b40735b
SHA512 e83314fd79372d1bb60bc560ff2a3bc37d8e612afdb7d30c6066b4846f87c61b1fc1439e9d9822ba88bc642fe4af879146ace5e5329644907b36dfe163f7fff3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 05a0c43f2dca0aea626b33b0f57ffe88
SHA1 5192ac4dbac3c5490c1c7ca2fad92bf227b61435
SHA256 0ea41cef0b07aa96449d0ab4ed3d8980070a152cb835b1dbc329d22ff11d5598
SHA512 12f74cfffbe304e4d743037b2976526f8df64468badc0183fb793483624913dc1d447129921ecaab598e5b1c04f71217b7204026af57a94a0c46f551eefce24e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1ba000ec2cec543c4e27228d4cd4aef8ae1e8408\f828c7f9-3877-4ba6-8429-5cc266c4f665\index-dir\the-real-index

MD5 f96f9f1b0c5f24b0c43a6d3de034d879
SHA1 01fc0520b541f8368d19d4f870b2ae6b049b68b3
SHA256 400a721b860bbb8735ce4bde218e440c0dac6423625df7eb6efaab4d6f3a3b83
SHA512 b1efe1b3e58700db37e619438f6e420259f375183a4b3af993d0c64c1851af23023e8093daf2ed267f67092d8a2f7ca97c86c64a49dbf97ccc64aa4673030571

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1ba000ec2cec543c4e27228d4cd4aef8ae1e8408\f828c7f9-3877-4ba6-8429-5cc266c4f665\index-dir\the-real-index~RFe5e91be.TMP

MD5 d7d18d115bb8bdf3ee07cfe598f65763
SHA1 bbd604589ef5360cf80402da2128a0501cd83e1e
SHA256 57834f5123160ed8ed8dcf7af490ed9d3f3aa751cb074e3760bf1274001fbb43
SHA512 0687886b82c5ad08b0942532c88e8f55407ec944bb55dd9495b41371dc571921e675dee44882e9981a9c58b742197b94114d7a5dbc8a0bca3449ce6c1cd27fea

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 62ea333486380c861e1e961e3e9ef736
SHA1 bacc6d238e495c6c3abdb95878f23cbb01230ff9
SHA256 7d7ee338737883829430957d519d1ddb5b6056257c891f51649326a4da04e2ab
SHA512 09f0b859ac2a4dba1de5526ab57de0ab9f72ef11c3900469f4efebea4309003ae0843b0cd8b022854d87d3e296af2462d09de40946770e085e9538dcda42b42a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1ba000ec2cec543c4e27228d4cd4aef8ae1e8408\index.txt

MD5 310e55bf531349c1b80bbf33bc942890
SHA1 7d8c1be418015c81656c635ea9e0a6618c19f16b
SHA256 30bccbc41ceb244e2ef0ed252e8e6be591951ae25c14a064996babc878c17c31
SHA512 3d79b76cce2178e8ee3718c76806c9e4c4145c26775798514dd9423620b5c16a089b527e3c04592f775e9ce7fde396052731706dbf55ca3d73740c63d1241beb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1ba000ec2cec543c4e27228d4cd4aef8ae1e8408\index.txt

MD5 25c2727ef05c6b8bd32d244f5f76459b
SHA1 47fae2f6a372a538e2540df14aa72f89a5f50d8d
SHA256 bf305a50a7b152cb52715642a1abfdeba36e8a23111facb328fa39249e313bbf
SHA512 209aabbe92e3965459ee5bedf3dfcec2370d5e53a0904569815649fa31fdda124b366dd74cf9364bffd8cb6c2feb73b29d8882927a6319a6c1a00ef19da68033

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c1b0dd30d31a5b713b0dfedb786ca163
SHA1 2e69f03f0bb086f2384c27768064d77e7a24ea3e
SHA256 e5aa36f73ab6b6af0ddfdef1613f32cd76e6f3f624906c10e0d99e512bec6f74
SHA512 60a3af7c976e902142e3e71f4882e44ebe8d2d2c0d9c3081ea12e31212ba1d8dd22eee97fcc3129542b2aeed16ac46f8a5a8f70688430e0158b1416b84b828a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

MD5 252db6c0a42b806698101685eaa134eb
SHA1 ff968a29149b267eda389fd35fbd17ad9ee1089f
SHA256 9726523b0d02739ab53cd3d39b1b2e02db276622c2cd34d8d341920f349c4a80
SHA512 ff0d68285b3e8e3ca4232e95c75f83f345ae627f23875a91e5ee7bf6c5bf535dd39556757250190654d2ad810e7277435401e84548695e8a5f217235d19c0cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

MD5 cbe846538243a27161ce63434d3de384
SHA1 3183cf9d95b197633b20dbfbd5a64484e31d8cad
SHA256 7391fda39c99809f1e10beea8853f14c0e1a9a972aaab26f7e3d1fe58f1234cb
SHA512 83cb095377f3b2b2bb72860ff05f7f734701242c46c0241bb5d0d0480e3bbf156ab7e9b854ef3f8660a6cd7ceedc465456cfb99f2ff50cc7331e4837316d1891

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

MD5 82eaf53bf8be665470df059769f4319e
SHA1 e3b3edf88480d079f8854882c8a960cdd9e5d8ec
SHA256 4eadd4527255a492fe19b9df9f20d7b33641b5049ebba1a4661bef0b91598e69
SHA512 cf1dcfe857edd8a36428acf1aade17b9afd78e01f096c3ad8eddd7ddd3353942d77ab2ec2825163809e54ca13fdaf06e7baed5ab43dcb2d84e217d4a2557d082

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03eef0e77feb64d4_0

MD5 6772f30f6cb0fa11773da76c69430998
SHA1 a7c84f29bee00b3e94327375519357393014f950
SHA256 d288c26d5e36c585e37789b1482fd4716694935c6c64a895508a1917e9268ead
SHA512 040878c81263cbfbd6bf3338bb87e76c4a3e8961fae7605399b370dc14f8dd180a227de95fbda77bdb50f620740b3710d287d01da6846d3cb03de7c0fe87b1d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

MD5 82b585f739e51109fb9abe4fb0a76215
SHA1 40a6c57b4651876d8e49734abe852f6ed4b251fd
SHA256 5c6e19e7bca6f89d3a0baf7bb11c0a8fb924bb25aa848665cdce2f7318cd3b5e
SHA512 fd002328c3f18a10a386049f21cf9c2ec7753702268f4328afed2c855f9c75b18d3a9d828ed82e55f9ca59d09f86bde4bc5b7ed96f7430a652a30e6407daa81c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5801d3329fb36c59_0

MD5 2a5859b9504db464ad1cd00b0c94fbbd
SHA1 daf63f3fc66b5f3e0ba8758ac0d80ab12ba70335
SHA256 203aea44e731b106a84a3cd9a6f5bfb17fcfea215a0a027a9fbd48a8b2afb465
SHA512 84d24e854c8da3c5e3bcca675d984d5408ec7f4f41a966603e9654b7d316e1715ffd7dda25de9bce6a03673dae0676dea8e43d5786981e2bf587596592797ebf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6aa9a2943612cce1_0

MD5 67e55ea5c9732e32038738d466e4130a
SHA1 7230045b7bf84747d06169a6e5e5d9e569e41264
SHA256 bec3cf7618e357b687c49fb8fac15e057a0301fc422c9df75b1e3aa6a27b183c
SHA512 a63c17b7bf28c8adef672e2cd5eaf158e4ebc963438b5c3a336b3cef11a96925934c80d8cea494c15288a4954ff07b0615d472ee2af8af3010979a5e7b724165

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa4ba7faba93e196_0

MD5 b444c90f0e723ddc5a131a2780a8d434
SHA1 c1ec11463589ead57d53022379daddc6d5f1c0a0
SHA256 3cd15c67bedf24d08d959d20b510a07b56bdc485936bb055d6f7840ad151ce8f
SHA512 8aead485f1f343675b6a49c352fab39d7a8a99afa1a96b7c0fed31f8b27763b47e1a3340904c7ac859f519905eb8c3e49bfdd879d9626ec85b1499619d68a4ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\580fd9376c2d4a3e_0

MD5 3662e7b197ae2d3aed132cf66db0f080
SHA1 eeaf21050e241caacf63028c995f5b7263d30f47
SHA256 80620785443e3afa49df1ac592d43026e409129206048c59af5d51b8d8028079
SHA512 9e375a453cba72c2ac35243ab0dfa2610bfed853c7df4b9029e13c12584234661b891854646367472e10f688bf73e32d6ab4d94b4987fb001eeec40b7c66b189

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a994fe24b451732_0

MD5 fbd4190b7a7019d4430914c022795d2f
SHA1 274821f8efb1d001292c36334bd87b465cec378c
SHA256 75ccd0a0d0e492abb27ab7b96beeb14911982b22e42aceddb7e1666fcfae22a5
SHA512 cca7a1b0cec0d4eac494fb1d68bf0f442bd2e29feb6fb1fb0b1a32e1e78898905fe9414811f4ca60e57ba3252d1c89afe2f3399f92a08e65de1bd6de27133cda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e1427d19ff38087_0

MD5 28e7656a798720d49fd0dacad35dd9ee
SHA1 9952be7d2439e91fe55bb9d2fc07638a673cc17e
SHA256 4c314bb9825dba9e513ca3bc91671ed2d5d79ac7eea303694264ba2e55ace0d9
SHA512 7a2a6fa24c4777b0faa8ef00d4f23ba02773d5ce13b3c6ab1e529b037f50b75c8daf45b1e569f5761b566fb6fe770b1a17d3ce486e6f1186ee1f3271e7b40c3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

MD5 7fe9e27d4b78dd3994b5c676bfa57a4b
SHA1 94d6df0174115c2cd9b99a6584965d11f48c801a
SHA256 81196a6e826a08dd58f10499882e234cc391eaa82ea73ee8fd0b3f93e462bd1e
SHA512 3d3f50711d073cf4d3bb6009bdbcc3d266cd92209440e57d95b9b432154d44f4cac56259c1f0c7a9251e6fab6aa8afa69a7ef5f83e9d7cab9fafaf5d095cd642

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e52aa3d5be04b7d7_0

MD5 b60bbfc68d79f51d2e5539f929b7d111
SHA1 7fcab27380bff91d95a60d236b042d14cd1f4447
SHA256 8445de575724ae6da5f947aec77dd1ee4c00033981e55471216b759acb21b168
SHA512 1e5bf1e2cb2977fedf0ef9f56e6eeec485876b14c5f6af83d3ef71c39c07b847d81535275e9ec403df99a80cdbf1ac133521d5c2673a3ce3ef222f2e575f10d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54c70e8d154012bd_0

MD5 6f8c5a953df7b5e4611587ef71d4ecab
SHA1 fc5d7d41a8fd9609132c3220590d372713adb8b1
SHA256 683ab952da3cff2ffbf2f873d6c4adb00469470bf9ca12362e14d86e36096589
SHA512 89ed9b4aa1eb284de42e7bce85093fbaad9c1c23f3342e88addd540ee33975d75215faf7e5185f3d891553324aa81ce4e745b698cd21668ea8dcb291ae8902ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

MD5 422609ad3faf588add021fc737860739
SHA1 37e2c7ec1883227164f31532e3fd77e881a657e2
SHA256 ce8543ba15533aff8716137e3d8359e021709d83e6c1e5d759b1830cf44950a7
SHA512 ebd0a470c494ca63b020e91526b05bf578bf1fd7150f17b84b395a9ae318060e822be3fdba8a1432d243fd8e54d7cb25be69a1b1f04f64f539d753f15cd55f37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

MD5 defc5f5ebfe7aeee8f76acc1f6260cd5
SHA1 914476b61c2cbbf223b564bb68dc1b7ed2e0c13c
SHA256 94f4725b65116b116ac34c2d82d2ad48009fd2368f203a8135d7e19e00a01b9e
SHA512 330380276437eb2bb3b956935747f7a092c1eec5cdc4a2ee081891f0dc120e9d3fec3c394003c901afd71e0922919d03dbb3f94397dc37eb46865998d1180855

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

MD5 66438a1e1e69e949e4e9cf5fed934960
SHA1 4aadd62984c33e3dc92282546f41c3c2accbbc7d
SHA256 3de62dea24e9d0059d6056843e330fa758070964f926c740203e33307ce9c2dc
SHA512 46bdc4ee88182401c430e61905487bd89547a7f782d961c198be5c9b7386549ede3c0595d2ebceace287664f1311ff5c74fc48e0ae454b9dff1f8ef31cf5a8c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bdabfb585fe33a71_0

MD5 ade926bcda60e311dc15336a96100411
SHA1 02264972ab4a29610eaa6d3552c86457a57631ea
SHA256 e27114f3e1a1ca9b3f4f4d431ddcbaedbfda6629b68d962fc00984e457d842d1
SHA512 d498c01b34b49e787830e0762003bb96129df5a4756ee196f173d6d36b6974c2ebd8f33afcc4c2eb506a71a0caa148c93832ee2b5822324b24d9d7ba826feff8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

MD5 856401327c168fbf873112db623f4f8e
SHA1 0720fc822ebb5ece9f1ab9a21d906e55eb0b0dd9
SHA256 46c51b0e337fa147cc34de5003273d19c5eae3bdddf27528cb2b7cd3ae77e6b8
SHA512 17d377af47a2eb1a74bdb36e9c98d75061746fc1ce2159a764cb959e83c995bb7261189676a6752021d3180c04fe2f4b1d723e4303b016bf3883a052992c0e8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

MD5 1411ae51f8af399a7839b752dc6db4b3
SHA1 bd0f369decf6e92cbefa3bca4304ffd48f7831d4
SHA256 d71da6b87e4a5e1af76615cbe759aae14438103355577ad39b9318fa6bc64bcf
SHA512 b9196d450976ec079d467358d5ce78b2531644c9ebac6c5b904dcc8da199eacb91f528864721b7e39aac737f5aa9de403c0c0404299f00d922ba09d35bd1d4e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

MD5 fab0b4ef4a77093d9cc52a83cda7f31d
SHA1 ddabd7506dc27c08c56b383ab1cce39c7b4be4ea
SHA256 ac0b9ed6344829285346da6f2a41f47d14e1a4817c348c7faf89745fa6555f7a
SHA512 e7868806f5a572a72d52251466f604531d93d982eecff66ff1bc995c1b7d27417b10134443b6e43f25d961f03c6b14745fa7a2913db1d7f049561b5403b3bb0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

MD5 b6e52fb9ba3fd83a159c2921bfa5c8f4
SHA1 15ba97cf63ab588b604138f1ef84dc2026bf0884
SHA256 7baa6a0794689202d82e3762d4e7607e207f471a17e05626133a9237398b936a
SHA512 dd5bf19ccb9ebdab40a17c2008ee0c04d42536d6eb87d8003634ca8a1bef94580eb324d1c513cf6da9bfcf58b177fccc463230ef3fb60df3f24f58ec9ae2a413

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3e82669a81c981d_0

MD5 31e29d4ce6169b6aebfe86edbb411aac
SHA1 0681ce87ccadc9eb25e5d89ee7b77d62848b1e84
SHA256 2c0515841da89a6a314d5419db855530c8d9b09c12aa215a2632f59c329b493d
SHA512 d4609e900032956661ae249d9f4cf8b3416f7d0b64b48e8384b5a975b4c80ff62d6a98fd2349681e3756c4932d91ccec23c6de51a697c0ffc64549933f903de5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e4f85019800026a2_0

MD5 469488a31b1fcdc64757f0ddf6a227c5
SHA1 dc8e717a25fa91ddb48fd78ff9edbc7e561a9839
SHA256 b941c86d35476529f1f2ac9cc3282f22bb3ce1572dd70b23a2c7e728a9df4235
SHA512 4abab9e27cf2f0e76cd370d92167ca30a0f59e8fbad20b69685deabc3b8f20e80b9dc987e59ff386879e148c3e328a6b313de634e9c4799902e33fdc3e062258

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

MD5 6374b7c685b018d99363bb9f9d89daf9
SHA1 219e7a17ef48fa7daa21038ad6204ef9dd04ac62
SHA256 7948e7a4394cb9f8d91ffd4bcb05a3dd3b510e6d30d9d7ccdff92d61719f6046
SHA512 9f6b39bb120482067e815704f16da1dd2b203b9d9cf98a904b2d8f4f6e37971dab19312c49bf636a11832ee09709b4105faef084db2ca13e581bb4021cf6bf17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0

MD5 b4702b1706c300ff345b7e19d53ac40a
SHA1 5c65542bc8536dde533f13d527fc04a29c869060
SHA256 5c38519fd9b7bfc9e7676974383e79f250200903ae74a046f1046390a3216098
SHA512 183de098886937f60057cb8831f9d20ec8d22674eac6a99ef4d7d6c719e3ef7eeeb2ff3e5779d6f5d91eb6a75b786b353378625df822c1172c56d6a6ef6f795b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8908012b8e4a5af1_0

MD5 99e257d2f51af4a515b6f70dc7004e4b
SHA1 88a41e27ecd9f29f0422f393fcb5deaacd21e58c
SHA256 3725a0534eec33e712ef1a90a0dab67c41f74bddc02cac7268946a637c42609d
SHA512 679f02f1aee2f4cf02565ea622d1e13823a89521167adc5835061c147b39fb13247f580b599d42feab55dbd375e17dbdb812170d5a394a35e7dbbb6f384490d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718aba49c9504085_0

MD5 2e6f2401964e379ba63e2d7026f04228
SHA1 54b834a9cb147b65c06e8e2d8168fea695d854b6
SHA256 1eaabc28e961c32826907f4a29ef22b13c569abd70d3b88e0ed2695072bfa0be
SHA512 642ab1ab10ae8f97201506b420926227317b8e7b8bd6d0c366c9c08501da86f1f3d994fc055ff7ec6fc0b31c4ec1de2a36c6f0b434c9eacc83bafbd1fb3d33e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ec4b11de0b23393_0

MD5 5235fd4e33e4ac8349194c0da92320e0
SHA1 b11d3912d0296f00cffb8d83e97f92f6ac6358f6
SHA256 0804e63333d8cc7d7e6ca0f059cd4659bfe43d73f683d62c40941f56f4351ef8
SHA512 440c3ee9fed8a91b162fa10d64f48ec3dc2fceaf9a802d437505adfe53c826d54573cd31f76151cc0dd81d6897db8dbfe6d32cb842c5c0c586144a41f81b083e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\476831ba582729ec_0

MD5 d17e78f6d6fc42cda6bd7e6d1e90ab44
SHA1 0b0ecac778d88f227af0cf0eb4d262f329e39583
SHA256 7bfef8df9f34ff9956fa149b7be267e406912a9e6ecfb9a4f638799397604518
SHA512 64a657129e4f46dfc23bb4b6257bc2e464b9255322190a2ca634ec7e70b70b90faa92a018a7f3971323fd2711b58b6d956403aa384aa4cf2ff4f911ed96779b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87bfea9426cb2ef3_0

MD5 1b91c8d9e6db0681593bdb4c8de4e90f
SHA1 8fbcec1620fab5d2905199f30335b82442125a17
SHA256 aed1cac329baa75b4112bda652a999b51dd6f6e5cba5e3ae06c0cb4143b35541
SHA512 f893edf1c7369f45d508b13a9a4afdc4eb9d0233ba157d6bdec20978ea76baeeaacf670e7e5d247ca59203057f611a3c2fe0d27e183780bfeb0c94faa18cad92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\534ab76442c26020_0

MD5 53d1750e1a9e00c358660dd777971f9d
SHA1 aaf9b0836512adb9e9072f9d5d8d03485f687745
SHA256 aa847eca9b52f5b50a99e2e9585c36f2aabde769a269ce14ff98425816379290
SHA512 9f00cfa9bd7d4ca8208d9edaeef5b9c16f9bfe6d22db85fd5221b8d47bdf9566729af5eaa3db39f0b5d4013379f7120b531ae0eca745c60daa21cc187c49b70c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\81764cdb356c9506_0

MD5 87c90e74158995ede3926faa65b34473
SHA1 931829a3083d75f784e51242fcb4ac6776350c7f
SHA256 beb38d0d17c192d86c08a1d754b240ff7ba8b68d1f5af1b2c0984add14f00e5a
SHA512 e66ed19f77db56845fb6096ce354de98d62f72d74607642c8d75b25ead69df814c553e186cb55557a0424b600511bd659feb6cfe96c2f6b7d76a16a5a4a3f9f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

MD5 50f692e6b88eb89229afea6603718948
SHA1 6d0420f5bdc8e3a0fc60fa230599ef2a82bf0e8a
SHA256 ce787fd52225299d4087d40241f809c7f57d0ba1737a6e335b797941755819d4
SHA512 17575c09568941d19f018a6ffc4bf0de12e03ffa033cf4827446e65b2397ef380db14d66af3fd4ebc7012a2bcbe722cc7a5d3e7c15b197afaa7a5883a878e744

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0a44ad51d1ad22c6_0

MD5 3b71fa6986957989beb07a9f32fd34bf
SHA1 8f20fbdd0c8de02f923bbb391c17b40bf0878cf1
SHA256 0013e8425db517c2f3c9c5fd43ef973d9d25bb811ba4a38297a868b68e3937d1
SHA512 69e48236de8f6c96e93af49c2a8af1d10086d2cc2cbd16bdb2ecd1ad49e99ecfb76e059f66fcd909c195ab23c971a4d4387ce89d046851d13ca1b46d20c3d4a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0

MD5 8df56977f8f5b41883f154af9254d943
SHA1 8b0303bb349993b0d2b313b735cb0c97c5ec31af
SHA256 1ce9421fe8efdede966f89f8d60dc98eedc17fad811f7c85b4366f0bead9c034
SHA512 19533f74c64e40bf6c7f69b41e70a8e7741512d0f4c3f9b2fceeb2b6b58430223f09185335e73a0cb7706ce65df16a0d26115ea4e9d8f275dca0bde6adde67d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

MD5 6853b9b7d62fdaa630aaff7c75892fc8
SHA1 db8cbdad1ba57cfefccc1bb1136722cb157e1d15
SHA256 cc011cace9151e4a0e365575149608cd0f0db0535e0d2bd4eeaa9eee85d80def
SHA512 9de79260b0cd0c99b7401f878b9ebc0cafd0d48edc37917e462bb7f24635da4b5759563a99bb61cba501026331f4a4c115ad50edd9760fe5ba9b9493a2111d6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

MD5 44e2c96c48cab61e9c1dae8787f44fae
SHA1 318927ccf98d5c803a6dfdd4a8224a237b4d7690
SHA256 452f590a9b1a294ccb0eb54fe14b470e3ffc604d7789764b2ba0c3ba8d3e0406
SHA512 522fe371a93c8a24191a6d0280c9c5f212194aa0b885320aad90366886e911becf8ab7f7f5bb9203ec291f8d24950f6885f12c96407335115feae43664b15c10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a2bee1f3b78bd157_0

MD5 ee6505ddd3eee8db9e1027d28f961bb0
SHA1 d1c492ea66cc6044a6caa59c715f8becf5245871
SHA256 aa4750c637c9e78255a13794af365d5781a84d6c130f6334be94dc4f742b6200
SHA512 a43667f0115cdc8097286529f2acb1ced9cf9ea8c65695aa6a4bb870197c59fa25a406561974efea0cc2b6b62c091f1170eb2f22630371b895316d5bdc979c55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\de4c4ec7d3f8d6fa_0

MD5 14a8b7e5d516b1ec2490c16cb3a7c04b
SHA1 e64cf70dc2eae58a5b02d652b59e0fde0a180bce
SHA256 f3138b7c31a2c0082e86345ef49d6bcc85cca5900c809e5499775fc54030b4c3
SHA512 e1d77803f97e98afecc98babd023a1e42b20ff312abb85f8073aca31696e81a5c7790bb3caf0d1214b59249293e1ee0e502c892bea0130ee636d0d59df473a94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\273820857948f45a_0

MD5 abed4938aafcae19651ef94f029984a0
SHA1 9b0dc1d79b50144dce2dc1a375e1a86a3494dd3f
SHA256 e1148dc3e58e88cf93f65cd679e0469ffe023d4b0d54411d10f79c3cd85fba19
SHA512 4348fd14361633ced0f450e0f825040f353d4fea5611f58ef69f41231f3ba55fab36aba0dfbb70ba08bc55ac421be88928a9e3fadad1738350b67e8ecc7eba71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 979bbc2dd613a71f1ddfd7068d4f9bb4
SHA1 7751993525ab5e9a198572038a0d749615936499
SHA256 e8df5205d405d1942cb119e902b2c702a0c3ee2cf8507d5896ff87295450118c
SHA512 82ae3e4e773886e354c7f8913158b40ce3290a9a5c5e53651773597283a524f213086d5ac0efa74fc711172a7f7f23799a0e0bb5faebedaaf1bdeb3217ea1b0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 293afca9b69b94856812e78b2c6c75ae
SHA1 14cb58e895156753f8d4b5cc2c91a37b8133203b
SHA256 115e8a94ebb1896996712c29e47b8f3f3c0bfc11bda312b61570d4f5b8fcbd26
SHA512 06538605c87d29823c187e7a61c0e5444994e998e7db9305bb34e451809b92afcfc3ad34a30319a9b599c4706cc70e6ed4bd910a9c355d7a8203f31359357c89

C:\Users\Admin\Downloads\Smurf-Wrecker-CS2-1.zip

MD5 bda75d408baa486650e3404d9308f52b
SHA1 ab99ff65e16e080bfd96e635a41108e957d8064e
SHA256 bca21c225dcec1def826394e69a1a8ae36d40c77962175e712eefd8416fcf601
SHA512 bbb7f445ac76cfeefabe2f4a85027983e747941b02cd1b0a396d28e80ceebfbca073c12392d73eb88c3fa03760801ff76e549954fda27327859a0f88c1815119

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c447038a5048e3c200d2e831d2b315b3
SHA1 59529c5c344b10c0eb55f8c25944455ff73f472a
SHA256 dc83bede897b06fd0dd048c7ec751ecd16c7c52a82eef0efc2a32878eff6de39
SHA512 e0f8768e6578b594c1d661d281528550aa77469be156b4581f5574f992916c2d2f2354542f9dbf6fe8018f86fcd4a3b879e19da570eeecbd03e699f60ae9e32e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 aa8586e0521f84fe7601dfd60d261d3b
SHA1 5fb974bc850e31936b6cac1c89ba4bb57a4c9ca3
SHA256 e191e5a68113e43a1ded38e48c9fa8a2e914bf8bc194363e6f5d4802824e71dd
SHA512 04fb921c12ef5b6e1e40dbbdbef3c35af1d2529160e7a31c1256cec256acce096252f354eb94973424576bd366c2715f17f9c772d6fd31a681df5fab8c803d20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c32303c63d3d15bf157687fee55d2378
SHA1 d7255805f557c1355d1b105d959a3c1b0076f839
SHA256 6c4adb18020cce84f15a849b738872dce95c13c93053801d746d58e58b29fbae
SHA512 b4d8d4383e6970e66272591336abcd70e92c83d5595a0a8bb38686a68ca398a246b41dcf86f5f3162aabb49e40bd6e8803be2288eb396c77ccd951d03f484ed2

memory/8616-7751-0x00007FF6A0400000-0x00007FF6A0825000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4cc432312b3dbc34f06b5378d99166c1
SHA1 2265bbd8f4d0602e7f6ba68631f307acb851b355
SHA256 8c06c9e542c014ce9b1551c2a624141d806f5af059263a1d231dc279acc329b5
SHA512 79b9881ac378c38e5c39eabbc29babd8d86c998de2099910e74154b2901882ea5f1c0e85ca378772918ba64a8bd2cf9aca27e04fd6c26ae7c6f258c77cc3ec3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2b0c58fd47f0647ce827d174202b92de
SHA1 39f8e2fb7f5e33c8802c3e38359f5cb0d0d71bd2
SHA256 396dabd4ab872f7b583f949af427cb7b590546d232488b201f14a03f0ea431fe
SHA512 14f26f144203a91e5fa4f32d26223041d5e407ad6c56b0ced4147df45aafc7ef938e80e3cd46c71f475c51226b5fe04cee6cad4b4fc822408eebef6cbebeae92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 530993a10d1691c0102aeb30b6732355
SHA1 08cccdd556ea94466aaf4afa4fe595a6356406cf
SHA256 296e1cbf53d24b63f804f8523e350fd4c7fabf327496b11c7e57654e477e61fc
SHA512 2662a62b69af61912fdd4c32e9bde83b9c7c95dfeb6bfa0c347458ebb7c1a97beec84f0d746f8d666f99e6e2e244dc2eb9e98f4ac7b9d6807ab6aef824691f81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3b2272b742b8049f3c380e4451c8fbc3
SHA1 a14ce12a3f3389153e7aade74632f873eac34e65
SHA256 4c2d45b42f5eedad761c7a13136a59572981045cc8669f00e5ce02389c1f49a3
SHA512 cdcc2110886f5b13fc2c9ef66fdaced2e56767bba668f962a9c37b46ae1fdb61f7e59eaa58dfadbb365c53d845913b8dc1bc77e425d99b48d45396e645249e56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

MD5 e81f7401f8857d0b061ec572bd685cc5
SHA1 c900013424e67ea98f4cc2e433045bd5b37a83b6
SHA256 dbf920c62663ec187112ec27dc51beb6ae2076ca95e7442b9a71f7768113e342
SHA512 598ffe97c60e222fdca6c05d9e89f915473202bd9694e3d3dd503064a7d5ea8e655d2416f1af5d9dc011440a1b3cbfc7b83a5cfee355e1c4e61814695629df3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

MD5 a12d794eaba4bce9d99b8d9eb79f7e55
SHA1 ef0d5322ce165cb64539f72cffa18a0f280571ed
SHA256 6f87816e416ecc6254242d63f463edf23e25b419adba26d129296d8bde9d14c7
SHA512 a8526efe5b3d122fb0d7e3b14294dcf091c8e99e32cb91ab51d278ae630c5c2699d36e3069d19b74d652ecd37da155b5024b6e370162a50953ae22e05dc4e690

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

MD5 ae2db2de1613b786287d6dc7830b976b
SHA1 7ee5d4251c185c835f04c4feb46191a4254f774f
SHA256 2185e99f6be88f25869d09ff7cd020245219c6a8343bd8b3c6cf2ddcfbb71a9c
SHA512 e5adecfe2c77cc687ae67d886bb28faa0a5fd6bc0c7d665666b79d0daf04431981ca86b8f4b1a6471118444d5624325acc5d466cdb05fdb73e7da66b09a86fcf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63bab61298dfac24_0

MD5 5c63e74cb776222c551b424330cb249e
SHA1 d409a09d0bad87ec8d294011734ea4e611f2f8e5
SHA256 c875036afbb8dc5ff57e38170459055b5b13589602ca745ea36014caccfa0ea3
SHA512 9b6872953a1e5234f5748892248047bfe49e2f176a7c974bda0a25466019e5dc5c3b1924d2d52b94a8fdb7a22a95539fa085cf72c4e6f103417fd2e7dd073df8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa5fe3b36e22e31b_0

MD5 894320a8d541fe8146c0e20f96865075
SHA1 c5b4486ceeb3f0f8672609b47a918e5b0a133ef8
SHA256 c2bfb2b81ef1d596a6f59aca4046a9e46e0c86b6b29fe80d9c0e16568bd7e993
SHA512 a9994438c975fe13d3570d3f74b32032f92f3ca77a2bfe41c87e552f04d365f4a5e5ad1707f2704e516d3a67e7a08865a18bc19c9c1ed9e63d4b638dc5e2a7a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbbc3b076556d40d_0

MD5 bf00a1b845c264c67dd452579ef26e1b
SHA1 d3b02f625702de238e0294941d76b97caafc155e
SHA256 785d96e88a1f52630a84a6b08326f4920e25bf9ecd9a4c5ef3925f6e99425ce7
SHA512 af4cbab8c40ec99286eaf7a3d2498aa17a1c14376541e9dd1383e90f60768adc6b7a0013dd25aebfacfe006895473bebd04a36e825cdd5f9de163dafa653914c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b4efbb7782bded86_0

MD5 fd1f766e7d319bdf3a294000521d24cf
SHA1 1a04ca65da6817eaaaf298ededee06fb6accf533
SHA256 f041731e7c73af54b54495181ac288b734bd9e4e3c7014cac03dac0f518d8da2
SHA512 1eb295cefc8fd29c564a0eaa2c9799747feec1b7749be855a95d895849ea01ba0c4d6b676ef3d3b7f6b89f8355e7e9ae6877b6ce96e86b9b3abd197b21643b9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 92950f3df543b786988f396e0750ac02
SHA1 896a2a028b327679e1ef12b56fdc097d2a202531
SHA256 8411bdceb9ba609c0b0d4f09e7b50281b38fb4cb04ce5ec3b319dc3c1c1847d1
SHA512 4c363a766588700b7481c5c8b90608f3a8c261adf087bc4645c6549064b94fac732fb204e530528fe5a072c6f45c54ef733ab37ffc4342914504c3c063118753

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 c924d0cdbceb8d427607485d2120a3f1
SHA1 dc2b76b84c0e85fc0668efeea84162fbab65431f
SHA256 293954b61cb47b90954e3816cfea96ea0742295468fc23345346d0239d237cb6
SHA512 80edcefb0f49c97356129b8a080d734ca8a25ed59963a11e2c1cfb9153e1338b75f70ab0819721c090e8f44c9d4b9177579d0d229bebc7c4dd1a5e8c21e731de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 129febbc0b8f2cd6b476f0961073f8dc
SHA1 e9470970a6e5678e8fe6d4c4769eb82595957bc8
SHA256 24e2ed30285685a63fe9b2df783c5b1f5887bc3feca1398026a3a9a88fef9b41
SHA512 c06a1c50acbff6d921154adf65d34de7fe10e799464e5940650ee40fa9e16bd2a2a667e13db942c207befa2f2c2524bd16f21c3005ad3752ce98d9ddcbfce3c9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 cfc5296086a9fc2bd4ba95d8447dcad9
SHA1 bdad4c1683bd13d578f2bcf6b1129325d58965c5
SHA256 04cb44de29ef95ff59607582d10abb2ed54d753772352f80086367b46ebe9acd
SHA512 56a60529ae27627e37a18c4d0243c91780ba65f63442d91f044d9eb2604f833eca91861f56180fc37fb1887ce6b08b9317417d52af25008aa9ed1b75790b3a8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c6b0d28a04397d3777cc91bd2743cc9e
SHA1 0543a2f832f7f8eea26026deed8e3a68b354ffde
SHA256 62d817ab134c0d23e965eb686caff8884fcda7ef8a29ca917ca4d41578f4699e
SHA512 0755868fcd0c16ef7ca85adf5ef0f6eb4504811d3e064bedd46a23721bd7d751392be1bb4559a45fb1e3f7bae1c391409237302f9bd76a82792b63261516092e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 674b4fc5263fb8dfb97a359ac8927d7a
SHA1 897462af10a26966f7976059bf28684982b52f39
SHA256 d874f01ddbf8f94fc050c8c98fe0d0e15fb1738a13bb7b5c459b92c2eef3f013
SHA512 4827d658cc635840f19e2f979111f9f8b287f7eb580d21c9ab87a7b68f8089a8e4fae90683d86f44a3f6be3674eae918344ca5f9a4def8be3f2ef6babb7389bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000104

MD5 03b1cfaa7d36337d472a96c4375e612d
SHA1 11dc55047e35bf5de4cd9355d63dfb260134fc8c
SHA256 ee0a54330955c4516f7f57f9cd56eee28900863f7de6598458bd88866b7e40ca
SHA512 7d7750b8622f0a6c3c9cabc582956602c531ff8568f18ea088d267454cf25a0dbbb1f5a43215fec995e9aeaa379976fe044d3ea3234db56a7ab4a5444273a437

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000116

MD5 307cc9c90b07960982452fd122fa89ca
SHA1 d3f42e1a37b7a5e959c39a58d2a0a0e052b49961
SHA256 c6d11eb819da4a0881a7a97e06c203056dad988b7e2b7408c937956a1e454718
SHA512 ab10518151cbda16a00281e1788421e3755c252feec398ed68311cb7d72d9d2b7cb199b542d108c396212d01d194aba61de8626e4f8208421ab5dd9926ef8b8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 520a42729a219de59c3be71507b2639a
SHA1 109014fb35a2249eba10297e617ded59019ba073
SHA256 594919915e34d66827175fa90efd5c50205c14de3d5dc1bb208656a15d218ee8
SHA512 5d5cfd21c70d5c19251a7e0f655c6a4a2360245584c45c848f7b5a8fa31d7fd71d5a8cb82f90529b028a37de20e2f4529772fcafda21775ba4a44b86a8fcd47c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4258bcb9741c45cef12c51ade97da043
SHA1 f4a727ee449adbae5d0dac8827ed4ff59975f586
SHA256 c4d896856bb3289bfc06d3d1c04b0ca2b1847987b41865773ec5e840162c359e
SHA512 2cdb4418b251670a63a97f921715f0ad524718c37e1915acc41b175171009f320146e17c3c67de5989b46ca31b9a6bccfefe9ca082ac0905859b1ff6f50cb19f

C:\Users\Admin\Downloads\undetek-v6.9.6.9.4.2.zip

MD5 138f822e25b756808fc5557b81aae86e
SHA1 0817bfe553cd375bec170aecbf9ead5c3b8aff8f
SHA256 34b77ca064926dcf2930067a2682bc0c4fb5f169c39e50f985e90e79b0fc0696
SHA512 c3d07ca7670b70915db9a3ee6137542c70f9155accd013d7ea218b26416ba45eaed35fea12808a35e5c4397188090256adf36b22ef96944b5a1de8f16499f8aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a712b135ae9cc67cc827c168a6ec4051
SHA1 06a6c3089d500df66dc0030d76a96cf79b385939
SHA256 91d6f44bb1514047d114ee0143e304e8afaa2bdf9ce72eda9933855c2ef18ba8
SHA512 889f49b61e73eb4b081d692f314db30043d75df6b74d59d1e0e986c2ad0bfd20b9004ebf3f59046b99db7dd7eff685a2d89b3aad8a21c07a5d4ef53a354c770c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ba6be312c3a4dae8682e0fc45eae89ff
SHA1 b75772ec6fdfaa2fb17079938610e1ff20a02a75
SHA256 6d4ab51d0df9d529bbc9d135cf15f31e5894bcc5ccfa034813deedb4bd50f75a
SHA512 e558a6d042b03d23802fe0a629cacd915e18d962923d52ae21f4af237fd950d5f517eeeabe1d0df14cb50f085ca272140e839ac1690ebbf0a6893351f55a142e

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 c35d7da846bf5919519e4e80301e704f
SHA1 f8a38f9945527d602384dc66858cef96e43b4123
SHA256 7879352d3aae455d4cc86ce07ccbd9a61f431b2ae4939a0daa05a96c3da05c5a
SHA512 8df81a76070823f61ad07126446b6e2893e2c017af989ff40d638fdbfa617188abf18b89c03c29bcf270213c63c194b9649dc9e42e7073a821624595da87efde

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\813caebc-8e70-11ef-b70b-fa9f886f8d04.json

MD5 fc66435680ed434e5a4d20dd90e6395d
SHA1 c1bfece63674cb133047053dfc3838456b9a9e68
SHA256 b3460d1eaada60f7a6714257b9d3e128b674b13de7b4c1ea5b5c946d6fe07965
SHA512 b33e4bc903f60dbe30593bc73530e3d677ba484d4d37bae648f2dd72c3d263f89515d5c8b154847452d7808217836652f9f45fb83d043db422b6b3073bd1ae5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000118

MD5 2beaee0c711bdca561879d19c1b1bb02
SHA1 07e6f36ed68087da7a486d88a195b2139a88cac1
SHA256 e7e9531c2e5603dfd8bad9130cf1eef068cef277fe5db1c841fcd898a2b9b40d
SHA512 a3720ad8ada992b2801fd515d2a74db77d9fbf195f0687122e07b60843a97f99f01c75ee18b1bd201cbba7478d519e4c8b9d79436e99a7cf2fa21a2972133f5a

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\af94b264-8e70-11ef-95aa-fa9f886f8d04.data

MD5 1dc81fe9176cc28ca4cead263a06a9b8
SHA1 059fe29b9ddcf892b1453c7c0032b0b551c74269
SHA256 c5bf901f35f3e62926687251282a364f9880b5d66cc98e2be9ecced2f0444114
SHA512 b123433d406f1eb11c621725641835cb595cc2a1739677f5bb7d5f58b36cd41fbe62e44f499b25943df35172480eb14232d14cc9e37bf0e167256b126b5af3e8

C:\ProgramData\Malwarebytes\MBAMService\config\UI_SecurityAdvisorSettings.json

MD5 c35525645d7e83f11fc860180a7f8a0f
SHA1 c4c6c89d51a803a78a4b67a309359bbae1fc20ba
SHA256 062943398f8dca7f7808f27c08b88e475a6cf18bf925b6acc5545e61fff752b9
SHA512 ce952ed3a59b0465a3baa76126b3f3bd9814f3bf37ef946de7021f2acb9d4fc7ed306eda644ea6f8a1aed6f19c00e6365fc0fb79ceb937fa22a95d8d922e5db9

C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json

MD5 9dfab5b281a5723cc55e4602dc244c09
SHA1 45639f7998a59c52d0a3197040073971395aca0f
SHA256 a32aa82a4d155922d5f398fde7bc2ad50371b47ac013e8d40f17f882e796d3a9
SHA512 5b74eb1e8a43e70a0ae9a0954ed373778722dcf37605f3bd43029dd2e4798e5dca0c83c05e03e610bf1672d7d946ae5805ceed4d40d396903a9300b3662c10c1

C:\Program Files (x86)\mbamtestfile.dat

MD5 9f06243abcb89c70e0c331c61d871fa7
SHA1 fde773a18bb29f5ed65e6f0a7aa717fd1fa485d4
SHA256 837ccb607e312b170fac7383d7ccfd61fa5072793f19a25e75fbacb56539b86b
SHA512 b947b99d1baddd347550c9032e9ab60b6be56551cf92c076b38e4e11f436051a4af51c47e54f8641316a720b043641a3b3c1e1b01ba50445ea1ba60bfd1b7a86

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 45b9ad1517fb8f632135bce292abe7d5
SHA1 432d886ad0ec9fbb47a65b84487625bed649724f
SHA256 1ada7e0fc872b1f0f2ff892e9054daead36bb8fc2b709f8ef2a86332bf976452
SHA512 8e3ab16ac026caa5536c69351024fedc9fae3a66aeab6f8646dc0a4654a7e0da9985ddc3695ef5e516e7f05ff4654a0da7fe7b11f034fd8ff7be95911dd4302a

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\aef4c902-8e70-11ef-aba0-fa9f886f8d04.data

MD5 7c6502af6b5549dcaac566fe6c1e387b
SHA1 171cda4ce1a7b29b1582430817c8652120dfb18a
SHA256 53bc1f031eac1ae520a3379fa42e8a15e472d81eaa9bf855e9340081c3bd651d
SHA512 68ec58d1680e13606f5b4fb79ece47550ba622d8b336971a4dfde6e49e5d5e315af77eebebffa2fd5d8e16f44164e00050f230f6b34e82a12843face51f2c4a5

C:\ProgramData\Malwarebytes\MBAMService\AMECls

MD5 fbdced427987cc14ebde070c195c48fd
SHA1 8b5e5d66cb0cfff705f2b124976be0c30f4f29ad
SHA256 26e696103a54bfa47722509320dbe6521124a9ce8cbf00f88add51dd46a35e42
SHA512 d8eef95738b044f0b79b63bc712b2bd6a847968d092db2e8f349f202911a02eff2dbd48143463d4fb5bce27589907d4f5f227aa214eeedc71341e3b3711c675e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7753ec2bbc2467f5f35b3194820f0c3c
SHA1 8ea11151dfabadb6eb39b96221e450b9149fdb70
SHA256 9811873b840d927bb02ee3f386186f659191b80a74771cece722e892d45c20ef
SHA512 6733fff5bfc3e8e21222ae09e3458b4465b2b5da179078af2a3c810d61695694fcde32a4ff4c963938c92daf7774447b4a4d82ba2bfb3e46de551903f390da78

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\ab930044-8e70-11ef-83f6-fa9f886f8d04.data

MD5 fb63f8f7297d0dacc6c4594fc8f6bb42
SHA1 18270e81742d716b15026c2628b4519714017d44
SHA256 c5db13b845f87a485509b32872aff3dd8c2df8fded49390b6c736be4141c4954
SHA512 785b59e9285b187697cd1648e75fd144a5d6790b3f00670ad1c31e39392f85145d1a3854a2a7eede925537053b7243081e080e4bc809b3fb82de0fde4e140194

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3c4f92e0a4a73ec5cba72b65f6c3c7a5
SHA1 aa9dbb38659e3e4cc0a5c42e62f10855c768a50e
SHA256 82a8a33cf099828ecfa2f3da4b84b515ed7c0c00c5ee72726247f4830f10ed68
SHA512 52047cbfa8005bde3b3e07483d1c4314e288aa6c1884521c3cf75415638b6703b63e14b9632a35b7c750d52c8d862a26338df0eb2ddd6abf07dcc70a2fc39e0e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 5e38e75b904341ff0b82b807159f112f
SHA1 797e54ae7ef7e4356cb0e4afc8ad70bd92eb3335
SHA256 d87675b91dd8567949955e9dcc236310342b90ca5ad130ec84fdfb4d93a74691
SHA512 82d6d4d4ccb8960b5ef913687244c144c9616f500d0991452e0fdb1c55734af3474ff2daad1737e39ef5b4b3cce354e8512e2e3a7aef5ed1609f5f64a6a727ae

C:\ProgramData\Malwarebytes\MBAMService\DDSCls

MD5 7e7efc1581e37cfb10c0c020a0a9a25e
SHA1 a47fab19096f78162758a75641b55dd3845f9697
SHA256 c075d9b5310c5e3ebec342e2e44b61cbb672c57d8719f0ee4ca3940a1eb5c166
SHA512 4b7dd71b45fca91ba27468977790638026476121b0297addd3bb53478518750e7a1d1527dc1ba0312718de1186f5c07d52ebd03a52f31c1665fdfa5a139acf9f

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\870b0ac8-8e70-11ef-9d27-fa9f886f8d04.data

MD5 a7e1f780c1e03153b89dc9504adfbb8a
SHA1 d4dbe9a03be80ed19f9376cb8685ce8046714bb2
SHA256 544405c236ac917e7f6dacc3953470cc8d823ad728230455b41827229697d382
SHA512 9d70d8b253db5f4ec8201bb2c1c035e3741e7659ac49baf90e91dc67038d350fabf5e3f3f06ef4fa8918db7bb838a4d095f6f75ac4902a13fbd9338b52f8dee0

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 ae567b4163821ddaf798bc0d8c573338
SHA1 1e5bd3064a418cb4a7a57839ab0fb9a6cd4aa188
SHA256 d34040ac4516719cb5e805122623c1accee5a0b9f43e89f43268368a98749c72
SHA512 4c519eaf03e996b38734c8acad7263452d300fec91552273c9e485b7dbec81e29079bc453a78f24acf5b9a263f85c460b7dee6f85a58f9287dd4513f3584ebbb

C:\ProgramData\Malwarebytes\MBAMService\tmp\89b6506a8e7111ef8dc3fa9f886f8d04

MD5 5c2d0e8398ec1c667037d7fa6bfcf3c2
SHA1 bf5cc5f273090de5e4bed1e4c7b6372dd3fc2250
SHA256 dcc6424ef33b6cb1b6f6c68cc2464f7a97ab41c4908a463e2c6745272e25f0d6
SHA512 4ba4d982c4dc2ea7efff317134cae7d4d382292fb85d6fa7c197b049fd37b628463f24b6b743890705b508472d61cace9786634eb203c525598e88378c8a968a

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 72cdc5068352d9b729933d1a9f721759
SHA1 55050a1a5e98bd52975ee138963b19524fd3f575
SHA256 b0dfedb1f80cd32081d463fdb75b5c0a5914167def6820dd43863fa083564165
SHA512 4254e99f8fc19bce597101f705fefebe5cac670b5714728dd4729fcccd08ce80a4e30475dea921dec9c141a358bc3acefb99645b2d5e21740218d4d2321a2079

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 37fa20292b75ecb657f83f6078f34914
SHA1 679bbcf564fa4ee34e58e281f8076f4324137525
SHA256 d2aeb992e574400a9cffe644d64760dbb069c1e4bee4187ca86c9b2efde930cb
SHA512 55d871216cf46996e6def6d28610fd3e9043dbc16c4c21f8b663765ac3f2cd2ae54e1fd0946ecda76f3ac7d2622a59f9cdcfde557cde0024956aaec8dad5116f

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\7b4e65b2-8e71-11ef-81b3-fa9f886f8d04.json

MD5 14a18c9e3ad4657aabf91f2706d1850d
SHA1 2b52284cde1480ab942073639cd57c5498f9fa51
SHA256 381b7abb549189a1269a7e96193860e3be4470b17c42c9f0d5207d18999acb00
SHA512 0e7cce4baa4bc5c8b99bf8424a7d01a38a5fac890f4c228c55c1f7558abcacead546c7d298c2f9d420120097577320ba7c50e211eed9e86c0f8ba98ad3c7c296

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00012f

MD5 fc3a54126b60aabb257a03ee7368bccc
SHA1 2a52d4a13d6025b116c7e2670d8f15b00731100c
SHA256 2403e1a1abbaa8f911da32a55052a95352a23250d3caf33cfd9246e4084fcac2
SHA512 9ad6ed709ca7da4609e33758d4fcfeede77b7a56f5f8fa2919073695baf49211fabf6905be9ef778e0a060cd11260d0e6eadf4fc0f056dedcda23140640a6622

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8c74a711d1f7dafc0b3937c92149e09f
SHA1 d114f936ed8d0391b9ca8218e7379b13e2bbb818
SHA256 61324fd5cee843bf434746ba72a4a3f3aca7e260387b6ec73b19dc09fc5808ee
SHA512 6a9e1ca8d7661b9e4ee3e71c25bf576252b315ead91befa575decc5a905e11aa05df1aca88b5ca5dbbad0d6dd9b403b488fee838d86590e025c9c42441e4610a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ecaa3655091d6b75f1a536cb5fc74021
SHA1 73af74102714f826463e8c9f0e869b34a8cb3f74
SHA256 02be726639536320df658303dc9c5338dfd2578e84bac5b6de61d1eddcfebead
SHA512 d80b387c9e35170934ddb6ce86afe628cd77320eea985dc29817b877315f6bce5d76c5558638a7770b7699d3389b24044b38624f8b64c391b4c06869258f9ad2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 878e378486335326ca6fa2cfe2970f13
SHA1 7db74579607966b7133139b378980ec4747dc3a3
SHA256 50c010c550bea65526812a3990580cd0f5b22626ee146ecee7e7f4aae44bcc23
SHA512 078142cb1196dc8106ec30b8cd761571fe443ea6acccaf9171b9b783d7939037dc6155c7dbdc8f9e2086fcc1ae24c3e7fe282fcab4a1de9bcce674d4f17465dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7

MD5 c6150925cfea5941ddc7ff2a0a506692
SHA1 9e99a48a9960b14926bb7f3b02e22da2b0ab7280
SHA256 28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996
SHA512 b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DABA17F5E36CBE65640DD2FE24F104E7

MD5 9cb4e0cbc439ff26b6b5a6c552c9fc45
SHA1 4f722a3e7988e4dc488cb24c331770dfd909bbdf
SHA256 0b1ac93c68a3e7e8382875f4e5d0c7db8ca44484a9d78708099004b011d3c520
SHA512 45f8243106d6c6cd5c604f02c8bc69f8b7cc03bf8ba23185cfdb5fb7dd7975047d99d6465cdf341858ffc190ce06fbcca8133a40de062bc5c0be464ebe370670

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 93448dbc5b80713bdced272df144b412
SHA1 f8ea05e8ab1b0b6c2625115feaabc064458dfd4a
SHA256 21fe38af6a2d01f5d8c08c2ce357497b3a9e9ef024eda1f1123bb3787dc35674
SHA512 5920d60e3dbf85fa72642a68908aa9ac482bf8660e465351a263ec19d6994f12cbc32cb020d92f787536247fc39d883240fd31c9e0faa922d00a4fbde22cc552

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000135

MD5 af7ae505a9eed503f8b8e6982036873e
SHA1 d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
SHA256 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
SHA512 838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000136

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2a8ec8926d3fb2b5f0c2adcd46f53f1a
SHA1 846bd47d6237892ab17b0690c42c39963dc1d11a
SHA256 24b41bc1aef6bfd7ab92c3ac7adfad3f2b6136ec3c8945d3ad774ff3bf81010a
SHA512 f38d9d65748ea519c815416df0d49fca4e0b83ce3b62283c0737b20bac466c71d63f859aabd6231596b1678f46c36c3fbca3267d20dc1ed9d1c0c1f257c3e2df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a2871b677f884b65143ecefa3ea2c981
SHA1 74268043b3ae127a34abacb76e2020670689e88a
SHA256 19f4dfd367c3699d6c9e928dda7dae7d4c92b4aaf0652f5446105cc31ec01aa7
SHA512 4a8f4bfdd86e15504530c0b303ea7b9ff78115cd8daefa38bdd3ddbfba27474786880e2fcc691e8b67a01b01874781df8ec6a52e34f6b2cc4e387227a59d497b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 e4338038aee0837573d85282b9e08ea1
SHA1 c8aebbaffdcf838809d9f383aeed9309203d88de
SHA256 a418cd08c994137a4ecd5639aba013cd68d1ed4400fd5c7dac65120c6868574a
SHA512 9b87519ab780cd479ac521855727633884ea1f6dc061f0bf02a5c8e11a45aa10814230ce1df4f1565f50d6ced4af53ca4cf1a4684b888e106835b9564898dd1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000151

MD5 115c2d84727b41da5e9b4394887a8c40
SHA1 44f495a7f32620e51acca2e78f7e0615cb305781
SHA256 ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
SHA512 00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 86bbe172cfb36fb9f92aedd63388dc89
SHA1 94a00e95dc1934164b512cef551eebc9c1537cb4
SHA256 f9e9b792b961a0732e56189bccae9a6132aeb35a21d1d90299b527bc2e62d77a
SHA512 055ce26253ef426b35f78dd8771558ca579913e3cb8ac9c317083256d1558ef7094caff43372c7aa62874cf1ac21bb4e3499d125605e2740537e2b4ba3c27abe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\38c8892a84268700c1d555293fc3fa782ea43951\cea1f230-41ef-4776-b46a-db366ab9130a\index-dir\the-real-index~RFe627e14.TMP

MD5 e5945ac35c3402ba4404eb1713478d03
SHA1 76aa800e06cb3fd08fb5077c5ce76ce71f3670cd
SHA256 9b4ec5869dc321f4169797edafbe04fd36e032fce9ccf0215fba8ae8d890db8b
SHA512 0d140122636377484fd1ceb937352996a39ea771e126586aabb6baf1b1880bfa0254d70ce20d7c985c2fe0a50cb17e11b205eb7f9fa3ba51eb3e36f21857f7f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\38c8892a84268700c1d555293fc3fa782ea43951\cea1f230-41ef-4776-b46a-db366ab9130a\index-dir\the-real-index

MD5 b0916b1163916b744faf3588d3b5f0e4
SHA1 92222aa19443b99199696f33f86ae647a065a188
SHA256 236fc7983f0138e79003dca218ca8a72bb8adac9c12479cd277d818f977a10a2
SHA512 9e0c4e0d1301578bb3abba980fb5cbf102188d7586bfe6f6349628c180bcba145ced57bf8c9e530b4dc9aca46fedd3a0e6593e249fbd355d9fd750ef54f75359

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\38c8892a84268700c1d555293fc3fa782ea43951\index.txt

MD5 cdf188da211b7a00d070fe67f2649c53
SHA1 f0757583f0619e562fc8884d730b09ddf5f74f9c
SHA256 5e056fb1cf9e8a441fb37cd0c6f1db49aa593b4eff6259325988585a3563a348
SHA512 e836aa7a70b7f855e5c0802dba8f29b82f42b3539b3d0b830f04b647b1d5c22a7b76f66888c575d7311ec769610806aaa002c9258db80aedd419475f086f6fc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\38c8892a84268700c1d555293fc3fa782ea43951\index.txt

MD5 804ba83373cb5ee3f49b6a68e89e79c2
SHA1 8249115585567cc02311c0335cf2083fee9db49e
SHA256 6b93bbea5f21490c0538680fbdad679b0f485b8a6f7e3b9f197ce78208db99d9
SHA512 d632763e6bcbebc0f1fe49947c4a0c3450d739e64219f75ce2601c8438173652c741694a60d36e2408c5d3ed41b6aea44a4ba32c4687b570a239f019f0abb21f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00015c

MD5 b3e330d9a2b44afad2d4477512409c60
SHA1 2fc7353393e223b7f43479c4d5f5a7d6930d9fee
SHA256 fc555d8b3345e678e51772bbf483649c792e98f68d12a66acb75a8416041c2a2
SHA512 74d32e2b0d0efd8f91ad0fd09181651323bd7c1222c7f6af9d199caea633695d8fc806d484e9dadbde414d5d8e0d1ede98845c01fb8a83c3c164f340cce45098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00015d

MD5 120487dc73cba74ba507e43d627cf23d
SHA1 bb7e16f235da60fcf9c8cc2530049886d6f7f871
SHA256 3d7cfe80f6f4abe9aa76cbe82829991a5dd670b5adfce249fa0faa022597f7bb
SHA512 677495412adce43a8e5dd20b4b1a9254a93ebe7608ff27e62aa17f8f0048e2c53ffa041cccb08320ff814174dbbdb0a8193bdca512c65551d69688f85f205a32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bc60ed1e9790d18059fc28c049f2170f
SHA1 a0e0b022330068f2827f0cc333275719696f50f1
SHA256 5a5f8ee0ef90aa7868b5c1eb4f959916d7c64e4c8dcd25b2efca3c995083301d
SHA512 4b386dc7a322eac80126b63a2cde4c435e57c8a8148bd49f6524ba3ff8b69a47f5871c88569ced5229823856f0c6708283bb10fe1e42fce4708ed60447a64f3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bc85f52c822221e186423bbb0e88fb6b
SHA1 f4d139748eac0bb32ba4be1666c29be22073d02c
SHA256 fd0dae5674c0058117e7c1d41da66dc7ee4a8c1a603de9c0d4f5523318b0c066
SHA512 1ebd9c459601492eca79df698c9f5ce9edd3aa038b215f50f3607237d1bd6fee15f7bc44a1c0c1dee0bcef948b25c365d97b2c9f0d8a82e22f0581deed9c922a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000153

MD5 214f75e42aa5cfca07257cbf8c64e83c
SHA1 ba4bbe71d4ab266bc145305217cdf86a7777137f
SHA256 a6760631fecfe59ed152aeb2c51fdcb515ac00cd4755449016b5b34813735d00
SHA512 e8d896c8c3509941fbce96e2847838a520b3bc8d94348b1121840a1a2a45328be939238423a03cdfb7823cf128eec3190de8b4c1924553d603ef02fa856217e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f37ce07be31425a_0

MD5 8292ecd0a11cd781a140855635432016
SHA1 8cac8ce1ebb7d2e9b4412a691df801d437d4c184
SHA256 74b9aa0c554a88e9ad1572793719e5ec2256fedc7de83c1f5bae051f5671ed13
SHA512 70f3b5682a4ed5023e4c74a69e4cd1d0ddf0042d151bb7775997da3e736d66641b5622ddd576d58a4a7cfb7208ea61681cf3a986a45f38a2b1b7406934121a2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000162

MD5 da93aa5083d4a8a231142493c28fdae3
SHA1 7ec3646cb8219a1e3f4d2bfb9b80343ad4ad0fde
SHA256 f953d546d5c0159ed38fb748e442276e47958eb0f95f29c6af82b7e31e3667ff
SHA512 4af42d49043a6d8d193ed491a66999fa5d57942b6d1ceea33574eaabd53bb7cf86573980ee9c4aac98b3e039011634c2450041343872de503661416cad2616f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\993f7d88e15a6329_0

MD5 b2d9768bf05794c00d0a0b38a159b0c2
SHA1 7364753d4617c72a77dbd451602a0cd9aed7588e
SHA256 aa2fd444e34a560cbd9e48762eae65833696a043821b6fce6e329c1ae76ffe76
SHA512 fc677c6eec4e66bd08a9170a3e985c61886c48902dccd4ae2739a8cde3695d026585fddee76f271fab46db68b2825e747c36183051414ea5807d248f2ebd4bd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb97b3fa8e1edd45_0

MD5 d724d7779346e55c935491c6c2acc7f9
SHA1 b62d68cd8bee4f7e773501ace6ca61ea8e2d55b2
SHA256 f277be0fe751003d18bd0fc27da69f56ca3efd76c1fc30fefb0fe0c141ef42ed
SHA512 847e560c8517f5fe6f93fbe55b627b1264c4123fc8cb2ec744270f4c9e0363357ac72447dc8f8c1ba68d113506758c8429d26a003042cde253a5767dc50b6e45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000160

MD5 d35069a726e91cbb4bddb37625c2e967
SHA1 2e42a7cc045e4dee24bc38d559e444f015c17f4a
SHA256 5fba16dca8cfdc08b8455cf2f88ff64dbe70619bc86d410a564b298c5f109d21
SHA512 83d83637dbc83322189222d87e45e5781a757b972cb1b0e5004d99f1439332d4606a607740280e9031804ccf60c734a040c89bc0972c85ae9d139cd500058b2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\28aa98f3ff7e303f_0

MD5 e344f39209f1f8ee6887987bf31916bf
SHA1 83c4f58602280402bec6df45d323d7242772d92d
SHA256 8759a9a2da346043dd0afa3186ead6ff2dd6a45567cc11e5560a8ca535cefd23
SHA512 5cd283f0dfbcdcf39f3c68445d9484d2b52380341a2e80751901e6f7d9a85d84dd963a419ee7fe01ffd7ba48a38f24586897cfa6108475ea89cc3579931e7fe9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 498f5b6e827eaa59af1c3d7d77e106c0
SHA1 fd8395bc7642b1a9a86f43bb8ad5d33c36b13cfb
SHA256 b2e77bea7636600d9a0b593060bd8c00caf51f7e4fd2bbc5a0b0a44b956a8213
SHA512 266f129d268b0b3ea9b62bc69ef9e5750534e95d7d0d162f18a0841c403ed203a47b91be4aba2a4baf4a11c47793249bcf72173446cc742cd729690b0c728ce1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2da68dc2a8c6e46acdbace59de3c7c1c
SHA1 16c303993779d157f18fa5e61f91345313d07785
SHA256 2eabd0c31b1d31b2e59aece8cc0feb860a50855332f391cf554235ba56335fd0
SHA512 c1d0e7bab77415b9ae020e20f9af0ba2ebfe2df219f4d52a35bc5a7e4b6703bc9eec3cff39dd42b8be084598129d05c0c4b78ef1149b44d011afe65637fb6bf1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000148

MD5 04f4c51c1b1ae4347d3ef9e63dd650f8
SHA1 87e0f582937e3aa332e9fe12b9bb0b8b45bfc418
SHA256 590d1c3dd1db6db4deb55d98a95fd11ed040d8ca1775f406558b66441b50e6ec
SHA512 9c271842736e0cfb9198bcc29003fe93b319984fa65ccc571fc5bbfbbc7165fe89effc76f9a2fa4d052bc44633badc2dc8bc73bb3b68022a4d1c626e386c23e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000146

MD5 7680465c99b9bbd9eb5e3055a95ff481
SHA1 4f035af69ca6076226746c23e900846846dce364
SHA256 b53b1d67494e1a4c85056d2bbd233fb9241dd02d88261f72aacf17584f0731e1
SHA512 3c78423f29234a1bc867a73f3c8ddb792869fdb388537867a8d78e68d545386c6cd92891f05221194113ddbc822532184d0763ec329db396c7d41c4f59d447d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000147

MD5 7c2224075fd41741e27aab8e01cc338a
SHA1 61ab9ba861743b87f8af0c55e977aa1c653f8d73
SHA256 efaecafb3b690ff5bddf38ffb089a715f083e311ae55761697fcd3ba69b5a141
SHA512 d6dbda96d49ff4b36d6906dcf001e7ffbbd953e06a347abd5d3db8784feda2d134b875f7612611061628ba175656fcb6da378e8bd06764a287add3e64e33ce82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00014b

MD5 c83e74b8ef273a113b9c97e403b1ddc2
SHA1 ed9fe2f0fc9927592c2af47761373a408375fbb8
SHA256 3def657575e143a703990cde9b6c53849432b604f0eff63091547270f805442c
SHA512 84c94427d4d2ed319c7c9e3bf0fa87ca29b8af759ba18520a49aae759a58ecf4f833528366bfd6cc33105bedfdd26d6ef38ba78979bbaf014e1f262a8474a334

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000149

MD5 2b175f9be1bc413666c2cb94b7b82aa6
SHA1 296e059cc0330c35c1a6bea8192c835894a63178
SHA256 0d7de85a8632a76524cf886ae28005a4e8b1c8f06cb19b30e0f51375a27cc0e9
SHA512 101552f23d0f961e17ca887724da8011f5dab7a1324ebb775e5d6c1e41718f4f2d6bec317aa9986fc8b28d8064adb0cde9fce827029da55762ed0558acae5606

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00014c

MD5 1b28a4cd7eb2d9622652ce475f67f898
SHA1 a2f64c12b808eaef9067971818ec413ff79b606d
SHA256 59488a9b44d8e3693b3a945c1293cb4295f3e78da8de39cc9302adb84a38989f
SHA512 40691ea3e57f1531527c49d561ff6bd7a4014082f8a1657f37804ee71d158943b7946c2de81496bcadad66ba111e0107cdf78bc11c886debdf08339a92dcc29e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\128ccda746d71870_0

MD5 61eb5c5f756303149e273d9a2dcb2e39
SHA1 0048d991ffd033b88170b4d5d8701710c24e32a5
SHA256 917e80fa1372379d4eeebcfe6bd448fd40250ee84f45de468f090ca0c71028d0
SHA512 7dfda7a88ca6c955c62c84696a45889945859b52cdc2e2cc664ab90d2d4b33df042a4ef06b64c38dbde19080c60372c9db0a6d407ddf0ca2da31f1aa1c122dd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df53bad28ea1e322_0

MD5 b806ed36b8158ab30484b7ab2b2683bc
SHA1 b6c03a477c2cf1a130571ae0864a87b8bcf36a98
SHA256 13320dc8a97d5fe817faf1df32bea848309881d890e84d709cd4c893bcff48ec
SHA512 5bba6dc0003a5ef51de326b4ec10cca3012e5b4a049d97b4cada7ce39d35a5088f889d7af314308bcdaef2861e57a8d3f7f696da0185185a3aac8da5cbf11b29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000161

MD5 925fac8bcbf26a70b0a12950aa6021ab
SHA1 80d6514e254a37d63eb53f1a2c71c79dece9336a
SHA256 82a1cf7361ffa672affeb17c40c91b0b0b7d8d5a983073c0320d11ff6fcf4931
SHA512 b4fb30cc7e4a7e0e0188a2a8b96c916dccf37064715d9c2ef58f30e2f4de40bd5e4630bc490fb85be81e78177ffdc18a54c20737be9d7709fa781e0b93de63bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9a4b5d0082d3ce68011b1a4592d221df
SHA1 d0bf4c161c53477ae85f9611cdcd80a7d36d6162
SHA256 ebb9559340d8bf00924fb101cd2b1edda3c4cfed0e7ea394f18aa719aa8de5ac
SHA512 ddc49615dd552dcafe839dd90f263b1f40efd963e95d651c53d42021e52b0f12115724e1903aa6473bf8591ef4a6c13a99a65ea3d53ea9894e6f6ff10974977f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7c95540687d3cf37ed2347d021b9e116
SHA1 76b7c3e8f32e5c1c6d6d57e4813879238d284d53
SHA256 844caef0396343827add9b9fd16a37efac43dc89091c4604463b67db6d07f088
SHA512 701064ef660dafc7d2123f8f2c501394006988af2d6d841fa377be2a24acac0ea7c7e785a4f8edf6f990f9f692c4e9754b561002c6625fce8b4f4973fe09e8db

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 00a35f0fa859347f2c8ffb42c37319a7
SHA1 3c7656826f36281b582b42c6c325585655085ba0
SHA256 7f41d36d6a9ed72f9d8e6093d1103aa523e8ede2b6c4fdec2274706111a68ae8
SHA512 8e9a5623742cdd3f633e716dd87072ae2e7b5794b84324bdb32d5ea18851779350beafd0126204db58fc6331b492aa19af3a010abb4a35a3ce94839a55ef7afb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 808b6fcbb904454ac67c5b9bf887d30d
SHA1 9da0afa0d232e6f9acbd3e46ee8b18f4d85158a9
SHA256 802f8cf0ca97a3e6efe201c83b89dea89ce1679e61b5c6198f250823a759cd17
SHA512 551f78e68bf1086bb2682eace70a90b4cc9471c77ce75b0e8cc56ba2caf32f82ac707ad667a8fa06b8242d0ef25193d8c970195957c183b04ea54c2a4140d54a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00018c

MD5 59b3482f613319c6be60f411023f0000
SHA1 475fa71db86e99720cde9236918e37d5c0974eae
SHA256 041a1df3673259bf64dcbdaddcee0d8513e767c3a0c66c43728d9dc4b9e36290
SHA512 241ec1eb8f4e3f4761e9690c92a2b02610780a7cdc9bfb7943accd1b2277636630c631a738b40a9e622e5f6b7481e893740e0f8785d9450dd261063409af0477

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5b4c1ffac18196f329a824974a1e6ae5
SHA1 b65986d47ebdb3c419c012931da25010ba48c32e
SHA256 2ae9834f2ca3a517c6bdf4c94ea1a0a6ed999d80b6fa20f1159244db33d4f23c
SHA512 a2bdf29c715ace13c0ce8b4a395e38ecb186b564c14b979329284a64d2f71272ce154a26c5cbb040c2ac4661e1d49680df7d06eb2bebe89ef6b9477e408b143f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 82ecc9c02f0ea7746c59aedcbcadca03
SHA1 442878a0ac7a0635f36ae1e6a5f5fdd6e2a6e182
SHA256 6bef64fb472bbb73e4073d895e4310069d4b5e3a13c41e2ce677f4a02eee18d5
SHA512 71bafc118dd160abaabc62fee18dd59ab22a52f2ffe1ce1a27677c7e2bfb06eebb3a6777fc44e11d083232465fe5e881f356a674a50635ddb6c5a9c2f613a12d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001a5

MD5 16faecae5562804afeff1ae02aaf5cfc
SHA1 77a74baf348dab74110eefe88a24bae44431c959
SHA256 5ebd38c4611b9ce31acefecfcb9d007323479b8fe35a0ab1b83ddc856edfbe09
SHA512 6a1ce87366ff523d71265cff36832c6f2c55b254510b20cf5434b1bad51c3ffc7b956b2d12f88ef2c34c2fcc080f4891c64e0f84f445f44856139b3b01add207

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001ac

MD5 1aca735014a6bb648f468ee476680d5b
SHA1 6d28e3ae6e42784769199948211e3aa0806fa62c
SHA256 e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a
SHA512 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 afda3bbbbeefb443132720723c936a48
SHA1 868fb6205e7c71b9be6c2a68e718425f17b69cfe
SHA256 9e5703fea22f57402fd450da13a423fcb1e004dcd23deb8b45a1246adde3b8f5
SHA512 74242a9cde02a21feab81be5a47929e1f1d07640b4e91d28499bf14ba1d24561e424813e72e38e79a782204385b3204ecd2fbf6ab90df8dc6171541f4a58ff42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3b98dcdd27347a01516d0599c9f6fbb6
SHA1 3114e749f387fdad3ea9b8437d0e90ee645c2d5a
SHA256 b64b058b41dfed65b016e9b86007c884e2cdb6e01c334beacf041a24a59a5a39
SHA512 9bb0121647aacc4441a7545253b742086dd8d70a86b014dad4e3625d69bb76c3f91ca6e596658176e0d47cf1eaefc9eff88193f21b624f1d0c6d5829632d0da6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 d81d52a7a2de9189891eeb3753aac042
SHA1 057b7068214f3af00ecf73677798979175192062
SHA256 5d59969951587d02ccf8e5b8b08b16f8b8b3110e26dd195cfdbaaaae99674230
SHA512 62a5c49989be283cc69609bedeba3e1a6f5d3a02edfdfda9baaaae7d55edef2fa80fecb22e9f5545b858c308cfa83b21a25768ea3ec93e4d6bc5d74c968bf2a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

MD5 614357e438ce93fa6e631e294d5f4740
SHA1 631ef15b9e4a8f2fa39e640ed3046ee7fc3c8fbf
SHA256 6c7864006f5aab7cefc5de125f1a5118dd80a34775e936f7ae9a227cf6119b1d
SHA512 9a7cf3ae82cfc8a2c4a987a4e9a589b39aa30e784a604df121238b878a308583e2ffb3ee6f551a1ca902ade99c3ccea7af76ec5068abebc22fbd6b2251833f6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

MD5 391a03a3c517a4bcbf69684e55bf732b
SHA1 5fd18a79ae4e34882b00d7b7512b65da75d6ca28
SHA256 23727e940942f01f285cb761ec7ac1f73a4d86b1fe41ab685fb23610b82cf7f6
SHA512 fad3d914cd118fd9e46f6164364bbdbcf8d179eb8625195756266d7ca9992215a9ee7984370d1e2116a6d71564518d78fb12fe0501b346a1892ffcb640654242

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

MD5 f9a1dae213238fff2c8813c49a1ff258
SHA1 5551617e819734b18af6428c5e16ee676934bd23
SHA256 8825798cced59f903aab5942800a2bc1f45175fbc218f0edac1e4ba2ff44c03f
SHA512 686130c5affa0513756b00bffb731e2cd02b80ef8161fd4dec5f3c72fb6cda589e736acb7fee5c6d80d8e6589762f24bcdc5db9719534f3e3ad80d8decba2e53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f019da7e5b31cc2db92b2a27b08f5e6b
SHA1 578fcbf59da698af0764773f1c8958bf785718cb
SHA256 37b00822eabf8d1e15004613d7ca043f5c8479c1a98fc9eacbabf89f43d54ef5
SHA512 c5f45edd626035d22b8ce21908420b092c4be95a62c7ae7ee21a8ce40df8b31557ab98415c298de726b73ac7aa734f415ca338464fb570e99a4776f8c8a5a2ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 884b1c5343c27a8f3d6a1ceb06f1b3f8
SHA1 f9e8995d43dc4e789176479b140d5c6bc636786a
SHA256 8a55e4c10fc2f4ca02f1ff60cb154b89febc63bf8d55d10f5cbabfd15a33e7f2
SHA512 726f2b8c32863db02eb511c9224117a830c14c63fe564c9ee90045f332b3084cbe29bd2eef02bc190f20319a0cacf9bbe93e7dbf2e21af7e14331092cf928c5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 38f6feae801824c0b8f7e68c16a9481c
SHA1 2f19cfb497367c0018a89268f9c3a1b217be7504
SHA256 ca737cce1066dc1a00da8a3e842599527551c7df1c31a3ee2ac88f305fc77ee7
SHA512 ccc75484f2545555f15933022fc9178b3d084cb1a39db34e8ecf9637bf6ac5d932a143299e66e9df3d22cc4d2d2fa1e1770388187ac6254d81575a9da648df4f

C:\ProgramData\Malwarebytes\MBAMService\BlitzCache

MD5 eac7a3c5f21fd1bb96865c871f562f4c
SHA1 f8c3ae6839dfa0dc072ba8a50ada209a863d4a50
SHA256 25e44a19071b425d23ccd4f2a935a7419b665665dbb76ecce4fc1f673aa85c1d
SHA512 e3c06bd686e45568257bfff2d0db80a0ca618eff20a23437e78a70bf42f4b35d1813f9469d74b1397b6e8b03303b5b994e7ec63cdb81c57d6b29559792586c11

C:\Users\Admin\Downloads\Unconfirmed 10994.crdownload

MD5 cb56ea529726c8399e6f7b8c54ed40e4
SHA1 fa79565ec772c51eaeced6769299113f32329a1e
SHA256 a67d5dd48c2279867a2600e76b51ab45586da46f199f636eec7f0963db4b1da0
SHA512 8c5f4345e8d3d89e7cda4ac0dcf11e785c96056f12066711b9c7efe0349e26e2bc2f954418515e2498aed275e8dfe7f1c701f651d0d0b6608322c9e3c43e8ac7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d0f3036de755f0d8bc46c58dd9495788
SHA1 1c0d63bfd44877efaebab024ec122f9f53516d1d
SHA256 3d5e651c759f7db7e68454716fb528201c11856d5ef0ac2847e5f88e13c112f7
SHA512 4e3d5c00493fb5a553e688f3afa745093d4a7f67a34d0cccda4ad5bc125a9b6159df78a4fce726d8db37c74eebb57053a348f05ca5d1bf8684cce50d807c6c71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c7a873407d78bc76ac297cb903792635
SHA1 3c77f877d02e2ee77937d4b3395057565e1979a3
SHA256 701fa6c850340a67ac9ec02437f9e8c6675ef0668a1dd6ed57fe7508b567f46b
SHA512 02e27442247f4f9ca3c328d86e87e9cc76a52e702ce43d87d60f417835707750437ad6da998d4d690633ee7cafcc52cc8a1eeac03493f2d0350a7c972c823c88

memory/5132-10538-0x0000000000400000-0x00000000004F0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a817e546258c0e32a1a518d0b4e40368
SHA1 2e1ec656ca1db97a53ae02ad3fd3d7ab3515b0fd
SHA256 da2b35f12d1ffaeee6c10639b90f4638d4b46b146f68149cfda2986331eb4527
SHA512 9a6bd0151ed3e41441aa98435a91e0b37f30751c637aab4a6fd36244f172e8cd872d37c671e653c19a18e28bee928521754ef9a61c12818535ba8cb1486355ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 58f56a2c984b09e944f57e3ca46adf35
SHA1 2b000a8217cb36b98cc8bd3d33f97a70cf7688fc
SHA256 79d6809a9bfb6200d83556c1635f46f9eca96baa5b90069deba83c2566664907
SHA512 84eb8c94727bc19ca169af532d08192dd552d985ed74d7c9289b7a2a3c26944b6d2487bea5109eedc95af136e53e8e561cc8ec4ce2cb6be79cac84c7b87e8e46

memory/5132-10589-0x0000000000400000-0x00000000004F0000-memory.dmp

memory/8840-10590-0x0000000000400000-0x000000000072C000-memory.dmp

C:\Program Files\Counter-Strike Global Offensive\Run_CS2.exe

MD5 f46e0ed60e9532858161e6747b47bb69
SHA1 e9a095b204b6dccb410cfbbb4332f7885adefaf3
SHA256 0cfda13cdc6396cb06201b8e7c78fc1a9f29fcac7564fed5b6d9fb818e63ba47
SHA512 b9cdf76f94e52a458afa22d244117ee8271e7107dd78264b47aaca86f064abad616616feb94489f5b54aa1a1e3d5c3bf72b55b06b9f06a0ad8cc096c0319d43a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\97e0f60cb0388de5_0

MD5 7b08822faaa27b70ce571585ad8b129b
SHA1 a604f3293dc4d5e469b4acbd11b07cd37be220cd
SHA256 439093483a18b3fdf82aaf41b181d282d41aa58faa56a5ada2154fe53e54ad54
SHA512 969014b2d295651610da24a43cfa87c0b4b5cd0a62f1617957274c97334ab3a2c39efa7dee9b75feeb785ee77a2b1c5481c14e2996dd58e63036b4ac427ed26f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\11ec628802ad8337_0

MD5 32ef5f9cc1676d5d868b5d86372a17ca
SHA1 a1dc4286065ab11ee2a7d4c7863a9ba5890d7d17
SHA256 b0ce9ee2d36108efeec2807558e85d54e0ee33bcee5ffedce6c73ab2343a4624
SHA512 4a4e6461d5c6cb024053b664547b8964e5d5ee99ce165b6d388e135c0f431c30b18dda08521ca4f5af331cdd0d589c71229c5ba479abb0500bdcaa00bd9a1bd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

MD5 d18a01166d639d47e5f072c10fb781bf
SHA1 9c54670a87eef3e28f286af80ab5fe000b0efc46
SHA256 7cc7826d81a89deeb55e0ec660283821bcdd6cc1370b7112b2bd6af0ac33f67c
SHA512 22d24798dbc250d9fd8e813c2372a1fc06f8039edeac5eebab0f865cce450306a365d380de9d6ede61b54230f3800d2cc833506eea62bbc88b72e2bdcab3af31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d0c04f9998369cd_0

MD5 bdcaf3895d8fb7fbf1cdc4820637b08b
SHA1 ed3264d71cb0c9ed428ef361efcb7a15f49fa6a1
SHA256 b938a22ccbc0278b2c4417c27a1ea7249cda2cf39694a7447b35ac3eba075013
SHA512 c959368781cf217d0af865167c4ff78ce761d8898dad847649e668c5e576443567ff3e0b9cc3f0bef251ac2997011989f144506a06a2a30ee5a895b1feb000cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83d6d3a772bbc707_0

MD5 b2f1d2ec67dfab3a2de70a8594c515bb
SHA1 1c081c9f87951337b0a57844de2ac501e9f9d00a
SHA256 d264105cb94ecbf089ef28343702b4f91dbb8c1eb73fcad89982b888e3125958
SHA512 e2c9eca1e294666382fc8e8333abaf2effd07e6c2aa733af2fca0bc55019d89e34d36579aa05ff82df193edd4ea0eed4a3eb15f0d4aa4fc580ddf0ef81fa4c6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eeea6a59c461170c_0

MD5 e0e17a1a8b1ac8fed657229c3a1f3583
SHA1 f2be06e8956c7594b28580311a7d37dbd567640f
SHA256 301c0214e13bf0854116d14f78645eb93e0ca9a4491998b9912edb45ccbe1950
SHA512 98c279d931a08bdf0c28f28ba90545fbcc8ffbd67e8228bc91534076a8e04c0332e5ae22721e9fb185165a83607b45e61d019bfcec5f765eab67b35db25e1077

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5de9f44e801f6134_0

MD5 0031ba83688ffdb735396cd8c6b00887
SHA1 03135224344aeb1478fd1ed53597517df0b55e8e
SHA256 7bc9c61e2f76e1beb185448a3d5bbaa97bb3db14d515ac4e518e01787bca12c4
SHA512 52b65c97330b1e7f645bf76f6d84e52ee618d5af37f6b2bf6e08692828be8f871c42c263de5f966a4ffd8a8df106acd5b1e9e64e9e3822d386a4bf766fcd1de3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001d1

MD5 301426f2db9f6e0b3a096a76b2a0c1f2
SHA1 41b52eb8397f41b6a3f1bb1d70b93b360edcbc31
SHA256 7958fe0d52e174d7a45250456a640b623537474554aaf7f531a6f99e417c1d35
SHA512 029881e3c1e4bc1f7c46e81efc919051be72a0db162feeef87757a9405193043ee49a2a079b94ef8b2c10a0cd06184c582413d5fc0ca6e7966f28ecccf256267

memory/8840-10904-0x0000000000400000-0x000000000072C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 40b86f63d6b18834411a01c85a7e947d
SHA1 94d540d4d6918355bf48c2d1040c676cbe54ef25
SHA256 b6b019426cd9c17444ac283d01d9ba8cf30c01d8e54c9b07f79819134a37ceee
SHA512 91226f9287ec7954325360d02d8deeb0729ae8ddeeb3fecf6ac35ab027a91afa6a345e5ad6d8f6eae8a3f20565adc63663d3c973a772d01d55a0a6a14ae98688

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4b73594cfa436986d56740956cca6b64
SHA1 966a070fa0e1c5fe1aea420f0733f0cfbc067818
SHA256 873139890c1cfd36517fe1dd300ec23d6319cae82972dd9924cd5bfdaa01cd70
SHA512 c8f9bac8e3c118f0c6294594f7aef639735bdd6433b2d5444bcc93d664960e8a09d529b552da6dfb2413238dcce87b091efbd8a59f5a9a5b9b9706201ebce478

C:\Users\Admin\Downloads\MEMZ.exe

MD5 1d5ad9c8d3fee874d0feb8bfac220a11
SHA1 ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA256 3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512 c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ae49bec48982e9c738c672d1631e3687
SHA1 c00408a014079e636c6cf672c3c75ac600d9115b
SHA256 0babdb8c289cfdb5d48144783598127b8f5ecf03f06370c078637189602379c6
SHA512 bde2eb6a3ddec49147890173663bffe6c070febfcf4ed12c8bde1ec370cb39cfd2761f5caae8dac0a76f83282fbe708dc22ab00294503cf18ae7f8bef3b1dcf7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0e572edf47752bbfaef853afc0898727
SHA1 684404b70c7ec7f0f4046dc9d6c715cbdb4f0137
SHA256 d2d8fd131d0c1e38b60f4978d170deff2287a9351ebbbaf39f301fca7eb3e8f6
SHA512 5a95d03149af2fd90f4ce90ad92da32adee4a150c44c580105ddd071a9d756f542dd7471ad4bfb52c61fec484a8d33a6e5e814c7e4a65deee4641c2352b56ebb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4c9ab11be2ee30724e568aaadd5b9701
SHA1 373a418a6fb831305886ff0c510e202cadf1793f
SHA256 8c7659ee85a2a21a6ca4020ef7da79eb74f55e505eda09e0e5fcb8245d24a3b4
SHA512 c34c479fa2201b973f2434ec613ea81619623c277bb6acc475cb39cf2d01cb593e1c20a1760872321303bf5e80d21e70958edfd8fb7fb2ee0c68e4464cf79bf9

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 ad199127459c48ceba5f2aa63d03a800
SHA1 d52f97109c2d38bc5c0e4205c221b380b74ac83e
SHA256 030ad74a6fc3748651c6c88145f662bc20a06c06c7edd6a960511a976d521140
SHA512 162e80bbb1d801bc054be233442929a77280b3347d97212ea5fc3e6356133f66de0ccbdfab1d7f6747940e429cdb2103bad538c11a25661381b9f93f84f84213

C:\Windows\Temp\tmp968faaaaa

MD5 0993ac2b5a78663d71ad53ed8395c39e
SHA1 97060c28a7224956c5ff2559b46f8271a50530bf
SHA256 c3f4d2e435a4aa966d6f2e20f7073b61fd24da4423ce3d500d9ce8906eb11ae4
SHA512 1f9145dab17037decfedfc4bca134800aeafc5f02975c29464ac73c9e98190ae5b1d58842c30a64f3663adf2b9884261889b9cfc62f017a2fdbe90968f5d0e91

C:\Windows\Temp\tmp968eaaaaa

MD5 0163d73ac6c04817a0bed83c3564b99f
SHA1 784001e8d0e7ab6a09202c2a1094f371f7d017cb
SHA256 5114af822abc2b0f2aabb7565919164c9babf884e34c21095213dbe6a71511ea
SHA512 47051ee935be9e9d4457447c7fe5df06a5b0c5ef55d2c757d3dfa179b6049ae79732b1552e812febe5ae41a076cb29d8a809ae9b168afc7eb4c9eadfadcf5d9b

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 1ac175045b7c478b573c4df51dcf389d
SHA1 6a51d8c78779de10e98b231e0652d6d2f84bac7d
SHA256 69e2e395b2a7712826179e94db68d05d22ee0590b4b69560a726c5510928d9fa
SHA512 880f06691a776eed63f682c2055b620d9a6a483f9b11d70e7dbbff59d6691099a35661b2ab7e9253dc119d04732c5355decb4d0a9c24d764577e227a0c5fc34b

C:\ProgramData\Malwarebytes\MBAMService\config\UI_DCountInfo.json

MD5 5e8a69d47534695473b0cbf61107c269
SHA1 648e218c3bcb6032ba2d0e6077e14031a29cae08
SHA256 0c9df205487dbc4843fc4706d6a9115e2a2469721b4f124fe0d7da39dd3ccff1
SHA512 05ed93c0d6b479cb53bdb178880dd2a11c77205f7fcd0f1a94784b169d4d345a2cead3a74701846e0b2b9fffaae4d1649d0036a4232343c0ce37220100617024

C:\ProgramData\Malwarebytes\MBAMService\config\UI_ApplicationSettings.json

MD5 c91817c3e7508ed4fa13478670cb5393
SHA1 bab302f70efa997eb8a25f633fbd3d4579ad7a69
SHA256 f1c5aac96c0b138ee1b286b5f0dff9be1f2a796db96d7b45dc7873d554bba14a
SHA512 fe43610b8a35ffe1424a38bb7b8b9623965752a59d27ba58d037dd5df273698f6882d65672afd503a82ecdb6e004218a0132a65de20c08bc73f8df39cd751992

C:\ProgramData\Malwarebytes\MBAMService\DDSCls

MD5 efeb31e47f64b0654aae9bb15427ecdf
SHA1 0c00fbdd63ec9eb69d218ae0ee08f506b6a9e228
SHA256 9546c93dff27639969b37fbcc53cad4f48582c308ab50b9a5b8fa96e44fec0dc
SHA512 4da4c566a7d0692326711a565566e105ecf1013308e7a4babab59b189efd0d5809bab2d991395675c8679061c4c1a32e7317cdffb0e567d1dbd35459144cd3a3

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 d4f63cecb2ad3e74f5cf62b82dd696ea
SHA1 f58d787e5a1f0c005dca89dfc5f4ac703ae6b9c1
SHA256 39537ede09b89ad7d86b593c6f32e368bda53c852983c81b14697d494e61f181
SHA512 5ea21af34d23f32e4c44cfdb83fc34bb2e85298b00bc32daa06be8cec84a1cce4d52c52ede2e3263a26fe09e4b6723f4d49e7fe1b4f74e95bde5ba11783582c8

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 f3e197eac1b11574fd8335f412aa84fd
SHA1 05c0634ac85a89ddd91cc42399dc1358e175513e
SHA256 d1597451f0856179d2e3e119a9b75ed618b0570fc33fbbb386ad97d39879781e
SHA512 c57d144b2aec9844b5dc54807923d42cb4d9d93a758c4d8807c4c3524b78edd60d80d8b84f15ff72ad52f1c85fb9761b0d60a9d82af27c5f8100a3be72cf895f

C:\ProgramData\Malwarebytes\MBAMService\config\UI_NotificationsSettings.json

MD5 b889ff78adf8ea0d76915315ecff3d1b
SHA1 ba0e500767e7dcaa04a05540ed7811712df25619
SHA256 a803558388a37ce73ac5fa2ece332087010be626c22ea25e3ba2fc83e14b3335
SHA512 7b75479508b6c896a945c6f9f70a703b0773bf636dfbdc68bad1bfce34b772c7f43fe09fa2121fae63ccb4bebf0a2829271d7bedfc3c9f69828fa2b78ce50ffe

C:\ProgramData\Malwarebytes\MBAMService\tmp\15105f528e7211efacb1fa9f886f8d04

MD5 194055c240e643d50f157747235b55b8
SHA1 da9c287f63d8c04e59ac37bd2d0a33d68bcc4897
SHA256 2afb759e0d8ad9aa343fc5398a6bcd899d776562172172e932e033717cbea7a7
SHA512 2215c4f29b1c49694adcffb6dff5212eaa903c93c593d4ca179b40cb5977c953bd974ecf25873a2637159044663d1ec4b4b9b9a8bf8593228068da1994c701fa

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D2.tmp

MD5 9ddbe8acefd2dcaaa044c7ccc3bccb27
SHA1 dc45e7898236518b91ca70a30d0a9bd91036f282
SHA256 b3e0269d0c4fdcdda002b2953e4116848da5f1ca3f04e6861683af32eda77f2a
SHA512 57264137a6abc4d54b86f59976b96eadec0afb84b753859fa389bd91944590288f5dac9279ebb03f7d47def075cb8f4739776b8cc4087fb51706c2954869eee8

C:\ProgramData\Malwarebytes\MBAMService\AMECls

MD5 c404ace45e0414e07990509638641f7c
SHA1 c0fc21241d4195f9a76e7b91210822a3e36393a0
SHA256 dfeed039860f1a7d730aced9fade456a493c16742e0cdd5bec1fa86699668e10
SHA512 acba9dfab1988fa63fe63e4eeea21ac75f0e19bba7fb35075ba55e5eeab03f1c40ad870650aaf2ad5585c8a69696b4d1219ffce2ec1e92006c218cb142e77c7e

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\ab930044-8e70-11ef-83f6-fa9f886f8d04.quar

MD5 e569753e4b8c41158ad418963af2327b
SHA1 cb0082879cfa3a9ee0e45f9673ed615cf22d509a
SHA256 2c31305a0e79aa064a969b9a3f81be7540c36eaafaaf5411aa143df1974510bd
SHA512 a75b5d09c974bb6232947306dcf2937944aa015d954e346f252ff8b3402dd6bcd8f0d9d7af87ccc3a0c4991f54de4d11a6e6879b82d764a1ab7b2ee6c3eb79d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001d8

MD5 0e3d96124ecfd1e2818dfd4d5f21352a
SHA1 098b1aa4b26d3c77d24dc2ffd335d2f3a7aeb5d7
SHA256 eef545efdb498b725fbabeedd5b80cec3c60357df9bc2943cfd7c8d5ae061dcc
SHA512 c02d65d901e26d0ed28600fa739f1aa42184e00b4e9919f1e4e9623fe9d07a2e2c35b0215d4f101afc1e32fc101a200ca4244eb1d9ca846065d387144451331c

memory/8840-11263-0x0000000000400000-0x000000000072C000-memory.dmp

C:\Program Files\Counter-Strike Global Offensive\inf.ini

MD5 50cf5343c4c0d3b94c0aa4957419f76e
SHA1 9384ed137a3bc54d2c4f1649a0bc26f59786d3a0
SHA256 4325d3e643667d73cf27e35c51fa00ad4d464be92cac83e793ba638d341446c5
SHA512 b8259b7b18ee992fc3c2ffbb9134c01cba091f772f021c7da17174d881f087b5c1f881caffcc6dd83626bf17459c448e5089e4302b09bce92fb7238e6bc0a75e

memory/5132-11293-0x0000000000400000-0x00000000004F0000-memory.dmp

memory/8840-11292-0x0000000000400000-0x000000000072C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 40ffbc65093f3d436c900cf6f1b57573
SHA1 48047f300525e39cb0f379c7fb9707318afc3908
SHA256 03f8f0261a1dc0e903110216e0042fe207cac669c613b9259ccb530ddcc9669a
SHA512 2be0f09c309a48625dee99dd6e3644ece46eede7f9900ac071844eafaaa0d6296fc3ae02762e9b2ed8864149c9b2711569363b9500fe191c5caca5aad0fde3ce

memory/9084-11313-0x0000000000400000-0x000000000081D000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 f7cfdd225d2d533dc1f733434b852a80
SHA1 96746482b2e9f5cd82132caadbf001b634473ffa
SHA256 02e5da68ba8ba7cdb03b8dbf15e13f8c519af2fa22ca72d85e67a394864e8c9e
SHA512 fb2101c4be5b39a7f95451de2c40d3484ed4ddfd5eba6daa55144c2089b82a0c956e8bc066618827488e998b35429a6070403f9546dce645dd1112a2af9a5df6

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 6ef1ef98c182b49403663e6918470912
SHA1 0e094e9e1a48ef4f21f82f55a9df27d4d076b174
SHA256 b65be8f06b0a4412bd2f871fd2456ba3683a18a74ceecf54e5d8faede9b10800
SHA512 7f1e06b957797ad81e3c42f74ab021ad8a0d12507452691fbde0f78a8657d3cf4f9eefdea1d5a5d69bc81aa304c48c0454d4a9f0361b614e38128b97f68beacb

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\07ff57aa-8e72-11ef-b4f2-fa9f886f8d04.json

MD5 f229806fea299ec125230d704b93d75e
SHA1 42d29c67d0d2837c355e1fe79764d0d09c49d320
SHA256 98387e01d4178270de992bb254ae287c21f4e3544da12239097419746188da93
SHA512 35bd3bfd9076989be00ecff06621cf76b6e457aed69f2d501d9f3eebfe13335c487afca09a71747ae803a8aa558a949e99a01a5ceca5b18b664ce94f05e95589

memory/9084-11404-0x0000000000400000-0x000000000081D000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4d9e4a98b856a142fe31a36e4fec313b
SHA1 712ae03f3a5158a9b5cf5ec75a146cf92ba7c0b3
SHA256 9a53934b9cf631e2532f833e215922873d83656b5167c64b677a079063964b4e
SHA512 82c50078ee89aed72adf9ba92dce05f07724ec0baf5f9d92135a9334417765c843371a9846f48af25bbf9d007443adde427d485778f48922bd9caa729d996e49

memory/9084-11452-0x0000000000400000-0x000000000081D000-memory.dmp

memory/9084-11469-0x0000000000400000-0x000000000081D000-memory.dmp

memory/9084-11474-0x0000000000400000-0x000000000081D000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3ecf9bb5ef69ee731742587a8b136ad1
SHA1 9c1f9399c5e1948f285a49a20c8a21b1a9719f42
SHA256 95297aa3e2662823b2f6167b9a0901a5f7772848738d86d0e55041e1e33c5ae2
SHA512 aa10978140eb0235b785225a5f32ae11400732d402cf848e05d47c36e0eaac822f7e23e500841c317532b350928b6b5b1081dc0747dc37d0cdb535823f536a88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fc70ebde0ab65c0a_0

MD5 f34d50414a8fe900678c9d95e73c4945
SHA1 004cf59b9f89841d574f5a6de1ee185395b49cde
SHA256 c278ccade5a0c9c9b8469975059c0fa3b3f6821e1db872f1b0e1e7cf23a71f3c
SHA512 b0207a167453a6f7032d9e847c7b53789d7e031dd12791a86401d01cfc83f3537203fb71868c21f536a13d5b1243df20fb50a8fab5c885e93289482b6b1835b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 696c8ee2b473984324b78b852634edc6
SHA1 0d1d230fb117b34d43067c1a7c6db76b7802f442
SHA256 530846846348424f9846a900c01406ceb5726e1762dd593191f7472e990f506a
SHA512 0cdf9c49215e5b1d60c2bfa8d570d710d64a84085ebe08fdc0799ad284a5c6a1e9b210a7c2fc7adcc778d2553bc73474ad47958a3a91bd77de6a0d944e75b9e0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 b340c99b5f10f2a558a1e6e7dc3a4dae
SHA1 febb78092b838f7aabaf54a081c61212bdafb41a
SHA256 fd68c6dd75e28caa9022532863df99613b778631ac0ef6f496acec8e1095f9e0
SHA512 12f42e19da030d680a8b823e9888d99a2f48b5713ba83df24c7dac8e624b4e1c95313721f2fcb25c0495f6da0aeb7768f8ab596927d9d1321b2b9a296cd8c410

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 47cd490b0b9e5543324066a1861a71db
SHA1 fb78c0504950f21f19ed14fd0efc5381a594aef5
SHA256 14d459f24137071812aabaaf666be8e9eeb85fa535831a54c34d6c3ff766b5cf
SHA512 3a6c3870fdcd9ed816be5d61b29c9b50406e4925251b67f10d81c913b52dbdddcb43d3f8881733b2668491521c7b18f50ba5c551f2b113409c6bf68edd4fe549

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0f10676dabfd2cee3bf3f12456625329
SHA1 d16b206649f9f42eba27ff6b36783d2f44498f4a
SHA256 cd3ed1b8c6387c0fe214dddc0bd9b2a0ea491e1fc790a56b6193d18c5bce9c32
SHA512 b7dc2b6f57a3a5bd5404efb83dd30eee0337a5201ea89a151923839e7ac2084247a6f0c33615f079ac3c23b27c9ce0547afcdcabf410d84c2dc3f4e56bae9e7c

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 3d4e4276e166b133e3e3d965c2b65012
SHA1 f3fd953166e434b20c514638563e09680167ad22
SHA256 f96afc949f6b24fc05f9188a07eca536b971b5e9aa3a6edab054640172731628
SHA512 62c9c4dd9667b2cb0b3d01fc881cdd2580db3a38ac17e197ff2f3a526e3e308b6d10a664ad7ceaffa4fe3aceefa0cd164b24655b18b3b4bfe03ac5666fad9a99

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\af94b264-8e70-11ef-95aa-fa9f886f8d04.quar

MD5 ad85ef4ab903b27e95c5ad4fe116c41b
SHA1 f08464ad607471f25799cde0b27ffa83af684121
SHA256 4e498c08b97d51ed8c9ef5a46f4b1ea925504d8d96cb37802e473d9d03f7c115
SHA512 761f95705ec494978dcc7d5c1221aab2bdbea68825b7b27aa5e7c4d278d353ebd3631d3faeae7d3f62633348bbac92a2fecd23ad3e2591f3565451f8a37c7e11

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\1b48ef60-8e72-11ef-bffe-fa9f886f8d04.quar

MD5 d3800ec3ce5748fca2c2ac29f3043b3f
SHA1 3b6e9d627c6555b12f7898a06c3e19a7f3a9a039
SHA256 4da368e3017ed30a75652448f18e8c9560a0eac68e47e5d1664349af9f89cd2d
SHA512 9f0530c30cbcb7331ce12c65323b84fdd434448662ab526cee20e981408f2ffd5c890a15c8d2549fcaf1bbbbdb133cf19a183e8c5ec4e2cbd28dc05ad2f31121

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\1b5412aa-8e72-11ef-83c2-fa9f886f8d04.data

MD5 c79bf59df2a7948903c0cf4c88b07efa
SHA1 c2730c9d997042148cf0abb4c659459e4d01b8a7
SHA256 fa787d77fef3a7e9c4251b4bff0859c41e982cbb31a306a19f7162a5eaa414a0
SHA512 be9ba38e79f1e89121d9a8fad18478a8b6a3de392eb5118354d606823574910c0c62e0bbbddd5c005ec3dd04dd99f24664ca031129b86caf672ad4ce3d79e769

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\0f2246d2-8e72-11ef-ad4d-fa9f886f8d04.data

MD5 ca30f4643669de4af40ceb6560f24b68
SHA1 1df9d2ec7349469a3cfe8a96c57234346589b8ee
SHA256 bbf4aaf96798dd5a1f76d684ef306102af298c576574df1e85c626bf486e5300
SHA512 39819c73e9f39bc26ea1734c343dbf17f394c022e2b57771e3eab3a79343d90cf7b6fdefed7dd19910fdd46bf103a3cd74f6bca4919bfe0c8887c1189da73d04

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\07ff57aa-8e72-11ef-b4f2-fa9f886f8d04.json

MD5 bae1c354f6ad1e46b510e4ddac43d226
SHA1 c4f463e04924fa94ef4124129c365d08be42a565
SHA256 fe03d4d5841ef7152c47b4ad9172a6b2adb1182001dbb85dd30e14298418157f
SHA512 e454c9e7d247ba772ad3349accc94992b4968c05cb67ad3177d10019c0290c5afc488db592f0ee87377a8aa593a9b6550cb0bff63372b8263bd8a8f474a75f9b

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\1b48ef60-8e72-11ef-bffe-fa9f886f8d04.data

MD5 84cd8f5a248b1b31ecb14ecfa46416fb
SHA1 a8a6c615c4ca7af14838293205080b6d2fc4cb8f
SHA256 d2dabe632e642c6c0f8daf8b1402bcae15fd7629e6ac637d62e82371c1ef12ec
SHA512 0125ded293efea4b301c9e40e2b78384e65bd1d0ddf850a8450eb3f930fc01675e9834b3211a0777f94446ab74e39b1a055678269025a1bb28b7fef2eb83999d

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 403e78cbf2d673d10e96c395e46265a5
SHA1 1c8ee0ca9416278f0ed86a66565393c57dbc8328
SHA256 9e866d2175d34f9d852f78ccb70cef914057564976990053e1d24eb26f9ed4f4
SHA512 f5e83d99d582eb99e9d023be1daca05218537986dd0e8d119f7d87b037b279cfaba2e8293a22f893c580f66b1a1e90159451c03f752189b73e59230b72b5b180

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 3051c1e179d84292d3f84a1a0a112c80
SHA1 c11a63236373abfe574f2935a0e7024688b71ccb
SHA256 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512 df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 68f0a51fa86985999964ee43de12cdd5
SHA1 bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256 f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA512 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fab4b53894f8bd6c78aafe2183ef609d
SHA1 867536e6b67316870c0d9d84296fcb18d4a675c9
SHA256 e00a12bd43020192da10eb288eac160df6a2a9743045d21f22a74c4dc9ff1268
SHA512 712a76b8754aadf7d08d6bfd4841fa637b84fc6244d0127158269ac377a8c8c4af404b678b13820ba1c67dea13dcc797adfdb5c88b9e1191db24416ca5b35a3f

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\1b5c9e7a-8e72-11ef-b3b8-fa9f886f8d04.data

MD5 c9d6cb60ee61d5e7fc4787abfbbff368
SHA1 bccbde064bd150be136360c31eeb36931823eda3
SHA256 c834df8633e1e960312e1bac868496ac19a04da00992da9fdc0af386e5852b10
SHA512 d2bfb89e71aa63195924775de87a6cd02e270f1dc198e376018da8a791ae4081c2fad3781568ede52fe051256d0d385282627d573dca1244ea4a322b2f6c5121

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\1b094e32-8e72-11ef-868f-fa9f886f8d04.data

MD5 bbdeadac592765403e832efc77128d5e
SHA1 92d859df4dd118e90cf580bfd9755305e53239be
SHA256 574ac4bfe7373f544ddaef7e7f3db9d543d15728965a45fc9ca1f2b456faf29a
SHA512 bf6908dae487a6bed9126ef775efd8f23676ee9ba18e000d50c5c1db95ec4e4b22f8b279b7657544f99ec5158cafe43c43b008c085044cebef6a7f514da13408

C:\ProgramData\Malwarebytes\MBAMService\tmp\5fd6385e8e7211efa152fa9f886f8d04

MD5 816b142a4782c9fc6e2ce955601e6a00
SHA1 b1235a1f1196ab02000f352b48b8606d39b0287e
SHA256 78da1f2e75bfe4a08e5db173d2f1e174c47a0966552616b8bb7510e983abff9e
SHA512 9fdc9259b01564ead791c9a4a0a7843f292c44ed83318a258ae91f71967e9908b7d0d1572ee459925893e83eb95a2ba1b808ea5eacff80398736d628031952e2

memory/9084-11937-0x0000000000400000-0x000000000081D000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 fba406732373ef3da8c3b289fd2036c8
SHA1 440051532c424ab7515564ca6d4ea7d6282d6b7c
SHA256 9bae68898830fb5bea4059679ad80068fca9befa0a645cc19f96ced3bc9e21e4
SHA512 26f8de12b3edb59f6413ccfe55f68f3434dedd36ad15f45616c2603075196ff944f0447e8ff6c8b20df4c662d1f8f448d1b5a678465aaf0bd041b4ce5627119d

C:\ProgramData\Malwarebytes\MBAMService\DDSCls

MD5 7be0363b68f49088437bf19f72573141
SHA1 d0cb19aed2e0c472a28afff6348634e114a7f8e0
SHA256 57ccbbabf6b709055bfa84d88b3a72351ffc488cdc1465b937b4beaea4a52895
SHA512 e35f04b01a44ab20819c72723fe7677628ccd6f7195d6bf5ffd807300db8e46702e8f5e6eb93cc3540fffd4db4837a8eaef338c0d35799003e8349f6da0b8ace

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 3d221d896092a97fc26da1b673e0f3a5
SHA1 a01867bcc14bf47319726596ceca6132a3edec35
SHA256 1317a4667b6e3c939acfede52b579b7c0a6605ea521b3f18ad2bb9140d2c93c6
SHA512 91eb4c9f79b878cfdfcb74830d80738deb9b254837520d7396b767803fafb0be8616752e0f687e5e5d602cec99d0487eca46b55c5af881cd4523205b19a56e24

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\53067ec2-8e72-11ef-b420-fa9f886f8d04.json

MD5 cf156fa02c5e56f692f3453d92433057
SHA1 f79e88684d5c664acea3534b5930350907f7223a
SHA256 a470ba2838b4eff927b3bf9cdc2e69e1d441d39f686f046aeacb01a461a044b8
SHA512 367826c9d7b3ef02dd4661c80aeb8d0084f096321ec70556ce7bb2d54ae5ef4faee73fa8d67d3bb9e552ffeb6a0667da1c29960bd10cca7db11ee3da75c2be5d

memory/9084-12038-0x0000000000400000-0x000000000081D000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 93b82f01976c9dd0614fd5e9b0a6e3fb
SHA1 2ca00d0617301fa1953fad1ff2d6b62b0d2d0c07
SHA256 7814f18ed96c01493d2311faae6bf61c46b462f385bcb7d0bbd2070b265ccc6c
SHA512 dfcded933bb8cba531fa2833c68572b1ac2cdfba8c2f56c70f559685d12054013aee8654f065139f58cd63b6629be49137869fb14b5ab448fd4809a217f6ddf0

C:\Users\Admin\Downloads\Unconfirmed 686503.crdownload:SmartScreen

MD5 4047530ecbc0170039e76fe1657bdb01
SHA1 32db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA256 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA512 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6dd39ffb80e4ce30_0

MD5 57a788eb5de8d90501c0dcf4888a0158
SHA1 c9200d92b2a286304328f3e82d42ed5ea2849d59
SHA256 727f2c3d4590a350020fdfcad3db61f5e00ad460936717e3b75a48f69e2ba2b6
SHA512 e6ab643e5bd050cd492943195b9ee24d75c5fe24de4960e09c807fcc11cc175fb620d3548786b0a7607201742e359b5e9dee8c69573ced40fd65b26b17995a40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2cdc24dc350e2228_0

MD5 a59ce73799f38070871eea75526a9bf6
SHA1 b2bf6bc7dc9ed124af3a4b260fbc9db758d1b910
SHA256 c3293fb9b3d64f42f785a2d5dc56c934140c37d0eaeec020777156e3496dc829
SHA512 3aba90a9e62fb58b95de2bced2adb8a194ac39b69103f84ea24caaf6f33453b7a1b79388469d214b51abe7b708384a3de17e7b300cda9e08487c0fb77230b6c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

MD5 09116619dcb4ef10f9fd371e37d59bda
SHA1 99d09968ce9caffb4ae120c53c64ac5783144124
SHA256 8cc2d46afe59e4a0f2ad0cbcefb92f8c8fc25e544837e684c204195df541d8ca
SHA512 db3424cb76da489fd4ce062747bf9f41b5de70c190b4b10b6c80fc383725b7f9c655c5477f2472fe22784a15e221964bd6f5c94ee54f0ab6eb640e078aeb228a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f9

MD5 6ad95e97ea7616b91e0ec9fa1430812b
SHA1 5e726f7b82481387030c3119887ea7fc0cec1e8e
SHA256 155bfa8f8443091ca84bd726cd6f09c0fcc42c8049281222cb3dc13e182c0d74
SHA512 188c56e52b1302b2ddf9cc0302c77c7644006330e99569bdb6e2a9085b72e1957b1c39cb75a56a0cf00fb8dc0e70f599d8e46b2fbe6c7f8e825408b6a12059b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f5

MD5 2e23d6e099f830cf0b14356b3c3443ce
SHA1 027db4ff48118566db039d6b5f574a8ac73002bc
SHA256 7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885
SHA512 165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f6

MD5 6284a51b81fc2bfd56868d95b3e60f76
SHA1 a794f42d9dc3d819f28fd645cb5aeca69a8fdd7f
SHA256 39f38531513eb2d6379f23052ffff6442446eefaeb16ca1aad33787334bb3c11
SHA512 ab69a8edb8930dcc9b7155201635be9e9e74628eddbee106459b63f3f38167387420d75433ad1d9acf856d236e948859e343fa99028bc56301603e1a5931982a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fa

MD5 76d82c7d8c864c474936304e74ce3f4c
SHA1 8447bf273d15b973b48937326a90c60baa2903bf
SHA256 3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8
SHA512 a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fb

MD5 2940076ef5b451648e126653123622ea
SHA1 46adb402ebad36dc277bc281d15b4b9643c4cb6e
SHA256 2766045315b53c22ce78b0c83624a7f52000765c55061a9deae19ca67897d664
SHA512 f695bdf186be90f1df6d303bf5beb5bec9c71a069978fb6adb23b68c893ef7ca0c5da2cdc32d39cdc9a8f0bbcf0050abeb3cc02c75a2861d9434591ac8680922

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f0

MD5 1b6703b594119e2ef0f09a829876ae73
SHA1 d324911ee56f7b031f0375192e4124b0b450395e
SHA256 0a8d23eceec4035c56dcfea9505de12a3b222bac422d3de5c15148952fec38a0
SHA512 62b38dd0c1cfb92daffd30d2961994aef66decf55a5c286f2274b725e72e990fa05cae0494dc6ad1565e4fbc88a6ddd9685bd6bc4da9100763ef268305f3afe2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f2

MD5 7fe4c7e5160e07920449b17f3b7c2940
SHA1 4efeb29ad3a180976839c958709a321da3c2f2dd
SHA256 9fd3b41781ffa2ca9b86df84c8f4ffbe0edb82b154ce03024659f7fe1814ec68
SHA512 421361c4f519b3f3b5e0be9d47cb22252d6dc865cc8d82389b632206b789d4ca4d274873e411c563f75152c2a3a33c83d4599e685c45a0c017870a43dbaaa079

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2d8fe49bdf07e192_0

MD5 6ec876cf47b391dfa4c5fc5ec4efe419
SHA1 ec0d7a26b853fc3402c662dd5c60e3466187222e
SHA256 3341e4bbf52d740b6803292485a4a962e7b3b6728225f3eaf16e271159f8459e
SHA512 d724c3f7801e471a1f40cd9acc78078fe5e232a57c79906d0a170acc8fa1bd9f7488b58cd79d57037efdbe1ff46b3e13231fef717bc08612f54aa6b7d4e44086

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f8

MD5 cfff8fc00d16fc868cf319409948c243
SHA1 b7e2e2a6656c77a19d9819a7d782a981d9e16d44
SHA256 51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a
SHA512 9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f7

MD5 a14e84d87d0b93d71ec0b85d57144dfc
SHA1 1abb95e6d066c3c21eb96c0d87d36019b2d5c920
SHA256 15951b261ae3172cea93d7b64d3f7c31e8e7652e63d3e5d221ae34b91285e8cf
SHA512 a5b95f6ca6b7f16950b35716843f0fc51278cf4124e5b01c1210ab0bb4c3e049fe8888dbe0d771f1ba3ba5e26ec1a18f5fdd5a3e4e52903b036f341a6ca4ae41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f4

MD5 0574f47de6f1121ae28fa42fc0d3118c
SHA1 6c0d31c44638f1190a6541f251c3e8adae6ce0e1
SHA256 a14ce3a9f80ed2fbce9fe611f5055e7dd2f933643de5b4ed4bf76c6733d61041
SHA512 0f6aa0571aa4d5fd9bab421d1d2af8c6529ab6512c29c8fd68637a3a34de66946403f5a78a1b5d84903adb36ea60a8c3ea361a822eff116f6617a52664c59038

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f3

MD5 7eab02c9122098646914e18bd7324a42
SHA1 5e2044e849182f1d3c8bcf7aa91d413b970fc52f
SHA256 d58d66c51a1feb9af55ba4a2dcf2c339b7976dd011fbd5d071ca86b9d7f58a42
SHA512 dbb0f94de62d7d77d4bfe6c298043c559a0d4bc117bd7dc1d627caabffa8e712cec5e3adb4a737b350429493ac0ebfb81c8759aebed41b30218d0e7ff6f3196f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f1

MD5 2fc909d72b9efe85b9edee40caf9acdb
SHA1 e49a82568d68cc0df49a9018918e8d9799be5c45
SHA256 4dded3fa8a503272c8d1500d6e0667a1ef57c61ba5332c48e3219bb6f8e1c030
SHA512 f5a1aecbbc881e2059d30203da5a5f68dac2c1128926e8d33be79e1e3c70fd3aaae350090530c9d190ad89ded6539200821d6acf5a3d122313c7bd7e84f30bf0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fc

MD5 5631d14803bfeef2b891791f0c8c456a
SHA1 f6cded7f79ea091f23f0b8cdbd1f97d0a412d721
SHA256 a0a76e5cb026f6bb2621896a5d5b0730f9db44d979de5d65f0541ec8a57d65b2
SHA512 ef30bc67ad6e3041cf0e77b5ac6c46fff59e3cd53231df711ad946e1b68c158e60878ed954e4d2018adb4b0695a23313df1f652c70cb018ef5a58cf1d4ed39d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 33184c719b4359a7e9e08e6566730fdc
SHA1 9c419186c9139b3014b75c260fbf51f41936e549
SHA256 1cb9d6a1560b97d422d0e86b4ea7128d82a69a127803d43979f1457a2af782b0
SHA512 96147336483d02179f1e9e4e4214abd330f8ec59ed0477fd05cf5162de2c40a2127bffab1608a7d1591a72d4d684d1e8904ef7f10285808ee4695f21147d3606

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4f032e49500969f1a784b1620c0579de
SHA1 7744a34b0a4265c16057651a630b896dad1209fa
SHA256 61d85dfa792f8e5b39dc93f5ce9a14264838b081799f0d290771b6586a1d3d8a
SHA512 ea63c1fbe72c360363ffbf9d843fcb1866b9b1b2ebf26d24ee3565959b3449d83dde571c58a76bea66cd42da0223adc4f5f74f6b76d282551fcd674d3fd8e980

C:\Users\Admin\Downloads\Ransomware.Mamba.zip

MD5 f94d1f4e2ce6c7cc81961361aab8a144
SHA1 88189db0691667653fe1522c6b5673bf75aa44aa
SHA256 610a52c340ebaff31093c5ef0d76032ac2acdc81a3431e68b244bf42905fd70a
SHA512 7b7cf9a782549e75f87b8c62d091369b47c1b22c9a10dcf4a5d9f2db9a879ed3969316292d3944f95aeb67f34ae6dc6bbe2ae5ca497be3a25741a2aa204e66ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 79aed039f9e7df84ebbc2d764914a59e
SHA1 e5e6fa0702880445247fe2ca00df5440df0a9058
SHA256 da24a20ec1b7114b022dc80261e749b07b77a3799a1faf9e823bdd637b56bd6c
SHA512 8565fe9d1a2f875484c812f48c68d579240f39e5ce6ffa9c185216365a9714e0d4216dea01d1baf8c30305d71608dbfe0bd829bbbaacaea02bfe4c8c12e5b428

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c49537c83e0b8b30dcad2b0a91a88425
SHA1 4b1b826b6b5119ae6166c83d20dd7551b6f7f6e6
SHA256 01e66541ca04c28a5fdd92a996c72be35cda79428b89730546f3a868180bb47d
SHA512 34c1c3b8d520aeaa982d103045e7319e54c0ab2c183f7f295b3c3376b06bb31d5f8bbbd5a9d8d96d232d994a50546ede62b28f5e28d76683bfe1a6d72061abc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3c545266bb843ee794acd2c82bfb51e4
SHA1 8434744dc2a0506abf3a274a7e563eedcc349d69
SHA256 49e3a7a583d29a33f1b71ad61bf6fb92f83bb58ca2d8d47c75b57c624600a161
SHA512 b5d10b31b81c59a0f27eea0ec3270d2a60dff2a36da85ee1c00befc831101a79ca4e2e9855c42044afa154b8ce282f1e04a11679051358be3071f4aae8c37183

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b90de343a595790643fbd726b3b0b234
SHA1 f99c6b48f75077481a7309cd95d818a7e3c6c85d
SHA256 70be4d0e80eebb7cb828be30fb9d7916226e2b8b0eda9aaa20f6dd065e297dc1
SHA512 2f811f0d3563c3b009a2bbeb4db5bf6fed2921aedda06a9b8d3ec578073f8d2436c1e0d939152a456185bbde4994c4f2b62215e522892a1cfaed861af3815162

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c76f027e45765ca4e4c93eb92bee4341
SHA1 1dda50fe1d070ffa6b184f49d6fc0610de9dea2b
SHA256 b93742ccc6485c999ec75a0584982938fa707d7756353ff5cdc12ccf57880c36
SHA512 3c216f40ac6cee4e6336f7202840972053435b94e126fcbc4f5c1ffda8fb65f488036152f2ff410a3e09004a870726a8422b565c2493e9f48daac2e68fd04537

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e8c51f681e6d3dc8e341e906f097da41
SHA1 2ad2303f26b31cba4225e4325fdbe5e7828fb79f
SHA256 87779fccff7084f133e2e3ef8a49574a0172a5dd8c31003e5f5c3ef3b7d7228b
SHA512 7a67237d77fedc10ab9a446bb793049e266123e0375e27b1751182e1bd299b256576770970e9051935392030dd232d5d0bfdfa3f2ac98b265cf51835a5fc0676

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001f0

MD5 6884a35803f2e795fa4b121f636332b4
SHA1 527bfbf4436f9cce804152200c4808365e6ba8f9
SHA256 cf01329c0463865422caa595de325e5fe3f7fba44aabebaae11a6adfeb78b91c
SHA512 262732a9203e2f3593d45a9b26a1a03cc185a20cf28fad3505e257b960664983d2e4f2b19b9ff743015310bf593810bd049eb03d0fd8912a6d54de739742de60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ddaa6008a4863f01ade7c6e797d7a0e0
SHA1 e862247acd4b12192b8394ae0e52c7d040cb8530
SHA256 dcd0db3ca6131b912be2b12cd044bff1e9a8c0d5fe741dfb5cb365380e43953f
SHA512 4ecbedc3dc844b577ae1316dfe920dea037841323020bdd607b7c80831970c4e8dd6f26cdc549f71480f9b3d50fdd4766a765a362eb1cce2d13b79be96d81574

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a49c3d0286b15622a5881b6c68d8fe73
SHA1 47fc02004cc1055e41fc6ca5bdd46f8d84752ae0
SHA256 128246a0607c06ebf78f26266af3b1c5ff306a6d974cbedab41ea354f7f9608a
SHA512 91f83c4911046b3a9d628babd1bf6b451c249db171683050e376d45e738dbf526354be7457596a1b6511689d50353501fd44120e499b7e22583e01fe656cbfcf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b19d310669978e917705ad56a0c88a71
SHA1 1a8dad9f7d0409d6a7e7a4ced5332efe8b5d3ae7
SHA256 20344fcff95571691dbb2dd644af284a20a98f6242272c2e52c995bb2388dc35
SHA512 a9b706dfb218b0b5ae902f3e06d945b8a6739c751bb730bfcdbe4f8e4aaa641c17c3e4d7e7bdcda0742d0170e942c4dcf3f474c09a33393620c209ee9371328f

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 247b1829750b0d823183c2bdc249d30b
SHA1 6289998e7ae81d051385cbf8fca1fc904f10e5de
SHA256 e620b7f96d94d65885fa3e2a1c295c33dd38ce85db688f93b18f51e0ca57bd2b
SHA512 e82d69be94d45202b9a39c5e70249694839107425725eea9ab46e2f9cc6b2c261305ffa7760edc9e1234ab4db0cc9c40108b8109d8bdce422612775d77aff2c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d64bef41906bb8bf41a80dc7fda945bd
SHA1 c9dad53dbd111650ad88bfa45f645ffba5e7ec39
SHA256 0103c785275a583a00901608497d58322af332fa63122b5d8ea52c4c9f9f0ac6
SHA512 c216c4586e381affbbeb0ea3b6c8145d5cab6e5428f998b1a5c4820dd6360f8f3874f1ef9d77992af4e3359e4b1cda53ac94d0b3fb417182cef5dc1127c70c41

C:\Users\Admin\Downloads\Ransomware.Thanos.zip

MD5 00184463f3b071369d60353c692be6f0
SHA1 d3c1e90f39da2997ef4888b54d706b1a1fde642a
SHA256 cd0f55dd00111251cd580c7e7cc1d17448faf27e4ef39818d75ce330628c7787
SHA512 baa931a23ecbcb15dda6a1dc46d65fd74b46ccea8891c48f0822a8a10092b7d4f7ea1dc971946a161ac861f0aa8b99362d5bea960b47b10f8c91e33d1b018006

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 eb10f17f39b12cef8ca2e1d117cc5125
SHA1 858ef2a231c9fbfa43418f67d4bf02b5d9bd888f
SHA256 16699656d3ed4d8c3befdca0b7c9dfb80206ba2fe22ef260d48c286e99cf0aa0
SHA512 245f1c5338022327bcc0cd5f7003c8bfd6bb4bf67104481b332934d5767c2b67c5244a2c68286afff8e2d7058d3cbd887fe59e4b89e43e5d10940c351948bc3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ce38302e95e7874ffefbe09076673fb1
SHA1 33deb9878302bef0440615b398312810e8e73888
SHA256 d6ad4347768cd6c80d21af0dc427aec971aa7bdec16dc9c8b2d920b56ce1205d
SHA512 8e70ce24265d2851325140019da184b97bff703728f48c9ca9a11ecee1f1a92ec9c92a49ee29f0b4a996e7c1a9965ac98dfd7596ce19beb049a39416652fc38e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f774fa9c-f065-46df-9b00-9f417521f77d.tmp

MD5 2af54a0458df3daaaa4fc1e9c7c9cfda
SHA1 5e1d98e595ff81cc12e6aef4c84c968ad8656c8e
SHA256 75248cda2522e621c5a29e7e2e8b6fcc8e343279d3c04020962880302c68c71f
SHA512 9150706eed838bdc7a4b3d02432901b592aefbeadf72e7e015085c0a95b0a0819e610cce34bf7e4bdcd5e236c4ee86a16e0c312f9e67170076f4045e8c915332

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 412a8df59bec2d9529c688fb28a393d4
SHA1 2c05f2c21928be1db45bf7846accd52cee888053
SHA256 da394b752ca3949fc8333e1579a82c6e5052c703fc455bff415f106fa60a542e
SHA512 1771f33fdeda3d1b8da9d59ddc2bf9c6755f29b47a5b2101ea8d53ae5bea542cb9b0a4b3fd0e39d109c7d66bfc13af6ddcfc2fc47d77861ba9fce4b6a5804548

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 efd92eacbd514f5a5e8ea22688458f39
SHA1 6076084a5effd81f8256ebe61be481cda20b927c
SHA256 552db8187f5957da0edc60a3716a72189062528883155a32913b5c95742e5f92
SHA512 1dee9d758f97251a9be40dcc4a675bbad37efd4951578d5dabe87961c00daa774a67a754af0d6173dd0653ba50fc3b66660e3a75eaf23d5aac9d0003b3443088

C:\ProgramData\Malwarebytes\MBAMService\HubbleCache

MD5 dc124f3d82381b6773ff59c498e06b6b
SHA1 4837cd6323a84bedf27a56ba26e22fe7e1f1c00d
SHA256 15707b63dad34b3331a3f42284573705eb04af1d0fa2fa046bd1056d3a3d1689
SHA512 518c8c7e451029c10af1220752a5a2e617e832809999e687b1d3c26f5fafecd610f7e5e680d5807c647506be65770310d116312c69554088bf72c4b742c9d9cd

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\0f2246d2-8e72-11ef-ad4d-fa9f886f8d04.quar

MD5 122afc3523f9d14fe38722632bc68741
SHA1 19b9f3f82eeccb766a3a22128368dd5650d7b558
SHA256 998a8149e67a6490f2c0e0443164e54b05a1ec946b7e172bf16465dbf1e02e6f
SHA512 61afa691d9f010a61ea6abb93192b1bd99841ede8a89fd5b3ac673ddf2b2819ab6ddb3cf3409b33746a2173f2d70084c07ccfffba39c83bc2cf17baa03145d7d

C:\ProgramData\Malwarebytes\MBAMService\AMECls

MD5 de0cbfcab31e65edfde24c26e4907d03
SHA1 098518e908b977f3cc643202af65ec31667e2d80
SHA256 a66b2d43e0a43ff4bb9ed7e99fd3dc85a12d0fb14afa1a7a7615afd3b46fa601
SHA512 4c76facbffc72766122ffbab72a6204f59ccc92482266b3f3d2d74ca8fb92daf204a01ca0989700170507f2bb768304c2cf5aa15c4c6af878fe82454b3342d5c

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\1b5c9e7a-8e72-11ef-b3b8-fa9f886f8d04.quar

MD5 8f23d1aba1ddd95a5734f4522e4d7a7c
SHA1 dd9c607d08093a17ad3822963679453341c9a767
SHA256 640bc6606b90d850a343a30fd8280b376fda92aaaabc5ab7b2540c624e0906ab
SHA512 2544ab051c868bff8e092bc6192a0ad3318b44b5d4bac3a24e735276ebd500d9d1c1567e7bfe40329aa18882772fb4dfee42c59cececa414c8a017f56dba0ece

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\206742EA5671D0AFB286434AEACBAD29

MD5 f499955114e43ce3f139221f3ab7bc82
SHA1 0fb1ec1994f6302f569fbc8ab3983379e00539b1
SHA256 b1f49f2ba3d5f3bd61a9d7c8bd3e07a05a6d0eda04b72f56b17ec93b96543c0b
SHA512 e2ce1bca7f7dbd36fea11612f8295a88c25f3a4b2035a15d163f942739c5d9e51e3639241356cc4945f6246a0017ad5e884d5fccf5ca21be4e99efbf47a83b9d

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\206742EA5671D0AFB286434AEACBAD29

MD5 01f8f619255cb2090ece811ab65d88ce
SHA1 8e750f459daf9a79d6370db747ad2226866ad818
SHA256 3d29798cc5d3f0644a7e0dc9cb1cade523ea5ec83b335109b605bfeaa7d5f5c1
SHA512 46f16bb99340f8d728c83ff093af9d4cff87811d432f92a804741144f0f3fc0aa8011b1efe0c24e0480bd6c7cb7af699077f9b8fc7ec8a40f9f7a186725224c6

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B749ED954EEEE8F51A69CEDBC94BC76

MD5 b62209b8db8599815b8e6904747b5abf
SHA1 79ab6f7c913f4ee77896f585eb836cb3737762d8
SHA256 08df606fa1ebc19eeb482772f356fe35afbd53fab6a58852e7ec548e11b79c7a
SHA512 40e7e24b280335e6a2b195807e66741898da01ea5a2d8ceed0c0add49580491a1ad093d936dc271e0a454595fadcc6fd33ce3fa50a6f7652d529c8d249df4d52

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B749ED954EEEE8F51A69CEDBC94BC76

MD5 ddce882a5c1b814661e39e3e518186ed
SHA1 c8c6d52015c2da7be6fcdd0014dfaa485ca91a55
SHA256 432de0722144c03cd6c8fc8b60c7629260f2032e4f48e49a45cc638d8469278a
SHA512 44326ffaf71668185527b00f0f43bcc888683fbfc93860594a05f3b946226bc3d708d6a5d682ad4143ca9b22dbbff7f5ab6524c1e0110ac87cb6ab8a9a91874b

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\1b094e32-8e72-11ef-868f-fa9f886f8d04.quar

MD5 846970f24e30c6dbe644e21dc3debb5a
SHA1 0aed3eca19dbe3c231f7a75d6a139f83ac5e80a4
SHA256 07cd254838357308fe59472d73a69f3606e79e7bbff4d2a3ccd2dc795d2018ca
SHA512 11bbe50807013546e10f8c348eb217ec68b15657de7a05ba412cc5e1e776188f50e5690dd6d73088e3f566626c834662f527d720c0a5ec7bfc16e0c92a16c8fe

C:\ProgramData\Malwarebytes\MBAMService\tmp\bf5df0148e7211efb658fa9f886f8d04

MD5 01421bd66a2857f89c6a9923e558121d
SHA1 0f070e19862ce821178180c991d470778fb9597e
SHA256 1407fa23de3c2ac325e0edf5c360e9bbd4213a9d541aea27b52c0b27a7887e54
SHA512 99dcea672f8d694fa2662c1558fa976294ef7c13322affa3c32ea61243e56caf20cfcef0c72f23b0838e17922bd80d617984e5eb13ac995b628719c7d4818964

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d14aa2a50abdd4cf_0

MD5 f4bbab032245f1a333499ffa4f2e864b
SHA1 8d2aa6b4b003b4315703708c7198d78dbe537bf7
SHA256 c963a229a2564997440bf0275cdb03bd1ca25dd17026a381812e4de75cd3e4b4
SHA512 5e213f2109f08f4a39ab3b8f8ba74710db43f713f699e5632b68b16e95e3e2a7d7b58b3ac9708f38a28b98ae296b4af19b4aac2e7568909798489123ed25c9dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\88d32734f413207f_0

MD5 a56c8a882614652dd7da9fd800015dcd
SHA1 adc4e4bbf9f6bf2e726698c227a593461ef50d89
SHA256 3337aacb6f1e61f1a1c410ff8b46596be39c82e1d4063a2b83b94e4b4d0d485a
SHA512 c47cac1632e796efe753e9398113bafefc99fa0ad1deffd3efddd1d1e33edbc8fd6c23a73c8340bd6839755184693e80dd6d0a2e3ad2f46ed11415687f9de7f7

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 c76d26949847055a90f2ea495fa50d5b
SHA1 4577acbe7d4ca00fe7fef66723903777545281a9
SHA256 a3b0b0e3af98de2cd3cdcca9de86127932175bdaa5ec05aa74045df38fab6dd7
SHA512 de6c912a604d272af540786283f4ee25301529509c52ddef0979ce89fa4326a70a1b1ff0103f7e6cb7b8e881a9e46eb6a07d6bbd0a0c181af1f3542950b5888d

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 227033de7b3bcf5f801129a1d6894a22
SHA1 49a21b2600a185abb40e2e32ed25a7a622ae96d9
SHA256 4db876392410ef590535dd85e075208d60b8139907121108e71997b6afe72b10
SHA512 cb204f1024c348109528bac42ab5b768a98f12b4cd3f5d7042ad238021a77d479bf16bafdf51d736f5b0dfd92dc3e6ba14aa198b797a173ef5f9a2a2bb153b0d

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 463cb938a1eed01d2f73d8b3d53047de
SHA1 681d3e3be456c341cf97889d4d9e7ccf751777ce
SHA256 748d6ca8d66b36f7252daaac9a84aebf771bce5de5364eb2e6bb24a2e8a9668f
SHA512 89790af9e0a53f0e2d3033faaef6efad123b0e36603836cef43e404c672eeb0c4152016690034590af0980c2d09c8cd3badd783c15087d8e012e4daea25a21f8

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 675effe7d5b090570b43cea62e146687
SHA1 dfb708f9224f5b5cf8413d4c4eee249366d07508
SHA256 7bad00a45d4a41805d91cb0390a81fee667974a5e3dfff13937c12665ba90bca
SHA512 3315756c18f9316932d1bc2421c2458b5d73fccf2155b055b02deda8fbfe4a61aa830a38ee1fbf48d5a34f4d6747e17a76c5f84bdabdd7a2b5be3d03f882a52c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 01f58815d3c5b73382f9553789e1fed4
SHA1 d8ec72a12b606c953bd6c03786f09b7c2b8d6971
SHA256 1bcedc1013e39b8ffcea3e75711f5f51d1be6ac53150fba7e5cfaa185235275c
SHA512 37ae8120aa413a27843028415502455b85f1a00195697c41f994cbb3595aa1666d1f7a819b1ed8684d9b236f98d9cc4fcb8514847dc07eca2e3026129a84974e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d2ce766858b6d38efee7f28d076f0ebb
SHA1 d5d2e315f3951c4364095b5d6d4454310195e0df
SHA256 0dcf6769e1c5889b9db1654369331b9983197bd02d28909b077736a936e329e8
SHA512 8f2201675bc87bf6e453aa76bcfb3dbbb7b87be3fc2e78f60ee26801ed8ee18e956089a7cc52486096ef123fdfd7fb8ba3706dbdcd877b5ac13d22758c249dfa

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\b3c8b28e-8e72-11ef-b414-fa9f886f8d04.json

MD5 9969c7f891ca06ede99609f7bd864b23
SHA1 19f0f155623539667f763615cd0abe89d0859400
SHA256 01c0fe9469f5b2958b4da90af4dfe0a8b4a2241657b4b7fa4242479beb18409a
SHA512 214e4c0118caf8b99e619018ec4ec3e336ad722e87270541c9b529f459b3d9010c2507741e10c739ae58a54489cc47fabaec025c1c1302719354fb2b1345c2d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ab9c14c6518b9f6de3b50e500e274dc6
SHA1 20cb5435a178c1f24a0c3388c3012d3e976f1e05
SHA256 c149035cff4a9987b236932c4e6382b2ca2ff8beeee9f04f7f57ca2916d9a139
SHA512 8e892c83d6dfa52c4dae5063204cf795112a694e5b0fb5f4b914aa4137fbfc6a17c5400983fe49c2dc03e64a74e0af2e65b310b2d2bd6c1edddde45047de89a6

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 f4c63e982f510f9845982e8517a2b254
SHA1 2c5255e012e2a310b6a509b6d73d6f793a983a0a
SHA256 62689729a1bc05e7cbd74216f2018fcbf902d078a48bdcc055cd54f46351c825
SHA512 166677e2407bd3317b927b06c718f4ce9aa7c072eebfe7d08718aadea8a659fc1167b93e16222dd76600e772907596dcb0901d3f65c5f5a6257368f310545aca

C:\Users\Admin\Downloads\Ransomware.WannaCry.zip

MD5 efe76bf09daba2c594d2bc173d9b5cf0
SHA1 ba5de52939cb809eae10fdbb7fac47095a9599a7
SHA256 707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a
SHA512 4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9d507a2034a08be60b8cef1fe39e63bb
SHA1 c4c8823a55f7e98ea7e1a7ee4c342f64d7b4dab0
SHA256 7a1e3fc7465a46dae36a39e2404e9988424505bf4984bfb004a5e5fe7b61dc2c
SHA512 fc16ff76711386cb7822251d03fa4487c8e276f7eca9bdf01c31f118304e7bdaa631f468b3ef214f37d52d1acc93fe4922c8a136a8c2b0b007586c21aa033e7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b08af8139e9079e026f8cd55948b54ad
SHA1 505d4e310d84b5407478088dcd3966f863f12580
SHA256 f1e1a19bdfc028296ce0dbb4a16ff4cbf4f18fcd4be4a2565571f4c6462880bd
SHA512 e47075c9e773b9f22a16c4205ad406df70a8295f332a9fe85fe0a314b563577780887bedcdddc4a8334176e613dba4ec5aacf1c99da11dde6fe88a717d487410

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ad3da63b93fca116_0

MD5 b0bdca4e1e3020dc4311116723e62618
SHA1 a40c0a8dfc03f3057df4c3e55571d594fe7931dc
SHA256 f3cba960ab04c9fdf7585af0f8a6489a975381f6f8bef0d25901b77ccf03eb30
SHA512 577933797129b895f1feabde50fe583f8b809611f8612c096e646d8cc68b3e4d213d4e7121f21b5adab5b33e17c3cb0cbc4e8b4c71fc37adca2d8de92a12a1b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001d5

MD5 7e54e83ea94450b4117e7cee8bc41c4c
SHA1 29234140a0265b54e1775afb34147c574848a669
SHA256 934fb71b2afd2294c30f2e6ed4608393cfc24663af18fc734f7ea8e25f020997
SHA512 2cd23aa3a508abbc929732a47cedc84272b2e51d10ea5c0bf819bb1a0119ca71a42af5103ac5bcc3610acb2480cbc2872df42bc26abd47942910e7d8d290dfde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 986949df33f27a81e3a23ec0c3cc2e89
SHA1 04430923c7e58bf1530b02f19d87b3b56b51c06d
SHA256 4daa8580a500a52b9040f4b373359593439cb97e6e7ae9502074f3fd9fdd736c
SHA512 d0b0b228881331eed85818706d7970feb3133ee06a87afdb3e12d5127c25cc084198895df621328d7da71136c96bc64022d22701efcc2f15bc9b91c4f0054e3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b6f0b0024d907e7dad79314b6a328629
SHA1 d0965d3371ea6c329fa84641a73dad36b69cddb8
SHA256 ba33529ceca280f36ebe127c94965a19256884cdecbdd75af0998e3f0c1fef98
SHA512 113c2459ac3e8dd22aaa29aff093cf6edba00fe2c9277758a2152d1325f48f23eec534f0f5ef9a5f349dd3195522e1902b904918e9c248b451c81d15a85c7e4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dd1dad0a84d2de5c75757afb307a7704
SHA1 1887c9df7163076006315c9677f4cace0ab092a6
SHA256 3f06f7dd96ba0a1f913d906884984a039e09ee3a169a22b7bc0634e66e7a9009
SHA512 dc9372756f80f860d2dcf97f1459b83f0ba4fe7e0ba9c45d0b8293c745dcbde116f1150b66c698c0b69ddd37f420f62dfe04afc8c8bfe167a485c21232890f37

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 0fd33f9e2c3e12d07614e9a79ebbf7a5
SHA1 c84e6039a5fe5a939874a7af3635821c4cd3c425
SHA256 b38975560fe238183f241d8796ea484fad19b0c294e8ff8db1409422bf0a807c
SHA512 c557bbe2ca4984b3ea7f9ec29f75416a4ad0cd6a0501f82f589655d3985ab1126e7aa3b8d355ccce7dd4525218796e1abccd616bef064ee4408a8ffa4fe51e4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bf89ac93574b63a5f995e96664bef04d
SHA1 406c3c9b51ef1207dfee10f88322f9a6ee19a1de
SHA256 4ce1533496ea045ba3ec14452a32ebf72acc9871449d702e01ab87c6bf81e16e
SHA512 9152059ad5a565f61b4b12fbf776c0f4faf9d9c6be5ad705aee161287f2128f8add50b9e74f41faeb7ca1ecae7d094271c476feddfbfb037baa05b57603e1796

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd7a595c72c52aea_0

MD5 71850e0213d5aed68918d7bd718794a7
SHA1 e41c64ff718f7a93aae0e64216e2730797f15327
SHA256 173946082cde8772fd6191fda97606dc5fff58ada8d6951e1289e1bc73cb7f11
SHA512 a82ad4597bbb34f33634a01fcfb31d100a0e8e02ebadbff06fade49b5d0527edada2b8fc4d65132321bbc9a924a38ac5ccf092d3fe3dcd36b57ca24d2dd82a14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 da3a54b850657f0da445ced6af8c62e2
SHA1 4888bfca1420965fda949c7e9b23a3bdc828d55f
SHA256 56076508ed770aa4e13df8adc874aba7390d4cb726ec8f53685a4406b86c5d1a
SHA512 5886949a7f458f8e159f430a5733e6e2eab54a82beb93714ac084fe707f3e69308913d8796638ca95968515ed9e6d4b20fdfccdc7589ef8431c12b4477bed146

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 30d7c2a446c8338c96c483b7b5689da0
SHA1 c91d4d53fa225ea88cb736b9f3699ea32af35dfc
SHA256 c028c9ff33521cd5b82d98eec54c550fffd11a27ef74b02a98d44075cac61a4f
SHA512 e9e32df993df80bad68573542d33165a9a6d5470dc5c7e572b1c239f14c79aa8895153678d800fcca741085cb7c47a146d2052304028f2fd3b88c07071049cb7

C:\Users\Admin\Downloads\Unconfirmed 253938.crdownload

MD5 53f25f98742c5114eec23c6487af624c
SHA1 671af46401450d6ed9c0904402391640a1bddcc2
SHA256 7b5dec6a48ee2114c3056f4ccb6935f3e7418ef0b0bc4a58931f2c80fc94d705
SHA512 f460775308b34552c930c3f256cef1069b28421673d71e3fa2712b0467485861a98285925ae49f1adea1faf59265b964c873c12a3bb5de216122ac20084e1048

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d4c6acda88e4f30da7a0a7e77d789852
SHA1 cd7761987624868a17b88d6c56c8b240e15f5722
SHA256 81e98c7d1ef188d98969976678e3c6908e4cbd4b5a82be0f164e4e56e1710135
SHA512 ab5a1576a942970ee5788c01f16c399f20599834da349f9b546a7fcc90a433cd5ca4249d5632e318bde34a0b107140333b403127df2803642bbfe4229a0ad914

memory/7072-13818-0x0000000000400000-0x0000000000413000-memory.dmp

C:\Users\Admin\Documents\sweet.jpg

MD5 58b1840b979ae31f23aa8eb3594d5c17
SHA1 6b28b8e047cee70c7fa42715c552ea13a5671bbb
SHA256 b2bb460aa299c6064e7fc947bff314e0f915c6ee6f8f700007129e3b6a314f47
SHA512 13548e5900bddc6797d573fcca24cec1f1eefa0662e9d07c4055a3899460f4e135e1c76197b57a49b452e61e201cb86d1960f3e8b00828a2d0031dc9aa78666a

memory/7072-14925-0x0000000000400000-0x0000000000413000-memory.dmp

memory/9028-16032-0x0000000000400000-0x0000000000413000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 c69931dab79e001519b9af50db256400
SHA1 f791ad1327a2d67f946e1489a4bb11cabe2cae5e
SHA256 17f45e77e1bca5d623562c3eb8cea409c3099463dbc2878875b55186fd2d1c44
SHA512 b21d5ba36cf6a114c0fa821eba979028293b2a987c1be5b74fa6599bfd82b9fe2bcaf1325f21c8ef680951b6624ab480f328d20e5a250ab339d36cf377ea454f

memory/8068-16044-0x0000000000400000-0x0000000000413000-memory.dmp

memory/8068-17148-0x0000000000400000-0x0000000000413000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bd63e57c6aee2895ed535c6beb90db03
SHA1 8d5d81fbaf201fc623ca5825f394cb07284af2d8
SHA256 be3efdc50eadc279221f898681b1300d331a979cc9f2291c6b5b122f45f2ad24
SHA512 80130560e4bbe299da7b8d1fc9957ab78b3babc08c15e7000394518407f1459fedecdbc2e2653632c348c87a95befc9e65ca922fb6acc02e3921f6cede44f649

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 62f0279a7b0b665bc906da44e5cef02a
SHA1 28480ded8709337e87d60c21b0ed1e442cf2a099
SHA256 91237bee4f8bd5e6e96f3c9322cbeb0fd9c9f066e3608ebce15ddbb611a35722
SHA512 060eefd7b55272e92f8c4cd59435d82e684eb3bec06b9ff87504efe3793c38076cbd791a2435d3d8b34b55362a4d525d275b9430c0c820c526a7c30c42c137df

C:\Users\Admin\Downloads\Unconfirmed 509617.crdownload

MD5 fbbdc39af1139aebba4da004475e8839
SHA1 de5c8d858e6e41da715dca1c019df0bfb92d32c0
SHA256 630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da
SHA512 74eca8c01de215b33d5ceea1fda3f3bef96b513f58a750dba04b0de36f7ef4f7846a6431d52879ca0d8641bfd504d4721a9a96fa2e18c6888fd67fa77686af87

C:\Users\Admin\Downloads\Unconfirmed 924085.crdownload

MD5 5c7fb0927db37372da25f270708103a2
SHA1 120ed9279d85cbfa56e5b7779ffa7162074f7a29
SHA256 be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844
SHA512 a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

C:\Users\Admin\Downloads\u.wry

MD5 cf1416074cd7791ab80a18f9e7e219d9
SHA1 276d2ec82c518d887a8a3608e51c56fa28716ded
SHA256 78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df
SHA512 0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dff2117e22b1492c2a58b516954252d5
SHA1 1afdf61db0596f5f566f6d2b92a4de89dda7bc0e
SHA256 6551409c2849d91e5ba614786364625ecedcb5c3c8e25a7b6ad6cccad47e8989
SHA512 b9690059ca1d888fbb579377c3fdd415389e28b3b248390bc8a92d8447fbc96774102b941b125efed8c7b61f8ce6a0e32e4ed0fb08320d0b7a0eeedb01312d6b

C:\Users\Admin\Downloads\!Please Read Me!.txt

MD5 afa18cf4aa2660392111763fb93a8c3d
SHA1 c219a3654a5f41ce535a09f2a188a464c3f5baf5
SHA256 227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0
SHA512 4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

F:\$RECYCLER\!WannaDecryptor!.exe.lnk

MD5 c0afb4201491c55f0b5cfacb31b01043
SHA1 6ebb9c6094241110184dbdb55e43e884a28cbdf7
SHA256 82cba15d4f1a20eaa3b9d496a6f71741df75bde7f5630843bf7d4e89da41692e
SHA512 b5604f352763a890f1219b805f16c2361b0fe60b3c4d1a54006492b7d584da1c3f20092b118c74c22e6b889ee70901dc6583b70d3ad5b0cc0b6fe0a9804b2cd5

C:\Users\Admin\Downloads\Unconfirmed 337730.crdownload

MD5 04fb36199787f2e3e2135611a38321eb
SHA1 65559245709fe98052eb284577f1fd61c01ad20d
SHA256 d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9
SHA512 533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d15bad476bb513d860cdb3820f91f302
SHA1 d353b5b5f00d020b072d20a07db88e8c428c9cb5
SHA256 be2aaa12533205602e82629fa8232682d40d1106ab4dc7793e6cf42f4b2e85d9
SHA512 9b16ebfc5c74d8b5fcc8ce2abf65cb6dc5c8a925685443765d1f606ce40e11ac01adf3b215c1f0f4be6bc7742eeff7cc6a0f832d1e662cd75bea7f4300c017ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 49cb0eca017c8c38d518f1267727f455
SHA1 bb9ed47a38fb090eb53f69f37b7ee658e6882ade
SHA256 a119a30ce7af68663a8a0bbb81296f287069690175dd162e9265d28bb144f0d5
SHA512 5eb3cb70bfecf0e8f4379ccc0388585502496f04907c0ab35d1a5a41e279dab1b8beeb346cd532e9db6e8cfeed7eeb8c6a73706197b2ac5c018f17fa6a95ac20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8ce74b5f-a01f-4541-96f5-1ec2eab1c68f.tmp

MD5 a1561504237b3fd4bcc4b92e0231185e
SHA1 5a2472cd68d135cd4c625471d7f5dfead2e4f507
SHA256 d99c9d0bba6786dd888343c81e88713d319473f20a6fad4010740de4bb671ac4
SHA512 a7f2bbc856c0b0e41687cce13149ecce63e6e07f0084fe5f25a75822c6219fbdd18c67fffc7bc88037034b1d2bba91d98aa450bd8d039c42cd64c550f6010ccd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0675c79dbefcb037429138e559935d2a
SHA1 1d8b526b07165467d42c2dcd2f8b6c7c6f6e1c83
SHA256 dfba572f61545b30eac8aebe3c7c54651e66c9065bed1b2c2de60efc186daa45
SHA512 05fc7bbaf3af89cb762675f5da60c8dcd535b00f9a5727f588e7fe6ebfc14bfb0028e38b4c171da99fec1d461fa08ec7f03f4c8ecbe3582185292a2caf2aa62d

C:\Users\Admin\Downloads\Unconfirmed 777177.crdownload

MD5 de8d08a3018dfe8fd04ed525d30bb612
SHA1 a65d97c20e777d04fb4f3c465b82e8c456edba24
SHA256 2ae0c4a5f1fedf964e2f8a486bf0ee5d1816aac30c889458a9ac113d13b50ceb
SHA512 cc4bbf71024732addda3a30a511ce33ce41cbed2d507dfc7391e8367ddf9a5c4906a57bf8310e3f6535646f6d365835c7e49b95584d1114faf2738dcb1eb451a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 55ff6917731530a6c3fb9e11c1e32075
SHA1 64ad15776852f1ab5d3b7336865a03d34608f193
SHA256 40f0ad7b9f148322cb2bb294e25776a7e1c801c0833832c3c010fcfdd4452d9a
SHA512 b6d016a4e00294a65fbb7ecc0079a3d7c53afc3f3d2764fff836623eb84d6276c4394faea49dcca9e1a66508698d251d1d8a36c4ec0fab23283d9b8058bd8ad9

memory/6336-19203-0x0000000001000000-0x0000000001026000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 91dfb6753c9bf598d30d45a74ec7deda
SHA1 73831029319ad9d8790b46bca7deceda545904d0
SHA256 335f5ed29f0fa2cebd0a032ed0bdf7aa5e0290581c4b27e8f6a88e8ee88e87a3
SHA512 5188e6f400fef42bc5a762c58067bdf47a2d83cd185915fd3c1a7e3a5b17f5d5f97653c52bb1fb1be3d5395635c87e1dfa9a7aa2453f567056d0bc58ede78865

C:\Users\Admin\Downloads\Unconfirmed 905278.crdownload

MD5 30cdab5cf1d607ee7b34f44ab38e9190
SHA1 d4823f90d14eba0801653e8c970f47d54f655d36
SHA256 1517527c1d705a6ebc6ec9194aa95459e875ac3902a9f4aab3bf24b6a6f8407f
SHA512 b465f3b734beaea3951ff57759f13971649b549fafca71342b52d7e74949e152c0fbafe2df40354fc00b5dc8c767f3f5c6940e4ba308888e4395d8fd21e402b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 7478f4e70f3630e6b7bbcabae3678df3
SHA1 e95048e8047411f0d8510ec23b23f560843e476f
SHA256 640e2bb5fe73b61e33a726160ae08f4972a8bcb3cd91c4b251ad76776d75332e
SHA512 618e39f8451faf4ae9295b0bc5aeadbc2c1ef2a42b5742795a29316c95ae37bb7883654146764f0ec5441f03c58429f406b50b8b2acdb19dea93fbb80a393e0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\1f9c8891-97f1-494e-9b22-0db8879be3bf.dmp

MD5 b58d52fced249234ff1f341b09a97997
SHA1 99321baa3a0cde588452ba1e0a555ecc441fb65f
SHA256 65625626c2247f8ca184f0c3e2c4b566cce30136187bda9735908e6309bdae57
SHA512 4db12ea48d512cc34408c8fc863bebe2e8a96185ffeab52e59341d279320fda2f3da8b26d1c8d4bfbb66ff3f4132f7d2fa09eb67dc26e17d0bfddad25e534485

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 55f90365d0935ddc58c490b0feb34e4e
SHA1 982bbcfd466b66dba7546ca9dcafb91b9526a802
SHA256 8bdda8045918b23d2ac440fdcb4f3989127c66c31d584b318b99fa79d8b9fd80
SHA512 07a6da555a3b52352449a17cec052037953ce8c3838e6d25be03065b8ba5d3cc0c9b08a215dba61fd4fa81b4ca586987898d7f21dfc5d8a05f49caae1e14fe59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 cdf5e254112c7453a6709bf9a95bd07c
SHA1 d6fcdada5c74a8ce17f666b2b4f048d3d196e963
SHA256 e75a9e375e4559444362aea1396e7b659364638280dcfa66c00b0fe0edb0708a
SHA512 ab2d8359fe2d9090d9d7d9adcf8b6f1120d969b40a8803f739fa9a454dee4a6c1ac267d21aa0275fd869045f5c783a7dbc3071f6dfceaee6d765e7a9daa2ef90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dc82ab2792840676fc33b0cce767e01b
SHA1 5ec7f99781b62382d2ee7e9d2b33b47064022367
SHA256 2eee89d8d251370c6d66f0468cbda4653a335dc1232c8b2e813884781c76ceb2
SHA512 6aca6dede16a81c58d93aaaf63a9eef83c0c3481c578dac4c8f35609b087fde3d3f105bccf38fe9f5570f455ed2d496cbbdc50345d8d71d43afea976eef31d76